PC-HELP.CZ

Prosím o kontrolu logu,Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:29, on 3.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\outinst.exe
C:\Program Files\Em-date.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\QIP Infium JadrisPack\infium.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OutlookFriend] outinst.exe
O4 - HKLM\..\Run: [EM-DATE] C:\Program Files\Em-date.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3436129549
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8415812154
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9df3897dbb800) (gupdate1c9df3897dbb800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6568 bytes

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

To udelam,ale mam jeste jeden problem.Kdyz spustim CCleaner tak se zastavi u souboru WINDOWS/MEMORY.DMP a dal neprejde k dalsimu mazani

Pokud máš nastaveno při selhání zapsání Ladících informací, budou v tom souboru a ten soubor nepůjde odstranit, je nastavením chráněný proti smazání.
Musel by si změnit nastavení, nebo ho dát do vyjímek (pokud to jde).
Udělej ten MbAM.

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 5.1.2600 Service Pack 2

4.10.2009 14:38:30
mbam-log-2009-10-04 (14-38-25).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 94877
Uplynulý čas: 8 minute(s), 24 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Ale ten CCleaner fungoval

Možná pomůže reinstal CCleaneru nebo snížit počet mazání.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Sken z MbAM nemam,protoze po provedeni mazani se PC restartovalo.Log z Combofixu je tady

ComboFix 09-10-04.01 - Miroslav 04.10.2009 20:56.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.320 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslav\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miroslav\Data aplikací\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Miroslav\Data aplikací\Microsoft\Clip Organizer\Offic10.MGC

