PC-HELP.CZ

Postoval jsem log už do tématu ve Vše ostatní (sw), ale nějak to tam zapadlo, tak ještě jednou tady:

Zdravím, zničehonic se mi většina textů ve firefoxu zobrazují tučně, nic jsem vědomě nenastavil, jedině jestli jsem omylem stiskl nějakou klávesovou zkratku, ale o tom pochybuji... poté jsem si všiml, že stejný problém je i v IE - s tím rozdílem, že tam je prozměnu vše kurzívou... nevíte někdo co s tím? žádný virus mi avast nenašel...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:39, on 22.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NetCentrum\Notifikator\Notifikator.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Centrum.cz Notifikátor] "C:\Program Files\NetCentrum\Notifikator\Notifikator.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3349411609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3349401625
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - http://www.fbhost-tv.com/UKooPlayer.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5822 bytes

Zeby malware? No uvidime :)

1) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.


2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.

Děkuju za pomoc,
ten DDS mi nějak nefunguje, stáhne se mi jen dosovej zástupce a při spuštění hlásí Systém nemůže nalézt uvedený soubor.

Ten druhý program jde, ale trvá moc dlouho a musím zmizet, takže postnu log až se dostanu zase k tomuhle PC. :)

Miesto DDS pouzi RSIT:
Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

Tak jsem konečně u PC :)

log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jakubisko at 2009-09-27 11:26:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (28%) free of 38 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:04, on 27.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\NetCentrum\Notifikator\Notifikator.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jakubisko\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jakubisko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Centrum.cz Notifikátor] "C:\Program Files\NetCentrum\Notifikator\Notifikator.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3349411609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3349401625
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - http://www.fbhost-tv.com/UKooPlayer.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5950 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-05-25 6746112]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Centrum.cz Notifikátor"=C:\Program Files\NetCentrum\Notifikator\Notifikator.exe [2007-10-25 606720]
"Steam"=c:\program files\steam\steam.exe [2009-09-02 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-09-27 11:26:58 ----D---- C:\rsit
2009-09-24 16:44:57 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\Malwarebytes
2009-09-24 16:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-24 16:44:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-09-22 18:53:21 ----D---- C:\Program Files\Trend Micro
2009-09-21 12:46:29 ----SHD---- C:\Config.Msi
2009-09-20 22:06:46 ----D---- C:\Program Files\SDP Downloader
2009-09-16 00:47:45 ----D---- C:\PIRATES
2009-09-02 15:32:58 ----D---- C:\Program Files\Easy Video Splitter
2009-09-02 00:30:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sports Interactive
2009-09-02 00:30:09 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-09-02 00:30:09 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-09-02 00:30:08 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-09-02 00:30:07 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-09-02 00:30:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-09-02 00:30:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-09-02 00:30:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-09-02 00:30:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-09-02 00:30:04 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-09-02 00:30:04 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-09-02 00:30:03 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-09-02 00:30:03 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-09-02 00:30:01 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-09-02 00:30:00 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-09-02 00:30:00 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-09-02 00:29:59 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-09-02 00:29:58 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-09-02 00:29:57 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-09-02 00:29:57 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-09-02 00:29:55 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-09-02 00:29:55 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-09-02 00:29:54 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-09-02 00:29:54 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-09-02 00:29:50 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-09-02 00:29:44 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-09-02 00:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-09-02 00:29:38 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-09-02 00:29:37 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-09-02 00:29:36 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-09-02 00:29:36 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-09-02 00:29:34 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-09-02 00:29:33 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-09-02 00:28:46 ----D---- C:\WINDOWS\Logs
2009-09-02 00:10:51 ----D---- C:\Program Files\Steam
2009-09-01 23:32:34 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-09-01 23:32:32 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-09-01 23:32:30 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-08-10 22:34:36 ----D---- C:\windows XP ultimate 2008
2009-07-29 18:51:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 11:33:26 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\Mchid
2009-07-29 11:33:26 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\Livestation
2009-07-29 11:32:54 ----D---- C:\Program Files\OpenAL
2009-07-29 11:32:54 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-07-29 11:32:54 ----A---- C:\WINDOWS\system32\OpenAL32.dll

