PC-HELP.CZ

mwav
Datum vydání databáze: 06 Nov 2009
Verze virové databáze: 4481875

Invalid Entry DllName = appmgmts.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Action Taken: Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}.
** Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\System32\Drivers\dtscsi.sys (????)
** Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\system32\Drivers\sptd.sys (????)
Soubor C:\System Volume Information\_restore{77A73994-FC29-4688-B6BE-373814B4E168}\RP18\A0007444.exe je infikovaný virem Gen:Trojan.Heur.jG1@t9xzX2eiC (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{77A73994-FC29-4688-B6BE-373814B4E168}\RP18\A0007527.DLL je infikovaný virem Gen:Trojan.Heur.km4@@JW!Iop (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{77A73994-FC29-4688-B6BE-373814B4E168}\RP18\A0007529.dll je infikovaný virem Gen:Trojan.Heur.em4@@BEk7f (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{77A73994-FC29-4688-B6BE-373814B4E168}\RP18\A0007651.exe je infikovaný virem Gen:Trojan.Heur.DmZ@@JQS2qm (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{77A73994-FC29-4688-B6BE-373814B4E168}\RP31\A0024597.exe je infikovaný virem Gen:Trojan.Heur.jG1@t9xzX2eiC (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor I:\programy\sXeInjected.exe je infikovaný virem Adware.Generic.47911 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor I:\System Volume Information\_restore{A7F538C6-0694-4254-9EA9-E5A9508764B0}\RP22\A0007409.exe je infikovaný virem Adware.Generic.49717 (DB) !! Provedené akce: Ponecháno, neodstraněno!.


hijackthis
C:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Francek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Francek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - D:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "D:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] D:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [snp2uvc] D:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] D:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Startup Cleaner] D:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "D:\Documents and Settings\Francek\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Francek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP Infium\infium.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C948FAEC-5670-42EC-99C7-093D5D786C3D}: NameServer = 194.228.2.1,194.228.41.113
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c98f8cf18ccde0) (gupdate1c98f8cf18ccde0) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe


děkuji

Nazdar.

1) Stiahni CKScanner na plochu. Spust program dvojklikom na ikonu. Otvori sa okno, v nom klik na "Search For Files". Zacne scan, po jeho skonceni klikni na "Save List To File" -> "OK". Na ploche by sa mal objavit subor s nazvom CKFiles.txt, jeho obsah mi sem skopiruj.


2) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

DDS
DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Francek at 16:07:23,15 on p 20.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1535.1105 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\lg_fwupdate\fwupdate.exe
D:\WINDOWS\713xRMTMon.exe
D:\WINDOWS\vsnp2uvc.exe
D:\WINDOWS\tsnp2uvc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\A4Tech\Mouse\Amoumain.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Francek\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
D:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
D:\WINDOWS\713xRMT.exe
D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NetLimiter 2 Pro\NLClient.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
D:\Program Files\Steam\Steam.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uSearch Page = hxxp://search.qip.ru
uDefault_Page_URL = hxxp://search.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://search.qip.ru/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
uURLSearchHooks: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - d:\documents and settings\francek\data aplikací\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - d:\documents and settings\francek\data aplikací\microsoft\internet explorer\qipsearchbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - d:\documents and settings\francek\data aplikací\microsoft\internet explorer\qipsearchbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ukazatel S-Rank: {ea837f48-5ad1-443e-ae34-ffe03cbf3099} - d:\program files\seznam.cz\core.2.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Octoshape Streaming Services] "d:\documents and settings\francek\data aplikací\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Google Update] "d:\documents and settings\francek\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
mRun: [InCD] d:\program files\ahead\incd\InCD.exe
mRun: [LGODDFU] "d:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [TV Card Remote Control Device Monitor] d:\windows\713xRMTMon.exe
mRun: [snp2uvc] d:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] d:\windows\tsnp2uvc.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WheelMouse] d:\program files\a4tech\mouse\Amoumain.exe
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Startup Cleaner] d:\program files\cm data software\cm diskcleaner\Startup Cleaner.exe
mRun: [mwavscan_autoscan] "d:\docume~1\francek\locals~1\temp\mexe.com" /s /AUTORUNBOOT
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: {C948FAEC-5670-42EC-99C7-093D5D786C3D} = 194.228.2.1,194.228.41.113
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\francek\dataap~1\mozilla\firefox\profiles\n9ks5ags.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: d:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: d:\documents and settings\all users\data aplikacă­\id software\quakelive\npquakezero.dll
FF - plugin: d:\documents and settings\francek\data aplikacă­\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\francek\data aplikacă­\mozilla\plugins\npoctoshape.dll
FF - plugin: d:\documents and settings\francek\local settings\data aplikacă­\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
d:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\hwinfo32\HWiNFO32.SYS [2009-4-9 16872]
R1 nltdi;nltdi;d:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R2 713xTVCard;SAA7135 TV Card;d:\windows\system32\drivers\SAA713x.sys [2009-2-16 289280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-7-18 108289]
R2 WDMTVTuner;Universal WDM TV Tuner;d:\windows\system32\drivers\WDMTuner.sys [2009-2-16 26880]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [2009-4-9 93696]
S2 gupdate1c98f8cf18ccde0;Služba Google Update (gupdate1c98f8cf18ccde0);d:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-4-9 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\francek\locals~1\temp\gke59.tmp --> d:\docume~1\francek\locals~1\temp\GKE59.tmp [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\screamingbaudio.sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]