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-04 do 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 09:00 . 2009-10-04 09:00 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-04 08:20 . 1996-12-04 23:00 77824 ----a-w- c:\windows\system32\ODBCTL32.dll
2009-10-04 08:20 . 1996-12-04 23:00 290816 ----a-w- c:\windows\system32\MSXBSE35.DLL
2009-10-04 08:20 . 2004-11-05 14:40 78608 ----a-w- c:\windows\system32\VB5DB.dll
2009-10-04 08:20 . 2004-09-22 19:57 407312 ----a-w- c:\windows\system32\MsRepl35.dll
2009-10-04 08:20 . 1996-12-04 23:00 251664 ----a-w- c:\windows\system32\MSRD2x35.dll
2009-10-04 08:20 . 1999-09-10 02:00 1045776 ----a-w- c:\windows\system32\MSJet35.dll
2009-10-04 08:19 . 1997-01-12 23:00 37136 ----a-w- c:\windows\system32\MSJInt35.dll
2009-10-04 08:19 . 2009-10-04 08:19 -------- d-----w- c:\program files\KROB software
2009-10-04 08:19 . 1996-12-04 23:00 24336 ----a-w- c:\windows\system32\MSJtEr35.dll
2009-10-03 13:27 . 2006-08-21 12:27 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2009-10-03 13:27 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2009-10-03 13:27 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2009-10-03 12:04 . 2009-10-03 12:04 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:57 . 2009-10-03 10:57 -------- d-----w- c:\program files\UberIcon
2009-10-03 08:26 . 2009-10-03 08:26 -------- d-----w- c:\program files\ESET
2009-10-03 07:09 . 2009-10-03 07:14 5329 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-10-03 06:48 . 2009-10-03 06:52 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-10-02 20:55 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-02 20:53 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-02 20:53 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-02 20:51 . 2009-06-05 07:46 657920 -c--a-w- c:\windows\system32\dllcache\mstscax.dll
2009-10-02 20:43 . 2009-10-02 20:43 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-02 20:36 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-02 20:35 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-02 20:32 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-02 20:32 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-02 20:32 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-02 20:32 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-02 20:32 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-02 20:32 . 2009-02-09 11:52 2343808 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-02 20:32 . 2009-02-09 11:52 2221056 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-02 20:32 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-02 20:32 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-02 20:32 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-02 20:31 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-02 20:31 . 2008-09-04 16:46 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-02 20:31 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-02 18:34 . 2001-10-25 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm87w.dll
2009-10-02 18:34 . 2001-10-25 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm81w.dll
2009-10-02 18:34 . 2001-10-25 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-10-02 18:34 . 2001-10-25 12:00 26112 -c--a-w- c:\windows\system32\dllcache\sm8aw.dll
2009-10-02 18:34 . 2001-10-25 12:00 26112 -c--a-w- c:\windows\system32\dllcache\sm89w.dll
2009-10-02 18:34 . 2001-10-25 12:00 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2009-10-02 18:34 . 2001-10-25 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2009-10-02 18:31 . 2004-08-17 13:49 372736 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2009-10-02 18:30 . 2004-08-17 13:49 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2009-10-02 18:30 . 2003-03-24 13:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2009-10-02 18:30 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2009-10-02 18:30 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2009-10-02 18:30 . 2004-08-17 13:49 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2009-10-02 18:30 . 2004-08-17 13:49 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-10-02 18:30 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2009-10-02 18:30 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2009-10-02 17:40 . 2004-08-17 13:49 153088 ----a-w- c:\windows\system32\irftp.exe
2009-10-02 17:40 . 2004-08-17 13:49 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-10-02 17:40 . 2004-08-17 13:49 26624 ----a-w- c:\windows\system32\irmon.dll
2009-10-02 17:40 . 2004-08-03 21:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2009-10-02 17:31 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-10-02 17:29 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-10-02 17:22 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-02 17:22 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-02 16:30 . 2001-10-25 12:00 37888 ----a-w- c:\windows\system32\irclass.dll
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\l2schemas
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\system32\cs
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\system32\bits
2009-10-01 19:00 . 2004-08-03 20:41 1041536 ----a-w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-01 19:00 . 2004-08-03 20:41 685056 ----a-w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-01 19:00 . 2004-08-03 20:41 220032 ----a-w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-09-20 12:56 . 2009-09-20 12:56 -------- d-----w- c:\program files\MSXML 4.0
2009-09-19 13:49 . 2002-02-04 02:43 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-09-19 13:49 . 2001-08-18 06:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-13 06:41 . 2009-09-13 06:41 -------- d-----w- c:\windows\system32\VIRepair
2009-09-13 06:29 . 2009-09-13 06:29 -------- d-----w- c:\program files\stardock
2009-09-13 06:23 . 2009-09-09 19:19 146412 ----a-w- c:\windows\system32\vilaunch.exe
2009-09-13 06:15 . 2009-09-13 06:44 -------- d-----w- c:\windows\system32\VITrans
2009-09-13 06:15 . 2006-12-03 15:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2009-09-13 06:15 . 2006-12-03 15:15 19968 ----a-w- c:\windows\system32\reico.exe
2009-09-13 06:15 . 2006-12-03 15:14 8636 ----a-w- c:\windows\system32\modifype.exe
2009-09-13 06:15 . 2006-12-03 15:15 69632 ----a-w- c:\windows\system32\moveex.exe
2009-09-13 06:15 . 2004-11-27 17:00 94208 ----a-w- c:\windows\system32\pskill.exe
2009-09-13 06:14 . 2009-03-23 15:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-09-12 08:40 . 2009-09-12 08:40 -------- d--h--w- c:\windows\PIF
2009-09-12 08:30 . 2009-09-12 08:35 -------- d-----w- c:\program files\everestultimate500
2009-09-11 19:08 . 2009-10-03 07:14 63598 ----a-w- c:\windows\BricoPackUninst.cmd
2009-09-11 19:02 . 2009-10-03 07:08 -------- d-----w- c:\windows\BricoPacks
2009-09-06 10:57 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-09-06 10:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-09-06 10:57 . 2009-09-06 11:00 -------- d-----w- c:\program files\PDFCreator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 18:10 . 2009-05-27 16:17 -------- d-----w- c:\program files\CCleaner
2009-10-04 18:03 . 2009-05-26 22:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-04 17:55 . 2009-06-11 02:01 -------- d-----w- c:\program files\RapidDown
2009-10-04 12:22 . 2009-05-27 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 12:09 . 2009-05-27 19:51 -------- d-----w- c:\program files\Uloz.to Uploader
2009-10-04 11:14 . 2009-05-28 02:02 -------- d-----w- c:\program files\Google
2009-10-04 08:53 . 2009-05-26 21:47 -------- d-----w- c:\program files\microsoft frontpage
2009-10-04 08:16 . 2009-08-13 19:33 798 ----a-w- c:\windows\unins000.dat
2009-10-03 16:03 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-03 16:03 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-03 06:48 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-02 19:21 . 2009-05-27 16:39 -------- d-----w- c:\program files\SuperCleaner
2009-10-02 17:56 . 2009-05-26 21:41 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-10 12:54 . 2009-05-27 17:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-05-27 17:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:04 . 2009-05-27 17:22 -------- d-----w- c:\program files\MyPhoneExplorer
2009-09-04 02:06 . 2009-09-04 02:06 39424 ----a-w- c:\windows\zipinst.exe
2009-08-25 19:33 . 2009-07-13 14:56 -------- d-----w- c:\program files\Recepty doma
2009-08-22 09:02 . 2009-08-22 09:00 -------- d-----w- c:\program files\TinyTalk
2009-08-20 19:40 . 2009-08-20 19:40 -------- d-----w- c:\program files\ConvertHelper
2009-08-12 22:03 . 2009-08-12 22:03 191488 ----a-w- c:\windows\system32\hlvdd.dll
2009-08-12 21:36 . 2009-08-12 21:36 501760 ----a-w- c:\windows\system32\Deutz Engine.exe
2009-08-12 07:11 . 2009-08-12 07:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 06:42 . 2009-08-12 06:42 -------- d-----w- c:\program files\Edisk
2009-08-06 17:24 . 2009-05-26 21:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-05-26 21:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-05-27 14:57 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-05-26 21:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2009-05-26 21:43 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-17 13:49 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-05-26 21:43 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-07-24 15:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2009-05-26 21:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2008-10-16 12:07 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:07 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-10-25 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:57 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 13:19 . 2009-07-12 13:19 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2002-12-27 14:15 . 2009-05-27 02:18 104960 ----a-w- c:\program files\Em-date.exe
.