======List of files/folders modified in the last 3 months======

2009-09-27 11:26:53 ----D---- C:\WINDOWS\Prefetch
2009-09-27 11:24:03 ----D---- C:\Program Files\Mozilla Firefox
2009-09-27 11:22:47 ----D---- C:\WINDOWS\Temp
2009-09-27 11:20:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-24 17:50:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-24 16:44:51 ----D---- C:\WINDOWS\system32\drivers
2009-09-24 16:44:49 ----D---- C:\Program Files
2009-09-24 16:39:46 ----D---- C:\Program Files\Trillian
2009-09-23 17:37:24 ----D---- C:\WINDOWS
2009-09-21 13:17:35 ----SHD---- C:\WINDOWS\Installer
2009-09-20 22:06:19 ----D---- C:\WINDOWS\system32
2009-09-15 22:45:16 ----D---- C:\Program Files\Google
2009-09-07 19:30:34 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\OpenOffice.org2
2009-09-02 00:31:22 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\Sports Interactive
2009-09-02 00:30:12 ----D---- C:\WINDOWS\system32\DirectX
2009-09-02 00:30:09 ----HD---- C:\WINDOWS\inf
2009-09-02 00:10:36 ----D---- C:\Program Files\Sports Interactive
2009-09-02 00:07:32 ----D---- C:\Program Files\Microsoft Games
2009-09-02 00:06:59 ----D---- C:\Program Files\Gabest
2009-09-02 00:06:46 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-09-02 00:06:23 ----D---- C:\Program Files\Total Video Converter
2009-09-02 00:06:03 ----D---- C:\Program Files\Scorpions WinCheater
2009-09-02 00:00:23 ----D---- C:\WINDOWS\WinSxS
2009-09-02 00:00:19 ----D---- C:\Program Files\Common Files
2009-09-01 23:58:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-01 23:53:53 ----D---- C:\Program Files\Common Files\AOL
2009-09-01 23:51:17 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\FMZilla
2009-09-01 23:48:47 ----D---- C:\Documents and Settings\Jakubisko\Data aplikací\Vso
2009-09-01 23:48:47 ----A---- C:\Documents and Settings\Jakubisko\Data aplikací\inst.exe
2009-09-01 23:47:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\AOL
2009-09-01 23:32:39 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-09-01 23:32:34 ----SD---- C:\WINDOWS\Tasks
2009-09-01 23:30:19 ----D---- C:\Soldat
2009-09-01 23:30:14 ----RSD---- C:\WINDOWS\Fonts
2009-08-31 22:23:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-08-30 22:57:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-30 09:01:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-30 08:58:23 ----D---- C:\Program Files\Xvid
2009-07-30 08:58:23 ----D---- C:\Program Files\Windows Media Player
2009-07-30 08:58:23 ----D---- C:\Program Files\Codec Pack - All In 1
2009-07-30 08:58:22 ----D---- C:\Program Files\DivX
2009-07-30 08:58:21 ----D---- C:\Program Files\Movie Maker
2009-07-30 08:58:21 ----D---- C:\Program Files\Messenger
2009-07-30 08:58:18 ----D---- C:\Program Files\mIRC
2009-07-30 08:58:17 ----D---- C:\Program Files\TVUPlayer
2009-07-30 08:58:16 ----D---- C:\Program Files\TmNationsForever
2009-07-30 08:58:15 ----D---- C:\Program Files\ABC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-10-26 223128]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-16 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-05-25 3193536]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 CamdDriverV32;CamdDriverV32; C:\WINDOWS\system32\drivers\CamdDriverV32.sys [2007-11-23 515200]
S3 CamdVideo32;CamdVideo32; C:\WINDOWS\system32\DRIVERS\CamdVideo32.sys [2007-11-23 3768]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\DOCUME~1\JAKUBI~1\LOCALS~1\Temp\Rar$EX00.796\kerneld.wnt []
S3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-09 47360]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-05-25 127042]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-09-01 604416]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-06-24 331776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe [2007-02-27 123064]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe [2007-02-27 1204416]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-09-01 361216]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

log z MBAM:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2854
Windows 5.1.2600 Service Pack 2

27.9.2009 11:19:48
mbam-log-2009-09-27 (11-19-48).txt

Typ kontroly: Kompletní kontrola (C:\|E:\|)
Zkontrolované objekty: 212072
Uplynulý čas: 1 hour(s), 33 minute(s), 3 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Jakubisko\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Mne tie logy pridu OK, ale mozme sa na to pozriet aj o cosi lepsie:

1) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


2) Stiahni GooredFix na plochu. Spust -> "OK". Vytvori sa log, ten posli.


3) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

Děkuju moc za snahu a zájem :) Tady jsou všechny tři logy:

ComboFix

ComboFix 09-09-25.01 - Jakubisko 27.09.2009 19:49.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1658 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jakubisko\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090926-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\windows\system32\logs
c:\windows\UA000080.DLL

c:\windows\system32\drivers\null.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\null.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-27 do 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 17:52 . 2001-10-25 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys
2009-09-27 17:52 . 2001-10-25 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys
2009-09-27 09:26 . 2009-09-27 09:27 -------- d-----w- C:\rsit
2009-09-24 14:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 14:44 . 2009-09-24 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 14:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 16:53 . 2009-09-22 16:53 -------- d-----w- c:\program files\Trend Micro
2009-09-20 20:06 . 2009-09-20 20:06 -------- d-----w- c:\program files\SDP Downloader
2009-09-15 22:47 . 2009-09-15 22:50 -------- d-----w- C:\PIRATES
2009-09-02 13:32 . 2009-09-02 13:32 -------- d-----w- c:\program files\Easy Video Splitter
2009-09-01 22:29 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-09-01 22:28 . 2009-09-01 22:28 -------- d-----w- c:\windows\Logs
2009-09-01 22:10 . 2009-09-27 09:21 -------- d-----w- c:\program files\Steam
2009-09-01 21:32 . 2009-09-01 21:32 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-01 21:32 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-01 21:32 . 2009-09-01 21:32 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 17:41 . 2007-10-25 21:35 -------- d-----w- c:\program files\Trillian
2009-09-15 20:45 . 2007-12-15 21:59 -------- d-----w- c:\program files\Google
2009-09-01 22:10 . 2007-10-25 23:20 -------- d-----w- c:\program files\Sports Interactive
2009-09-01 22:07 . 2009-01-17 20:29 -------- d-----w- c:\program files\Microsoft Games
2009-09-01 22:06 . 2008-11-09 16:02 -------- d-----w- c:\program files\Gabest
2009-09-01 22:06 . 2009-04-08 13:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-01 22:06 . 2008-03-01 20:32 -------- d-----w- c:\program files\Total Video Converter
2009-09-01 22:06 . 2008-01-01 17:11 -------- d-----w- c:\program files\Scorpions WinCheater
2009-09-01 21:58 . 2007-10-25 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 21:53 . 2009-01-24 19:39 -------- d-----w- c:\program files\Common Files\AOL
2009-09-01 21:32 . 2009-01-20 21:15 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-17 16:10 . 2007-10-25 21:00 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-10-25 21:00 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-10-25 21:00 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-05 13:15 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-05 13:15 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-10-25 21:00 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-10-25 21:00 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-10-25 21:00 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-10-25 21:00 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-07-30 06:58 . 2008-11-09 16:02 -------- d-----w- c:\program files\Xvid
2009-07-30 06:58 . 2007-10-26 09:55 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-30 06:58 . 2008-01-28 06:26 -------- d-----w- c:\program files\DivX
2009-07-30 06:58 . 2008-06-17 20:14 -------- d-----w- c:\program files\mIRC
2009-07-30 06:58 . 2008-09-06 17:59 -------- d-----w- c:\program files\TVUPlayer
2009-07-30 06:58 . 2009-03-21 18:44 -------- d-----w- c:\program files\TmNationsForever
2009-07-30 06:58 . 2008-03-08 11:11 -------- d-----w- c:\program files\ABC
2009-07-29 09:32 . 2009-07-29 09:32 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-29 09:32 . 2009-07-29 09:32 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.