=============== Created Last 30 ================

2009-11-20 11:22:41 0 d---a-w- d:\windows\VDLL.DLL
2009-11-20 11:22:41 0 d---a-w- d:\windows\system32\runouce.exe
2009-11-20 11:22:41 0 d---a-w- d:\windows\rundll16.exe
2009-11-20 11:22:41 0 d---a-w- d:\windows\RUNDL132.EXE
2009-11-20 11:22:41 0 d---a-w- d:\windows\logo1_.exe
2009-11-20 11:22:41 0 d---a-w- d:\windows\logo_1.exe
2009-11-20 11:21:56 54 ----a-w- d:\windows\Lic.xxx
2009-11-20 11:21:27 632064 ----a-w- d:\windows\system32\msvcr80.dll
2009-11-20 11:21:26 554240 ----a-w- d:\windows\system32\msvcp80.dll
2009-11-20 11:21:25 522 ----a-w- d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-11-20 11:21:25 34048 ----a-w- d:\windows\system32\eEmpty.exe
2009-11-20 11:21:22 268800 ----a-w- d:\windows\REGEDIT.COM
2009-11-20 11:21:22 268800 ----a-w- d:\windows\R.COM
2009-11-20 11:21:22 240640 ----a-w- d:\windows\system32\TASKMGR.COM
2009-11-20 11:21:22 240640 ----a-w- d:\windows\system32\T.COM
2009-11-20 11:21:20 0 d-----w- d:\program files\common files\MicroWorld
2009-11-20 11:21:18 0 d-----w- d:\docume~1\alluse~1\dataap~1\MicroWorld
2009-11-15 16:07:34 0 d-----w- D:\cshelp
2009-11-14 11:31:51 3786760 ----a-w- d:\windows\system32\D3DX9_37.dll
2009-11-14 11:31:50 3727720 ----a-w- d:\windows\system32\d3dx9_35.dll
2009-11-14 11:31:50 3497832 ----a-w- d:\windows\system32\d3dx9_34.dll
2009-11-14 11:31:49 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2009-11-14 11:31:49 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2009-11-14 11:31:47 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2009-11-14 09:56:46 0 d-----w- D:\fifa0010
2009-11-07 21:30:42 0 d-----w- d:\program files\SopCast
2009-11-04 01:20:34 0 d-----w- d:\program files\common files\lightning group shared files
2009-11-03 17:43:46 54298 ----a-w- d:\documents and settings\francek\.recently-used.xbel
2009-11-03 17:43:43 895593 ----a-w- D:\jir.png
2009-11-03 12:53:11 0 d-----w- d:\program files\XTB-Trader
2009-11-03 11:49:38 128529 ----a-w- D:\sačekl.png
2009-11-03 11:39:50 71847 ----a-w- D:\josef.png
2009-11-03 11:31:01 143145 ----a-w- D:\ja.png
2009-11-03 11:14:10 635173 ----a-w- D:\michl.jpg
2009-11-03 00:52:22 1468743 ----a-w- D:\michl.png
2009-11-01 22:50:04 0 d-----w- d:\program files\Free Offers from Freeze.com
2009-11-01 22:50:00 212240 ----a-w- d:\windows\system32\Richtx32.ocx
2009-11-01 22:49:41 0 d-----w- d:\program files\Winferno
2009-10-27 14:11:20 0 d-----w- d:\program files\CDCheck

