PC-HELP.CZ

Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:25, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{82FA26CE-5887-4BD6-B231-43A97305DBE5}: NameServer = 192.168.2.133,217.197.144.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5360 bytes

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Pokud bude bez nálezu a nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4629

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.9.2010 19:49:11
mbam-log-2010-09-16 (19-49-11).txt

Typ skenu: Rychlý sken
Skenované objekty: 128167
Uplynulý čas: 3 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

ComboFix 10-09-16.04 - Jarda 17.09.2010 0:33.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1666 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jarda\Plocha\ČISTÍME\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jarda\Data aplikací\AdVantage
c:\documents and settings\Jarda\Data aplikací\AdVantage\about_AdVantage.mht
c:\documents and settings\Jarda\Data aplikací\AdVantage\advantage.cfg
c:\documents and settings\Jarda\Data aplikací\AdVantage\AdVantage.exe
c:\documents and settings\Jarda\Data aplikací\AdVantage\advantage.mht
c:\documents and settings\Jarda\Data aplikací\AdVantage\AdVUninst.exe

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-16 do 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 20:00 . 2010-09-16 20:00 -------- d-----w- c:\program files\Nature 3D Screensaver
2010-09-16 19:56 . 2010-09-16 19:56 -------- d-----w- c:\program files\Tropical Fish 3D Screensaver
2010-09-16 19:36 . 2007-01-17 10:57 528384 ----a-w- c:\windows\system32\Astro Gemini Screensaver Manager.scr
2010-09-16 19:36 . 2006-02-15 15:26 92216 ----a-w- c:\windows\system32\bass.dll
2010-09-16 18:37 . 2010-06-02 14:23 976896 ----a-w- c:\windows\system32\Spirit_of_Fire_3D_Screensaver.scr
2010-09-16 18:37 . 2010-09-16 19:41 -------- d-----w- c:\program files\Spirit of Fire 3D Screensaver
2010-09-16 18:36 . 2010-09-16 19:41 -------- d-----w- c:\program files\Watermill 3D Screensaver
2010-09-16 18:36 . 2010-06-02 14:28 978944 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2010-09-16 18:33 . 2010-09-16 19:38 -------- d-----w- c:\program files\Galleon 3D Screensaver
2010-09-16 18:31 . 2010-09-16 19:38 -------- d-----w- c:\program files\Ancient Castle 3D Screensaver
2010-09-16 18:30 . 2010-09-16 19:41 -------- d-----w- c:\program files\Earth 3D Screensaver
2010-09-16 18:30 . 2010-06-02 14:19 977920 ----a-w- c:\windows\system32\Earth_3D_Screensaver.scr
2010-09-16 18:28 . 2010-09-16 19:40 -------- d-----w- c:\program files\3D Realistic Fireplace 3
2010-09-16 18:16 . 2010-06-02 11:22 688640 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2010-09-16 18:16 . 2010-09-16 19:41 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2010-09-16 18:16 . 2010-09-16 18:16 -------- d-----w- c:\windows\system32\3Planesoft
2010-09-16 18:16 . 2007-02-28 10:51 3395584 ----a-w- c:\windows\system32\Fireplace 3D Screensaver.exe
2010-09-16 18:16 . 2010-09-16 18:16 -------- d-----w- c:\program files\Fireplace 3D Screensaver
2010-09-16 18:16 . 2007-02-28 10:51 772096 ----a-w- c:\windows\system32\Fireplace_3D_Screensaver.scr
2010-09-16 17:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 17:44 . 2010-09-16 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 17:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 22:39 . 2010-09-14 22:39 -------- d-----w- c:\program files\DarXide games
2010-09-10 12:02 . 2010-09-10 12:05 -------- d-----w- c:\program files\EurotelSMS
2010-09-10 10:27 . 2010-09-10 10:27 -------- d-----w- c:\program files\Trend Micro
2010-09-06 08:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-06 08:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-06 08:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-06 08:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-06 08:56 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-06 08:56 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-06 08:56 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-06 08:56 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-06 08:49 . 2010-09-06 08:49 -------- d-----w- c:\program files\2K Games