------- Sigcheck -------

[-] 2009-07-19 . D6DA6137433E02999C1229DC692250CD . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\mshtml.dll
[-] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\mshtml.dll
[-] 2009-05-13 . 53FF3AE6C6C6F7888E845C6A755D5C09 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . 3BABDB8AAEED25E0EFE23561C1A2BCE1 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . 609C33496A0304480853A1DC3B2DE25B . 6265344 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-03-08 . 1FA96398CE69CBC00CCAF295BC1B2B82 . 6210560 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll

[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . 387631383C01F2DF57DBB6882EDF23C5 . 2343808 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . 387631383C01F2DF57DBB6882EDF23C5 . 2343808 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ntoskrnl.exe
[7] 2006-12-19 . 1414C27CCDB54974C1C51D4236FC6FF1 . 2184192 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntoskrnl.exe
[-] 2004-08-17 . 400FFE8B2F1EC725B9107488A9E0FA60 . 2344320 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\wininet.dll
[-] 2009-07-03 . FCD887F2BA15CD8D95F8D70766D42739 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\wininet.dll
[-] 2009-05-13 . 0C20BF283DE5BA50060240383B8AA41C . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 9122013C5668D967C4AE7F52252898DE . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . 97C2DC4A0C6F8068424A6CED25983006 . 981504 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . AA13D893D04EDE7E00CD54E2584463A3 . 2221056 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . AA13D893D04EDE7E00CD54E2584463A3 . 2221056 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ntkrnlpa.exe
[7] 2006-12-19 . C709E82BC1566DACB28173C64E370E49 . 2061568 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntkrnlpa.exe
[-] 2004-08-17 . 4D81C816786CF0C9EAFB2E8CB1728602 . 2220160 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM-DATE"="c:\program files\Em-date.exe" [2002-12-27 104960]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutlookFriend"="outinst.exe" - c:\windows\system32\outinst.exe [2005-02-25 29184]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2006-03-09 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 40448]

c:\documents and settings\Miroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-25 262144]

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^TransBar.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^Y'z Shadow.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
S2 gupdate1c9df3897dbb800;Služba Google Update (gupdate1c9df3897dbb800);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 4:04 133104]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]
S3 uir1100a;UIR1100A;c:\windows\system32\drivers\uir1100a.sys [27.5.2009 21:07 31048]
.
Obsah adresáře 'Naplánované úlohy'

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:03]

2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{13D4C0A0-2795-4322-AB84-513AD42D4A6F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2009-09-28 c:\windows\Tasks\WebReg Deskjet 3900 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miroslav\Data aplikací\Mozilla\Firefox\Profiles\zunq3i04.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\Miroslav\Data aplikací\Mozilla\Firefox\Profiles\zunq3i04.default\extensions\{86563ed0-c0a2-44fb-9299-83be6e48ffbd}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 21:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2009-10-04 21:07
ComboFix-quarantined-files.txt 2009-10-04 19:07