==================== Find3M ====================

2009-10-25 09:33:13 493744 ----a-w- d:\windows\system32\perfh005.dat
2009-10-25 09:33:13 103722 ----a-w- d:\windows\system32\perfc005.dat
2004-10-01 14:00:16 40960 ----a-w- d:\program files\Uninstall_CDS.exe

============= FINISH: 16:07:37,59 ===============
Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 16.1.2009 8:57:12
System Uptime: 20.11.2009 9:50:26 (7 hours ago)

Motherboard: | | K8NF6G-VSTA
Processor: AMD Sempron(tm) Processor 3000+ | CPUSocket | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 21 GiB total, 0,859 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 2,377 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 77 GiB total, 0,052 GiB free.
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP97: 18.11.2009 21:48:51 - Kontrolní bod systému
RP98: 20.11.2009 13:37:10 - Kontrolní bod systému

==== Installed Programs ======================

3DMark06
7-Zip 4.64
Adobe Acrobat 5.0
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan_CDA
AiOSoftwareNPI
Aktualizace systému Windows XP (KB911164)
Amond AVI WMV MPEG MOV DIVX FLV XVID MP3 Video Converter V2.4
AMX Mod Editor (remove only)
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATITool Overclocking Utility
µTorrent CZ 1.8.4 (build 16667)
AutoIt v3.3.0.0
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Battlefield 2(TM)
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CDCheck
CM DiskCleaner
Connect
ConvertXtoDVD 3.3.1.99
Counter-Strike
Counter-Strike 1.6
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Dropbox
DVD Solution
DVD2SVCD 1.2.3 Build 1
eSupportQFolder
F300
F300_Help
Fax_CDA
FIFA 10
FileZilla Client 3.3.0.1
FTP Commander
Full Tilt Poker
Garena
GIMP 2.4.5
Google Earth
Google Talk Plugin
Google Update Helper
HD Tune 2.55
HijackThis 1.99.1
honestech TVR
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Huffyuv AVI lossless video codec (Remove Only)
HWiNFO32 Version 2.38
InCD
InstantShareDevicesMFC
IsoBuster 2.6
Java(TM) 6 Update 13
Katalog filmů 4.02f
kuler
LG ODD Auto Firmware Update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Pro CZ
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
MarketResearch
Mat Hoffman's Pro BMX
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft VM for Java
Mozilla Firefox (3.5.5)
MSVC80_x86
MSXML 6.0 Parser (KB925673)
Multimedia Launcher
Mumble and Murmur
Nero OEM
NetLimiter 2 Pro (remove only)
NewCopy_CDA
NHL® 09
Nokia Connectivity Cable Driver
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
OpenOffice.org 3.0
Orbit Downloader
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
PowerProducer
ProductContextNPI
PSPad editor
PunkBuster Services
QIP 2005 8095
QIP Infium 2.0.9030 RC4
Quake Live Mozilla Plugin
Radiance for Vegas 7.0
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Task Manager 1.7d
Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)
Skins
Skype™ 4.0
Smart-X7 7.80
SolutionCenter
Sony Media Manager 2.2
Sony Vegas 7.0
SopCast 3.0.3
SpeedFan (remove only)
Status
Steam
Suite Shared Configuration CS4
TmNationsForever
Toolbox
TrayApp
USB Video Device
Valve Hammer Editor
VistaMizer 2.5.1.0
VLC media player 1.0.1
WebFldrs XP
WebReg
WeGame Client Public Beta 1.1.6
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
World of Warcraft
World of Warcraft FREE Trial
XML Paper Specification Shared Components Pack 1.0
XTB-Trader 4.00