2010-09-02 20:50 . 2010-09-02 20:54 -------- d-----w- c:\documents and settings\Jarda\.dvdcss
2010-09-02 20:23 . 2010-09-02 20:23 -------- d-----w- c:\program files\DVD Shrink
2010-09-01 14:32 . 2010-09-01 14:32 114 ----a-w- C:\ISF_ID.dat
2010-09-01 14:32 . 2010-09-01 14:32 -------- d-----w- C:\Log
2010-09-01 14:32 . 2010-09-01 14:32 -------- d-----w- c:\program files\Clarus
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\UC.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-01 13:01 . 2010-09-01 13:02 -------- d-----w- C:\totalcmd
2010-09-01 12:36 . 2010-09-01 12:36 -------- d-----w- c:\program files\Smart Projects
2010-09-01 11:14 . 2010-09-01 11:14 -------- d-----w- c:\program files\TopCD
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\windows\XXLGS
2010-08-31 21:00 . 2010-09-11 16:16 -------- d-----w- C:\TRANSLAT
2010-08-31 09:16 . 2010-08-31 09:16 -------- d-----w- c:\program files\City Interactive
2010-08-30 22:11 . 2010-09-16 19:41 -------- d-----w- c:\program files\Virtual Makeover 2
2010-08-30 21:29 . 2010-08-30 21:29 -------- d-----w- c:\program files\ABCgames Cheater
2010-08-28 16:35 . 2010-08-28 16:35 -------- d-----w- c:\program files\Ashampoo
2010-08-28 15:30 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-08-28 15:30 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-08-28 15:27 . 2005-02-23 12:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-28 15:26 . 2010-08-28 15:26 -------- d-----w- c:\program files\ArcSoft
2010-08-28 15:26 . 2010-08-28 15:27 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-28 15:26 . 2003-03-18 20:14 499712 ----a-r- c:\windows\system32\msvcp71.dll
2010-08-28 15:26 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-08-28 15:26 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-08-28 15:25 . 2010-08-28 15:25 -------- d-----w- c:\program files\HybridTM_IR(A)
2010-08-28 15:25 . 2010-08-28 15:25 -------- d-----w- C:\Hybrid_TV_Receiver(TM6000)
2010-08-27 22:24 . 2010-08-27 22:24 -------- d-----w- c:\program files\MyPhoneExplorer
2010-08-27 21:16 . 2010-08-27 21:16 -------- d-----w- c:\program files\dm
2010-08-27 21:14 . 2010-08-27 21:14 -------- d-----w- c:\documents and settings\Jarda\.jenny
2010-08-27 09:32 . 2010-08-27 09:32 -------- d-----w- c:\program files\Playlist Creator 3
2010-08-24 11:12 . 2010-09-16 19:41 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-08-24 11:02 . 2010-08-24 11:02 -------- d-----w- c:\program files\Lavasoft
2010-08-24 08:41 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-08-24 08:41 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-08-23 20:24 . 2010-08-23 20:25 -------- d-----w- c:\program files\Cross Racing Championship
2010-08-23 16:46 . 2010-08-23 16:46 -------- d-----w- c:\program files\Samsung ML-2010 Series
2010-08-23 16:43 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-23 16:43 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-23 16:21 . 2005-04-08 02:29 20622 ----a-w- c:\windows\system32\SUGS2LMK.DLL
2010-08-23 16:21 . 2005-03-03 04:32 151552 ----a-w- c:\windows\system32\SSCoInst.exe
2010-08-23 16:21 . 2005-03-03 10:09 57344 ----a-w- c:\windows\system32\SSCoInst.dll
2010-08-23 16:21 . 2010-08-23 16:46 -------- d-----w- c:\windows\Samsung
2010-08-23 16:21 . 2005-03-14 05:01 208896 ------w- c:\windows\system32\SSRemove.exe
2010-08-23 16:19 . 2005-03-14 05:01 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-08-23 16:00 . 2010-08-23 16:00 -------- d-----w- c:\program files\Netropa
2010-08-23 16:00 . 2001-12-20 08:02 6656 ----a-w- c:\windows\system32\drivers\Msikbd2k.sys
2010-08-23 16:00 . 2000-06-08 01:09 28672 ----a-w- c:\windows\system32\msiosd32.dll
2010-08-23 16:00 . 2010-08-23 16:00 -------- d-----w- c:\program files\FSC
2010-08-23 10:12 . 2010-09-16 19:41 -------- d-----w- c:\program files\HD Tune