Před spuštěním: 4 004 405 248
Po spuštění: 3 995 217 920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
318 --- E O F --- 2009-10-03 13:43

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\zipinst.exe
c:\windows\system32\Deutz Engine.exe
c:\program files\Em-date.exe
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=

File::
c:\windows\system32\emptyregdb.dat




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

http://www.virustotal.com/cs/analisis/d ... 1253881934
http://www.virustotal.com/cs/analisis/8 ... 1254359020
http://www.virustotal.com/cs/analisis/f ... 1242920282

To EM-Date je datumovka s hodinama

c:\windows\zipinst.exe ještě jednou. A zkontroluj si i hlavičku tabulky.

ComboFix 09-10-04.01 - Miroslav 04.10.2009 22:10.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.395 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miroslav\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\emptyregdb.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\emptyregdb.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-04 do 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 09:00 . 2009-10-04 09:00 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-04 08:20 . 1996-12-04 23:00 77824 ----a-w- c:\windows\system32\ODBCTL32.dll
2009-10-04 08:20 . 1996-12-04 23:00 290816 ----a-w- c:\windows\system32\MSXBSE35.DLL
2009-10-04 08:20 . 2004-11-05 14:40 78608 ----a-w- c:\windows\system32\VB5DB.dll
2009-10-04 08:20 . 2004-09-22 19:57 407312 ----a-w- c:\windows\system32\MsRepl35.dll
2009-10-04 08:20 . 1996-12-04 23:00 251664 ----a-w- c:\windows\system32\MSRD2x35.dll
2009-10-04 08:20 . 1999-09-10 02:00 1045776 ----a-w- c:\windows\system32\MSJet35.dll
2009-10-04 08:19 . 1997-01-12 23:00 37136 ----a-w- c:\windows\system32\MSJInt35.dll
2009-10-04 08:19 . 2009-10-04 08:19 -------- d-----w- c:\program files\KROB software
2009-10-04 08:19 . 1996-12-04 23:00 24336 ----a-w- c:\windows\system32\MSJtEr35.dll
2009-10-03 13:27 . 2006-08-21 12:27 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2009-10-03 13:27 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2009-10-03 13:27 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2009-10-03 12:04 . 2009-10-03 12:04 -------- d-----w- c:\program files\Trend Micro
2009-10-03 10:57 . 2009-10-03 10:57 -------- d-----w- c:\program files\UberIcon
2009-10-03 08:26 . 2009-10-03 08:26 -------- d-----w- c:\program files\ESET
2009-10-03 07:09 . 2009-10-03 07:14 5329 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-10-03 06:48 . 2009-10-03 06:52 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-10-02 20:55 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-02 20:53 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-02 20:53 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-02 20:51 . 2009-06-05 07:46 657920 -c--a-w- c:\windows\system32\dllcache\mstscax.dll
2009-10-02 20:43 . 2009-10-02 20:43 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-02 20:36 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-02 20:35 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-02 20:32 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-02 20:32 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-02 20:32 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-02 20:32 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-02 20:32 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-02 20:32 . 2009-02-09 11:52 2343808 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-02 20:32 . 2009-02-09 11:52 2221056 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-02 20:32 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-02 20:32 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-02 20:32 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-02 20:31 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-02 20:31 . 2008-09-04 16:46 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-02 20:31 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-02 18:34 . 2001-10-25 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm87w.dll
2009-10-02 18:34 . 2001-10-25 12:00 30208 -c--a-w- c:\windows\system32\dllcache\sm81w.dll
2009-10-02 18:34 . 2001-10-25 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-10-02 18:34 . 2001-10-25 12:00 26112 -c--a-w- c:\windows\system32\dllcache\sm8aw.dll
2009-10-02 18:34 . 2001-10-25 12:00 26112 -c--a-w- c:\windows\system32\dllcache\sm89w.dll
2009-10-02 18:34 . 2001-10-25 12:00 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2009-10-02 18:34 . 2001-10-25 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2009-10-02 18:31 . 2004-08-17 13:49 372736 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2009-10-02 18:30 . 2004-08-17 13:49 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2009-10-02 18:30 . 2003-03-24 13:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2009-10-02 18:30 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2009-10-02 18:30 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2009-10-02 18:30 . 2004-08-17 13:49 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2009-10-02 18:30 . 2004-08-17 13:49 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-10-02 18:30 . 2003-03-24 13:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2009-10-02 18:30 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2009-10-02 17:40 . 2004-08-17 13:49 153088 ----a-w- c:\windows\system32\irftp.exe