------- Sigcheck -------

[7] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Centrum.cz Notifikátor"="c:\program files\NetCentrum\Notifikator\Notifikator.exe" [2007-10-25 606720]
"Steam"="c:\program files\steam\steam.exe" [2009-09-01 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-05-25 6746112]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_SAA.tmp" /EF "HKCU"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.1.2009 20:20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.4.2008 15:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 15:15 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1.9.2009 23:32 604416]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [18.5.2008 11:25 6016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1028432]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [10.10.2008 16:06 16269]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [4.12.2007 17:53 515200]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [4.12.2007 17:53 3768]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\JAKUBI~1\LOCALS~1\Temp\Rar$EX00.796\kerneld.wnt --> c:\docume~1\JAKUBI~1\LOCALS~1\Temp\Rar$EX00.796\kerneld.wnt [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:20]

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jakubisko\Data aplikací\Mozilla\Firefox\Profiles\v3r5h2l0.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 19:54
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\docume~1\JAKUBI~1\LOCALS~1\Temp\Rar$EX00.796\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2009-09-27 19:56
ComboFix-quarantined-files.txt 2009-09-27 17:55

Před spuštěním: Volných bajtů: 11 263 668 224
Po spuštění: Volných bajtů: 11 983 536 128

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

190 --- E O F --- 2008-05-14 22:23


GooredFix

GooredFix by jpshortstuff (24.09.09.1)
Log created at 20:07 on 27/09/2009 (Jakubisko)
Firefox version 3.5.3 (cs)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:23 21/09/2009]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [07:29 20/04/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-


RootRepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/27 20:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000050
Image Path: \Driver\00000050
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7BB9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5C34000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749eb30

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c356b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c35574

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749e6f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c35a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c3514c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7508c22

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7508f9a

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749e470

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c3564e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c3508c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c350f0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749ec50

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf7509064

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c3576e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c3572e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb7c358ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749e990

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749e8d0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\drivers\wpsdrvnt.sys" at address 0xf749ed60

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89c015d0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x89707dd0 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_READ]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_WRITE]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_CLEANUP]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: sys, IRP_MJ_PNP]
Process: System Address: 0x894a10e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x898660e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x898a90e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x89c01808 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89c01c78 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89c01eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8976c0e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x895808d0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x895242a0 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_CREATE]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_CLOSE]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_READ]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_WRITE]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_CLEANUP]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Npfsȅఐ偶瑲
, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8952d508 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_CREATE]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_CLOSE]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_READ]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_WRITE]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_CLEANUP]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x896af0e8 Size: 15

Object: Hidden Code [Driver: Msfsȅః瑎て, IRP_MJ_SET_SECURITY]
Process: System Address: 0x896af0e8 Size: 15

==EOF==

Mal si v minulosti nejaky vaznejsi problem s virom na danom PC? Resp. odstranoval si cosi?
Chybal ti systemovy subor, ktory zvykne byt castou obetou smejdov (jednoducho ho patchnu) a pri neodbornom odstranovani sa moze stat, ze sa zmaze. CF ho ale pravdepodobne nahradil, mrkneme sa este nato:

Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:


Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.

No, nějakej ten trojan nebo spyware jsem občas měl, ale nic s čím bych bojoval dlouho - vzpomenu si snad jen na WIN32:Bredo, ten mi dal trochu zabrat, ale nakonec jsem ho s avastem odstranil... (info o tom viru tady: http://forum.avast.com/index.php?topic=48256.0 )


log je tu:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:15 on 27/09/2009 by Jakubisko (Administrator - Elevation successful)

========== filefind ==========

Searching for "null.sys"
C:\WINDOWS\ERDNT\cache\null.sys --a--- 2944 bytes [17:54 27/09/2009] [12:00 25/10/2001] 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\system32\dllcache\null.sys --a--c 2944 bytes [17:52 27/09/2009] [12:00 25/10/2001] 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\system32\drivers\null.sys ------ 2944 bytes [17:52 27/09/2009] [12:00 25/10/2001] 73C1E1F395918BC2C6DD67AF7591A3AD

-=End Of File=-

Este prebehni masinou MWAV:

Stiahni MWAV. Spust ho a riad sa instrukciami. Aktualizuj ho a nastav parametre.

Po scane skopiruj log zo spodneho okna.

Noo tak tady se asi nějaký poklady našly:

Objekt "MediaAdVantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.NetScreenWatch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "XP Antispyware 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "TitanShield Antispyware Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\Instalačky\bsplayer223.953_clip.exe je infikovaný virem Adware.SaveNow.FN (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\Instalačky\AGE_CRK.ZIP je infikovaný virem Trojan.Generic.1813538 (DB) !! Provedené akce: Ponecháno, neodstraněno!.

1) Tieto 2 subory zmaz stlacenim Shift+Del:



2) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /u

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

3) Vloz log z HJT.

V pripade nezrovnalosti sa tu nachadza navod.