2010-08-22 11:22 . 2010-08-22 11:22 -------- d-----w- c:\windows\system32\oodag
2010-08-22 04:44 . 2010-08-22 11:20 -------- d-----w- c:\program files\OO Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 22:33 . 2010-07-09 14:34 -------- d-----w- c:\program files\Eset
2010-09-16 20:27 . 2010-07-10 03:20 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-16 20:27 . 2010-07-10 03:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-16 19:41 . 2010-07-09 16:00 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-16 19:41 . 2010-07-29 14:39 -------- d-----w- c:\program files\Dream Aquarium
2010-09-14 22:39 . 2010-07-09 16:32 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-10 11:52 . 2010-07-09 14:48 -------- d-----w- c:\program files\Opera
2010-09-06 08:57 . 2010-07-09 14:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-06 08:56 . 2010-07-09 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-03 08:35 . 2010-07-09 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 11:19 . 2010-08-17 20:40 -------- d-----w- c:\program files\Any DVD Converter Professional
2010-08-23 21:07 . 2010-07-27 14:12 11627 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-08-23 16:00 . 2010-07-09 14:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 21:18 . 2010-07-09 15:50 -------- d-----w- c:\program files\CCleaner
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 17:32 . 2010-07-09 14:54 -------- d-----w- c:\program files\Java
2010-08-13 17:31 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-08-13 17:31 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-08-10 14:04 . 2010-08-10 14:03 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-08-10 13:41 . 2010-08-10 13:41 -------- d-----w- c:\program files\Zoner
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\Activision
2010-07-28 11:59 . 2010-07-28 11:58 -------- d-----w- c:\program files\DAEMON Tools
2010-07-26 15:11 . 2010-07-26 15:11 -------- d-----w- c:\program files\Sunbelt Software
2010-07-23 14:35 . 2010-07-23 14:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 14:28 . 2010-07-23 14:28 -------- d-----w- c:\program files\Vypínač na dobrou noc
2010-07-22 15:46 . 2002-09-20 16:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-07-09 14:55 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 03:55 . 2010-07-10 03:55 30080 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-07-10 03:55 . 2010-07-10 03:55 247008 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-10 03:55 . 2010-07-10 03:55 96032 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-10 03:20 . 2010-07-10 03:20 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-09 16:51 . 2010-07-09 16:50 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 16:51 . 2010-07-09 16:51 64695 ----a-w- c:\windows\BricoPackUninst.cmd
2010-07-09 16:51 . 2002-09-20 16:04 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-07-09 16:32 . 2010-07-09 16:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-09 15:45 . 2010-07-09 13:57 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-07-09 15:45 . 2010-07-09 13:57 2724 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-07-09 15:44 . 2010-07-09 13:57 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-07-09 15:24 . 2010-07-09 15:24 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-09 14:34 . 2010-07-09 14:34 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2010-07-09 14:34 . 2010-07-09 14:34 270336 ----a-w- c:\windows\system32\imon.dll
2010-07-09 14:02 . 2010-07-09 14:02 315392 ----a-w- c:\windows\HideWin.exe
2010-07-09 13:57 . 2010-07-09 13:57 558142 ----a-w- c:\windows\java\Packages\WEEXR17F.ZIP
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\EUNLBR9V.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\CWSPVXVL.DAT
2010-07-09 13:57 . 2010-07-09 13:57 155995 ----a-w- c:\windows\java\Packages\GD3H3XJB.ZIP
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\Y2RXZZ5B.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\K8CIEX77.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\0CI5RTN7.DAT