2009-10-02 17:40 . 2004-08-17 13:49 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-10-02 17:40 . 2004-08-17 13:49 26624 ----a-w- c:\windows\system32\irmon.dll
2009-10-02 17:40 . 2004-08-03 21:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2009-10-02 17:31 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-10-02 17:29 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-10-02 17:22 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-02 17:22 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-02 16:30 . 2001-10-25 12:00 37888 ----a-w- c:\windows\system32\irclass.dll
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\l2schemas
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\system32\cs
2009-10-01 20:19 . 2009-10-01 20:19 -------- d-----w- c:\windows\system32\bits
2009-10-01 19:00 . 2004-08-03 20:41 1041536 ----a-w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-01 19:00 . 2004-08-03 20:41 685056 ----a-w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-01 19:00 . 2004-08-03 20:41 220032 ----a-w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-09-20 12:56 . 2009-09-20 12:56 -------- d-----w- c:\program files\MSXML 4.0
2009-09-19 13:49 . 2002-02-04 02:43 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-09-19 13:49 . 2001-08-18 06:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-13 06:41 . 2009-09-13 06:41 -------- d-----w- c:\windows\system32\VIRepair
2009-09-13 06:29 . 2009-09-13 06:29 -------- d-----w- c:\program files\stardock
2009-09-13 06:23 . 2009-09-09 19:19 146412 ----a-w- c:\windows\system32\vilaunch.exe
2009-09-13 06:15 . 2009-09-13 06:44 -------- d-----w- c:\windows\system32\VITrans
2009-09-13 06:15 . 2006-12-03 15:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2009-09-13 06:15 . 2006-12-03 15:15 19968 ----a-w- c:\windows\system32\reico.exe
2009-09-13 06:15 . 2006-12-03 15:14 8636 ----a-w- c:\windows\system32\modifype.exe
2009-09-13 06:15 . 2006-12-03 15:15 69632 ----a-w- c:\windows\system32\moveex.exe
2009-09-13 06:15 . 2004-11-27 17:00 94208 ----a-w- c:\windows\system32\pskill.exe
2009-09-13 06:14 . 2009-03-23 15:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-09-12 08:40 . 2009-09-12 08:40 -------- d--h--w- c:\windows\PIF
2009-09-12 08:30 . 2009-09-12 08:35 -------- d-----w- c:\program files\everestultimate500
2009-09-11 19:08 . 2009-10-03 07:14 63598 ----a-w- c:\windows\BricoPackUninst.cmd
2009-09-11 19:02 . 2009-10-03 07:08 -------- d-----w- c:\windows\BricoPacks
2009-09-06 10:57 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-09-06 10:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-09-06 10:57 . 2009-09-06 11:00 -------- d-----w- c:\program files\PDFCreator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:17 . 2009-05-26 22:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-04 18:10 . 2009-05-27 16:17 -------- d-----w- c:\program files\CCleaner
2009-10-04 17:55 . 2009-06-11 02:01 -------- d-----w- c:\program files\RapidDown
2009-10-04 12:22 . 2009-05-27 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 12:09 . 2009-05-27 19:51 -------- d-----w- c:\program files\Uloz.to Uploader
2009-10-04 11:14 . 2009-05-28 02:02 -------- d-----w- c:\program files\Google
2009-10-04 08:53 . 2009-05-26 21:47 -------- d-----w- c:\program files\microsoft frontpage
2009-10-04 08:16 . 2009-08-13 19:33 798 ----a-w- c:\windows\unins000.dat
2009-10-03 16:03 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-03 16:03 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-03 06:48 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-02 19:21 . 2009-05-27 16:39 -------- d-----w- c:\program files\SuperCleaner
2009-09-10 12:54 . 2009-05-27 17:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-05-27 17:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:04 . 2009-05-27 17:22 -------- d-----w- c:\program files\MyPhoneExplorer
2009-09-04 02:06 . 2009-09-04 02:06 39424 ----a-w- c:\windows\zipinst.exe
2009-08-25 19:33 . 2009-07-13 14:56 -------- d-----w- c:\program files\Recepty doma
2009-08-22 09:02 . 2009-08-22 09:00 -------- d-----w- c:\program files\TinyTalk
2009-08-20 19:40 . 2009-08-20 19:40 -------- d-----w- c:\program files\ConvertHelper
2009-08-12 22:03 . 2009-08-12 22:03 191488 ----a-w- c:\windows\system32\hlvdd.dll
2009-08-12 21:36 . 2009-08-12 21:36 501760 ----a-w- c:\windows\system32\Deutz Engine.exe
2009-08-12 07:11 . 2009-08-12 07:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 06:42 . 2009-08-12 06:42 -------- d-----w- c:\program files\Edisk
2009-08-06 17:24 . 2009-05-26 21:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-05-26 21:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-05-27 14:57 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-05-26 21:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2009-05-26 21:43 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-17 13:49 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-05-26 21:43 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-07-24 15:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2009-05-26 21:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2008-10-16 12:07 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:07 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-10-25 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:57 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 13:19 . 2009-07-12 13:19 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2002-12-27 14:15 . 2009-05-27 02:18 104960 ----a-w- c:\program files\Em-date.exe
.