==== End Of File ===========================
CKScanner
CKScanner - Additional Security Risks - These are not necessarily bad
c:\baf2crackkey.rar
c:\n_9_crack_keygen.rar
c:\n_9_crack_keygen.rar
c:\amond avi wmv mpeg mov divx flv xvid mp3 video converter v2.4\amond-video-converter keygens.exe
c:\baf2crackkey\reloaded.nfo
c:\baf2crackkey\battlefield 2 dedicated server public server patch-suspects\sus-bf2p.nfo
c:\baf2crackkey\battlefield 2 dedicated server public server patch-suspects\sus-bf2p.rar
c:\baf2crackkey\battlefield 2 dedicated server public server patch-suspects\sus-bf2p.sfv
c:\baf2crackkey\battlefield.2.keygen-vitality\vitality.nfo
c:\baf2crackkey\battlefield.2.keygen-vitality\vitality.nfo
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.exe
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.exe
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.rar
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.rar
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.sfv
c:\baf2crackkey\battlefield.2.keygen-vitality\vtl-bf2k.sfv
scanner sequence 3.ZZ.11
----- EOF -----

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

děkuji

ComboFix 09-11-21.01 - Francek 22.11.2009 10:28.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1535.1067 [GMT 1:00]
Spuštěný z: d:\documents and settings\Francek\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe
d:\windows\regedit.com
d:\windows\system32\ieuinit.inf
d:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-20 11:22 . 2009-11-20 11:22 -------- d---a-w- d:\windows\VDLL.DLL
2009-11-20 11:22 . 2009-11-20 11:22 -------- d---a-w- d:\windows\system32\runouce.exe
2009-11-20 11:22 . 2009-11-20 11:22 -------- d---a-w- d:\windows\RUNDL132.EXE
2009-11-20 11:22 . 2009-11-20 11:22 -------- d---a-w- d:\windows\logo_1.exe
2009-11-20 11:21 . 2009-11-20 11:21 632064 ----a-w- d:\windows\system32\msvcr80.dll
2009-11-20 11:21 . 2009-11-20 11:21 554240 ----a-w- d:\windows\system32\msvcp80.dll
2009-11-20 11:21 . 2009-11-20 11:21 34048 ----a-w- d:\windows\system32\eEmpty.exe
2009-11-20 11:21 . 2006-03-02 12:00 268800 ----a-w- d:\windows\R.COM
2009-11-20 11:21 . 2006-03-02 12:00 240640 ----a-w- d:\windows\system32\T.COM
2009-11-20 11:21 . 2009-11-20 11:21 -------- d-----w- d:\program files\Common Files\MicroWorld
2009-11-15 16:07 . 2009-11-15 16:07 -------- d-----w- D:\cshelp
2009-11-14 11:31 . 2008-03-05 14:56 3786760 ----a-w- d:\windows\system32\D3DX9_37.dll
2009-11-14 11:31 . 2007-07-19 17:14 3727720 ----a-w- d:\windows\system32\d3dx9_35.dll
2009-11-14 11:31 . 2007-05-16 15:45 3497832 ----a-w- d:\windows\system32\d3dx9_34.dll
2009-11-14 11:31 . 2007-04-04 17:53 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2009-11-14 11:31 . 2007-03-12 15:42 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2009-11-14 11:31 . 2006-09-28 15:05 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2009-11-14 09:56 . 2009-11-14 11:19 -------- d-----w- D:\fifa0010
2009-11-07 21:30 . 2009-11-08 17:27 -------- d-----w- d:\program files\SopCast
2009-11-04 01:20 . 2009-11-04 01:20 -------- d-----w- d:\program files\Common Files\lightning group shared files
2009-11-03 12:53 . 2009-11-03 12:53 -------- d-----w- d:\program files\XTB-Trader
2009-11-01 22:50 . 2009-11-01 22:50 -------- d-----w- d:\program files\Free Offers from Freeze.com
2009-11-01 22:49 . 2009-11-02 09:56 -------- d-----w- d:\program files\Winferno
2009-10-27 14:11 . 2009-10-27 14:11 -------- d-----w- d:\program files\CDCheck
2009-10-26 15:12 . 2009-10-26 15:12 -------- d-----w- d:\program files\Smart Projects