2010-07-09 13:55 . 2010-07-09 13:55 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:33 . 2002-09-20 16:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2002-09-20 15:41 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-05 462104]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-07-09 917504]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-03 997042]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-03 118784]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HybridTM_A]
2006-05-16 09:05 118784 ----a-w- c:\program files\HybridTM_IR(A)\RC620_A.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
2001-11-09 06:47 356352 ----a-w- c:\program files\FSC\Wireless Wheel Mouse\Mouse32A.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2003-06-03 23:32 163840 ----a-w- c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [23.8.2010 18:00 6656]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.8.2010 10:41 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16.9.2010 19:44 304464]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9.7.2010 16:05 39424]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [4.3.2009 14:42 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [4.3.2009 14:42 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [4.3.2009 14:42 566296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.9.2010 19:44 20952]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.8.2010 10:41 65576]
R3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\drivers\Triddev.sys [18.5.2006 11:51 3584]
R3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\drivers\TridVid.sys [18.5.2006 11:51 169600]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [23.8.2010 18:00 28672]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [4.3.2009 14:42 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9.7.2010 18:32 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [4.3.2009 14:42 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [4.3.2009 14:42 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [4.3.2009 14:42 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [4.3.2009 14:42 566296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Jarda\Plocha\PROGRAMY\everest-uee-4.10.1091-reg\kerneld.wnt [11.7.2010 16:02 21104]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [1.3.2010 9:43 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [1.3.2010 9:43 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [1.3.2010 9:43 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [1.3.2010 9:43 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [1.3.2010 9:43 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [1.3.2010 9:43 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [1.3.2010 9:43 123504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.7.2010 17:24 685816]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
LSP: imon.dll
TCP: {82FA26CE-5887-4BD6-B231-43A97305DBE5} = 192.168.2.133,217.197.144.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-WgaLogon - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Astro Gemini Screensaver Manager_is1 - c:\program files\Astro Gemini Software\Screensaver Manager\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 00:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Jarda\Plocha\PROGRAMY\everest-uee-4.10.1091-reg\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B56F7CE57344A96751A63E01E8EBFA6584644448B882E01EF053F84CC60A3D21C8B19A6E1AEAD915093295547E97E8B87AEE2FEF6A4DD4EC8AF07893BC59E3D868391E1BCF77241202EEFA21CBB6AFE2C1848146D9FB3B0F27877906228676BB2AE98120910D3FD86DE7E98CFA649C1F48F860020442952114D6E38D5CFE4DE8D508903AD4F27526328C36432EE20F6CB005C0DFD1F97803CE7EF217C5D35141E7C0EB247E93277D683104F27814FB8FD0C46D1FA6A00ED88B85B511ABBB006812A00AA1EAFDC7A3DE0C4C4EE2806A8DB4398503D6D4130B33541172500F6EC7B79A3176E865DD241539DF0BE754F8B21AC57B54AADC59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933A9C6AECB7A5D140721DB9DC9EE3F0DA1F6CF48FB592A398ADBA246B8215C12BC83982063BA984A9FBE36759D281A05D5773CF377F87B1291400757E263F536AFF429FBFDE9EB09AC63E4852B9048DA62926F89F9282A321C86075B5F1D5E56F12A54D33C672EEAFD34213F3A777E13DA2BDE4770C43738727274F85EDD83C922E8EA5732945B9CA9955A7B62AFE3D6E868B5CC183398E3F38B583A643A48087439F017C8D6637354313175920F16EF4737529C84DC361B101E6E0CC74B02B02CE7A08A3C19A665BAF5794C0DEF2250C6C447A11CAAEDE54C3AA54035AD7A842487E48C9D48FD8CAB16BE03E6B28E894B04DAA7990F90F14334A08B2E00F06A4C6D5E5A535534290B88BD818A3852D54F2D87DE8B7AE20FA024B788836A966C253162181436091CCF85E81334E8DA905C3C7C5B56E71E3326667732DD1311B647B1F8C96CE5AE6F048D646776AC86B793ED9B95AED06EF62A9B9DEC3A28F91DDA0F5EDB3FE04B4B48DF8A11B7752AF12AC6FC6B20B4769694271EFCE6D861949D2E841C3F28FA7F5006E708B1348D06E78EE81B891A4AF36330A00A89DAC7B764388EBB76C24DFE62473FA7F1DEEC5F28CFDE491D84F313A6A4022497E524C3141BD45341394460D9B206305972F70E5DD8907FE303ED9E06B4CF3BDEB7DF9A2688E4DBD01AD6DF261B64439F6AD246093E66AA35A22C613854CF25FC8F58422A73FD34A97771DA4B17B96ACCCB956045D57919427992CC8D39771BE7B360E5C117179E23E471545FFE968E3F1DCCD73EBB98018D1E79F66463723AE5EC3ED0A36F55C16D7EAA740EF1408128E877CB334FC6F96DAAAE183290218414062B76993E182706DFE4859752B1748EBC8A01F9B23A008B41F38B82C5175FE051D6ED81086E3EC22C59F4CCC596014B2BEDDF794EDC746805FBD4F0CA1B949122606E50181DD94C0838D797B6D0210CCC7DF22ECB4D9BD61CF117AEAA2ACFBB52E05709F7"
"OODEFRAG12.00.00.01PROFESSIONAL"="50A074CE98E1C7750EC97E8BFE36FEA22DA3C9A1E19384C1ABD291D56D7161E2603B63592699B619A58B03FAB3399300D1CCAA7C04FB1ACB7FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933A9C6AECB7A5D1407ADB90CB2A1AD28AC1D017255B0D155C43180CB8C43693764D1B96CE87C8DF899192CF42A4A0DFAF064931CD97E8F5B46007B09C1038D1A5AD9113D281411D2374957916512CC757067A2BDBFDE7D9FA37261739CCBA47BD8C43B0C841785B5A1DEFE3EEDFCFD7B9BF8DBEA63562B90B1ABEEF97144DB7139A822BE65ED5502D57D56F960556A5736EB5F5E38AEDC8119D052ADA65594F52A99A163C7C2A07DA6CB076C6F248DB5561AC4F6C4758CA8558BAFC737AEE4EAAD3408A73C06B64FBB76AE5DDEBC162A6A5F1736A2F96521B90A1DA2B342161399959BE166EA22050FAC5C3908306727AF1DD1408053C867687D253C3E45A594166193877F671A8D6F22179159599888BB3868611F59C960DB9BC8380FB144FB23BC9AB6D2360FBE808ED61B54D2F689F598C086D62AB24FDF9D78DCEF48D8381154D22E4158A2CF38AD0A2E0C7C01CD982BB54011267FE115C11E16C1077C9C0655CED1BE102C5E613F0F48AB7B695936DF14C64CF2DF2572C8917176387DE1FB7318A95464B46A9B863D0A7038981530AB1EF21BF9398ABDF9A42396E3DAA1BF6529E19DA07C57D7CBDDB82BDDAA50BF098AC222E7A3E8951D98023D574C5B756472C94AD3F56E5F592C3E405D6EBAEFF281D79EAD6CFBEA81258798A6BB7490B0D7D59F51C5DCCA015AA42BE9E7EA20692478DB8093E08078F5D36DA744B15B8B329D75B0C7310A148C1FF67C4E598572818F3D5A4D9AF1D6A82A91F2B9C074BC4DDCB84C0C61DFEBDC82C5518CE3A696A1A8B877020FA977D0EFF0E8A1AE4D0EE8F4E8C251C462E35746CD68424B5F617D765A594F88E93676B10BA9B371AACE38671A7991987D5BFD0957844436E0E403D03EC48437C676939D729CDE5F2851645D7594767D6E35458ABEAF19AD2DB415AE97C3A72BA99C1785CEEAC3B2326C0A24B6825DF549DA16AFF6B5FC1E9D6A89B0AC236F5B4E93E462DC04B98C8A7B37A82EEF59EC74B5CD028426DD59DB212916587349A3C548534E6999486F48DBF181C0D0B12DAA38BCAE81D5E016697B3447080BD640F62C2D8758A1AD43D2F0B165655CE0E77A5429859A5D5DEB1A1DDACCBD816AD596B531712356DBD26AA0E02FAA0E14B0C7014B7C1016DDD915AEC3D310350E68B4DD9413D135764E9FD661E02E242F80473BD0AB39A3A23F56DB0830A9C67EE4B122FB170781D9485881861DA5A147B485825ACFFD682063ACD7B7D6499B2A18C084044C73409239"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-09-17 00:41:49
ComboFix-quarantined-files.txt 2010-09-16 22:41

Před spuštěním: Volných bajtů: 19 293 343 744
Po spuštění: Volných bajtů: 19 283 247 104

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F506BE1FBCD672F530E24E87EFBD83BF

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\SSRemove.exe
c:\windows\system32\drivers\DGIVECP.SYS
c:\windows\system32\msiosd32.dll
c:\windows\system32\wuauclt.exe
c:\windows\explorer.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Znáš toto:
C:\ISF_ID.dat
c:\program files\dm

Virustotal vše ok.