------- Sigcheck -------

[-] 2009-07-19 . D6DA6137433E02999C1229DC692250CD . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\mshtml.dll
[-] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\mshtml.dll
[-] 2009-05-13 . 53FF3AE6C6C6F7888E845C6A755D5C09 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . 3BABDB8AAEED25E0EFE23561C1A2BCE1 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . 609C33496A0304480853A1DC3B2DE25B . 6265344 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-03-08 . 1FA96398CE69CBC00CCAF295BC1B2B82 . 6210560 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[-] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll

[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[7] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . 387631383C01F2DF57DBB6882EDF23C5 . 2343808 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . 387631383C01F2DF57DBB6882EDF23C5 . 2343808 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ntoskrnl.exe
[7] 2006-12-19 . 1414C27CCDB54974C1C51D4236FC6FF1 . 2184192 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntoskrnl.exe
[-] 2004-08-17 . 400FFE8B2F1EC725B9107488A9E0FA60 . 2344320 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\wininet.dll
[-] 2009-07-03 . FCD887F2BA15CD8D95F8D70766D42739 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\wininet.dll
[-] 2009-05-13 . 0C20BF283DE5BA50060240383B8AA41C . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 9122013C5668D967C4AE7F52252898DE . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . 97C2DC4A0C6F8068424A6CED25983006 . 981504 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[7] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . AA13D893D04EDE7E00CD54E2584463A3 . 2221056 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . AA13D893D04EDE7E00CD54E2584463A3 . 2221056 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ntkrnlpa.exe
[7] 2006-12-19 . C709E82BC1566DACB28173C64E370E49 . 2061568 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\ntkrnlpa.exe
[-] 2004-08-17 . 4D81C816786CF0C9EAFB2E8CB1728602 . 2220160 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM-DATE"="c:\program files\Em-date.exe" [2002-12-27 104960]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutlookFriend"="outinst.exe" - c:\windows\system32\outinst.exe [2005-02-25 29184]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2006-03-09 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 40448]

c:\documents and settings\Miroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-25 262144]

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^TransBar.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Miroslav^Nabídka Start^Programy^Po spuštění^Y'z Shadow.lnk]
path=c:\documents and settings\Miroslav\Nabídka Start\Programy\Po spuštění\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
S2 gupdate1c9df3897dbb800;Služba Google Update (gupdate1c9df3897dbb800);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 4:04 133104]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 14:54 52080]
S3 uir1100a;UIR1100A;c:\windows\system32\drivers\uir1100a.sys [27.5.2009 21:07 31048]
.
Obsah adresáře 'Naplánované úlohy'

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:03]

2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{13D4C0A0-2795-4322-AB84-513AD42D4A6F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2009-09-28 c:\windows\Tasks\WebReg Deskjet 3900 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miroslav\Data aplikací\Mozilla\Firefox\Profiles\zunq3i04.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\Miroslav\Data aplikací\Mozilla\Firefox\Profiles\zunq3i04.default\extensions\{86563ed0-c0a2-44fb-9299-83be6e48ffbd}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 22:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(2516)
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\outlfrnd.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-10-04 22:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-04 20:26
ComboFix2.txt 2009-10-04 19:07

Před spuštěním: 3 997 593 600
Po spuštění: 3 975 467 008

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
338 --- E O F --- 2009-10-03 13:43