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 09:21 . 2009-01-16 08:14 -------- d-----w- d:\program files\lg_fwupdate
2009-11-21 23:06 . 2009-05-03 08:03 -------- d-----w- d:\program files\Steam
2009-11-19 20:36 . 2009-08-20 19:04 -------- d-----w- d:\program files\FileZilla FTP Client
2009-11-19 00:06 . 2009-05-17 08:13 -------- d-----w- d:\program files\Orbitdownloader
2009-11-14 23:50 . 2009-01-17 12:27 -------- d-----w- d:\program files\FTP Commander
2009-11-14 11:30 . 2009-05-08 08:28 -------- d-----w- d:\program files\EA Sports
2009-11-14 11:00 . 2009-01-16 08:07 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-09 20:58 . 2009-01-31 14:13 -------- d-----w- d:\program files\World of Warcraft
2009-11-07 11:31 . 2009-01-16 11:43 -------- d-----w- d:\program files\cstrike
2009-11-05 11:28 . 2009-08-04 17:10 -------- d-----w- d:\program files\WeGame
2009-10-26 12:39 . 2009-02-07 14:06 -------- d-----w- d:\program files\Garena
2009-10-25 19:20 . 2009-10-21 08:44 -------- d-----w- d:\program files\CSStrat
2009-10-25 09:33 . 2006-03-02 12:00 493744 ----a-w- d:\windows\system32\perfh005.dat
2009-10-25 09:33 . 2006-03-02 12:00 103722 ----a-w- d:\windows\system32\perfc005.dat
2009-10-01 13:00 . 2009-10-01 12:51 -------- d-----w- d:\program files\DesetiPrsty
2009-09-29 14:00 . 2009-09-29 14:00 -------- d-----w- d:\program files\uTorrent
2004-10-01 14:00 . 2009-01-16 08:10 40960 ----a-w- d:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2006-03-02 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . d:\windows\system32\winlogon.exe
[-] 2006-03-02 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . d:\windows\system32\dllcache\winlogon.exe
[7] 2006-03-02 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . d:\windows\VistaMizer\old\winlogon.exe

[-] 2006-03-02 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . d:\windows\system32\wuauclt.exe
[-] 2006-03-02 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . d:\windows\system32\dllcache\wuauclt.exe
[7] 2006-03-02 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . d:\windows\VistaMizer\old\wuauclt.exe

[-] 2006-03-02 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . d:\windows\system32\comctl32.dll
[-] 2006-03-02 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . d:\windows\system32\dllcache\comctl32.dll
[7] 2006-03-02 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . d:\windows\VistaMizer\old\comctl32.dll

[-] 2006-03-02 . A7509C2CDDBF92EDD9EA14BF6B538884 . 3463168 . . [6.00.2900.2853] . . d:\windows\system32\mshtml.dll
[-] 2006-03-02 . A7509C2CDDBF92EDD9EA14BF6B538884 . 3463168 . . [6.00.2900.2853] . . d:\windows\system32\dllcache\mshtml.dll
[7] 2006-03-02 . 43E8D8091527AA91EB0B2A553447B3D8 . 3070464 . . [6.00.2900.2853] . . d:\windows\VistaMizer\old\mshtml.dll
[7] 2006-02-21 . CDD766C610E7DE86CCE91CD339C79BCF . 3073024 . . [6.00.2900.2853] . . d:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

[-] 2006-03-02 . 32A866B57CB8B04B337A26DBC0FA09EE . 2440320 . . [5.1.2600.2180] . . d:\windows\system32\ntoskrnl.exe
[7] 2006-03-02 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . d:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2006-03-02 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . d:\windows\system32\wininet.dll
[-] 2006-03-02 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . d:\windows\system32\dllcache\wininet.dll
[7] 2006-03-02 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . d:\windows\VistaMizer\old\wininet.dll

[-] 2006-03-02 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . d:\windows\explorer.exe
[-] 2006-03-02 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . d:\windows\system32\dllcache\explorer.exe
[7] 2006-03-02 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . d:\windows\VistaMizer\old\explorer.exe