C:\ISF_ID.dat vymazal jsem
c:\program files\dm Je program na fotky online drogerie DM.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 10-09-21.01 - Jarda 22.09.2010 10:35:58.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1600 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jarda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jarda\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\windows\HideWin.exe"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\HideWin.exe
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-22 do 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-21 19:57 . 2010-09-21 19:57 -------- d-----w- c:\program files\IObit
2010-09-17 11:16 . 2010-09-17 11:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-17 10:52 . 2010-09-17 11:16 -------- d-----w- c:\program files\Unlocker
2010-09-16 19:36 . 2007-01-17 10:57 528384 ----a-w- c:\windows\system32\Astro Gemini Screensaver Manager.scr
2010-09-16 19:36 . 2006-02-15 15:26 92216 ----a-w- c:\windows\system32\bass.dll
2010-09-16 18:37 . 2010-06-02 14:23 976896 ----a-w- c:\windows\system32\Spirit_of_Fire_3D_Screensaver.scr
2010-09-16 18:37 . 2010-09-16 19:41 -------- d-----w- c:\program files\Spirit of Fire 3D Screensaver
2010-09-16 18:36 . 2010-09-16 19:41 -------- d-----w- c:\program files\Watermill 3D Screensaver
2010-09-16 18:36 . 2010-06-02 14:28 978944 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2010-09-14 22:39 . 2010-09-14 22:39 -------- d-----w- c:\program files\DarXide games
2010-09-10 12:02 . 2010-09-10 12:05 -------- d-----w- c:\program files\EurotelSMS
2010-09-10 10:27 . 2010-09-10 10:27 -------- d-----w- c:\program files\Trend Micro
2010-09-06 08:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-06 08:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-06 08:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-06 08:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-06 08:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-06 08:56 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-06 08:56 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-06 08:56 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-06 08:56 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-06 08:49 . 2010-09-06 08:49 -------- d-----w- c:\program files\2K Games
2010-09-02 20:23 . 2010-09-02 20:23 -------- d-----w- c:\program files\DVD Shrink
2010-09-01 14:32 . 2010-09-01 14:32 -------- d-----w- C:\Log
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\UC.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-01 13:01 . 2005-01-18 04:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-01 13:01 . 2010-09-01 13:02 -------- d-----w- C:\totalcmd
2010-09-01 12:36 . 2010-09-01 12:36 -------- d-----w- c:\program files\Smart Projects
2010-09-01 11:14 . 2010-09-01 11:14 -------- d-----w- c:\program files\TopCD
2010-08-31 21:00 . 2010-09-21 19:25 -------- d-----w- C:\TRANSLAT
2010-08-31 09:16 . 2010-08-31 09:16 -------- d-----w- c:\program files\City Interactive
2010-08-30 22:11 . 2010-09-16 19:41 -------- d-----w- c:\program files\Virtual Makeover 2
2010-08-30 21:29 . 2010-08-30 21:29 -------- d-----w- c:\program files\ABCgames Cheater
2010-08-28 16:35 . 2010-08-28 16:35 -------- d-----w- c:\program files\Ashampoo
2010-08-28 15:30 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-08-28 15:30 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-08-28 15:27 . 2005-02-23 12:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-28 15:26 . 2010-08-28 15:26 -------- d-----w- c:\program files\ArcSoft