[-] 2006-03-02 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . d:\windows\system32\ctfmon.exe
[-] 2006-03-02 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . d:\windows\system32\dllcache\ctfmon.exe
[7] 2006-03-02 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . d:\windows\VistaMizer\old\ctfmon.exe

[-] 2006-03-02 . 7CE10A3B823F3DB9B92E06383F37C64A . 2316160 . . [5.1.2600.2180] . . d:\windows\system32\ntkrnlpa.exe
[7] 2006-03-02 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . d:\windows\VistaMizer\old\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- d:\documents and settings\Francek\Data aplikací\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- d:\documents and settings\Francek\Data aplikací\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- d:\documents and settings\Francek\Data aplikací\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="d:\documents and settings\Francek\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="d:\documents and settings\Francek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="d:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe" [2009-01-16 548864]
"TV Card Remote Control Device Monitor"="d:\windows\713xRMTMon.exe" [2005-07-20 352256]
"snp2uvc"="d:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="d:\windows\tsnp2uvc.exe" [2007-07-11 237568]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"WheelMouse"="d:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Startup Cleaner"="d:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2006-03-02 25088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=d:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Scheduler for OEM.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Scheduler for OEM.lnk
backup=d:\windows\pss\Scheduler for OEM.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Francek^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=d:\documents and settings\Francek\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=d:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Francek^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Francek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=d:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\cstrike\\hl.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\Program Files\\Steam\\steamapps\\sidicze\\counter-strike\\hl.exe"=
"d:\\Program Files\\cstrike\\hlds.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\BROOD\\StarCraft.exe"=
"d:\\Program Files\\cstrike\\hltv.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Documents and Settings\\Francek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Francek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Documents and Settings\\Francek\\Data aplikací\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"d:\\Documents and Settings\\Francek\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [9.4.2009 12:18 16872]
R1 nltdi;nltdi;d:\windows\system32\drivers\nltdi.sys [23.4.2007 12:03 82200]
R2 713xTVCard;SAA7135 TV Card;d:\windows\system32\drivers\SAA713x.sys [16.2.2009 13:40 289280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [18.7.2009 10:12 108289]
R2 WDMTVTuner;Universal WDM TV Tuner;d:\windows\system32\drivers\WDMTuner.sys [16.2.2009 13:41 26880]
S0 sptd;sptd;d:\windows\system32\Drivers\sptd.sys --> d:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c98f8cf18ccde0;Služba Google Update (gupdate1c98f8cf18ccde0);d:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 17:46 133104]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [9.4.2009 11:42 1684736]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Francek\LOCALS~1\Temp\GKE59.tmp --> d:\docume~1\Francek\LOCALS~1\Temp\GKE59.tmp [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-11-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 16:46]

2009-11-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 16:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: {C948FAEC-5670-42EC-99C7-093D5D786C3D} = 194.228.2.1,194.228.41.113
FF - ProfilePath - d:\documents and settings\Francek\Data aplikací\Mozilla\Firefox\Profiles\n9ks5ags.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: d:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 10:37
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = d:\windows\713xRMTMon.exe???Xy??????????S?e??B7?x???U?I??y??????????????x???????????x?7?????????????????????????????????x?7??????B7?????????S?e?x?7?e? ?x??????????????|?A7?Xy??????????????Xy??????????????????????????????????Py??h???????????Py??(???Xy????A????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Francek\LOCALS~1\Temp\GKE59.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
d:\windows\system32\sfc_os.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\cscui.dll
d:\windows\system32\COMRes.dll
.
Celkový čas: 2009-11-22 10:39
ComboFix-quarantined-files.txt 2009-11-22 09:39
ComboFix2.txt 2009-07-11 15:07

Před spuštěním: 1 267 130 368
Po spuštění: 1 540 198 400

- - End Of File - - 79C0F8EA80DD5868A3514DED1AC268F9

A ideme testovat...

Otestuj subor(y) na >>VIRUSTOTALe<<:


Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

d:\windows\system32\winlogon.exe link zde
d:\windows\system32\wuauclt.exe link zde
d:\windows\system32\comctl32.dll link zde

Super, dakujem.

Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.