2010-08-28 15:26 . 2010-08-28 15:27 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-28 15:26 . 2003-03-18 20:14 499712 ----a-r- c:\windows\system32\msvcp71.dll
2010-08-28 15:26 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-08-28 15:26 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-08-28 15:25 . 2010-08-28 15:25 -------- d-----w- c:\program files\HybridTM_IR(A)
2010-08-28 15:25 . 2010-08-28 15:25 -------- d-----w- C:\Hybrid_TV_Receiver(TM6000)
2010-08-27 22:24 . 2010-08-27 22:24 -------- d-----w- c:\program files\MyPhoneExplorer
2010-08-27 21:16 . 2010-08-27 21:16 -------- d-----w- c:\program files\dm
2010-08-27 09:32 . 2010-08-27 09:32 -------- d-----w- c:\program files\Playlist Creator 3
2010-08-24 11:12 . 2010-09-16 19:41 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-08-24 11:02 . 2010-08-24 11:02 -------- d-----w- c:\program files\Lavasoft
2010-08-24 08:41 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-08-24 08:41 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-08-23 20:24 . 2010-08-23 20:25 -------- d-----w- c:\program files\Cross Racing Championship
2010-08-23 16:46 . 2010-08-23 16:46 -------- d-----w- c:\program files\Samsung ML-2010 Series
2010-08-23 16:43 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-23 16:43 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-23 16:21 . 2005-04-08 02:29 20622 ----a-w- c:\windows\system32\SUGS2LMK.DLL
2010-08-23 16:21 . 2005-03-03 04:32 151552 ----a-w- c:\windows\system32\SSCoInst.exe
2010-08-23 16:21 . 2005-03-03 10:09 57344 ----a-w- c:\windows\system32\SSCoInst.dll
2010-08-23 16:21 . 2010-08-23 16:46 -------- d-----w- c:\windows\Samsung
2010-08-23 16:21 . 2005-03-14 05:01 208896 ------w- c:\windows\system32\SSRemove.exe
2010-08-23 16:19 . 2005-03-14 05:01 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-08-23 16:00 . 2010-08-23 16:00 -------- d-----w- c:\program files\Netropa
2010-08-23 16:00 . 2001-12-20 08:02 6656 ----a-w- c:\windows\system32\drivers\Msikbd2k.sys
2010-08-23 16:00 . 2000-06-08 01:09 28672 ----a-w- c:\windows\system32\msiosd32.dll
2010-08-23 16:00 . 2010-08-23 16:00 -------- d-----w- c:\program files\FSC
2010-08-23 10:12 . 2010-09-16 19:41 -------- d-----w- c:\program files\HD Tune

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 12:03 . 2010-07-28 11:58 -------- d-----w- c:\program files\DAEMON Tools
2010-09-16 23:23 . 2010-07-09 14:34 -------- d-----w- c:\program files\Eset
2010-09-16 23:00 . 2010-07-09 15:24 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-16 20:27 . 2010-07-10 03:20 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-16 20:27 . 2010-07-10 03:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-16 19:41 . 2010-07-09 16:00 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-16 19:41 . 2010-07-29 14:39 -------- d-----w- c:\program files\Dream Aquarium
2010-09-14 22:39 . 2010-07-09 16:32 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-10 11:52 . 2010-07-09 14:48 -------- d-----w- c:\program files\Opera
2010-09-06 08:57 . 2010-07-09 14:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-06 08:56 . 2010-07-09 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-03 08:35 . 2010-07-09 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 11:19 . 2010-08-17 20:40 -------- d-----w- c:\program files\Any DVD Converter Professional
2010-08-23 21:07 . 2010-07-27 14:12 11627 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-08-23 16:00 . 2010-07-09 14:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-22 11:20 . 2010-08-22 04:44 -------- d-----w- c:\program files\OO Software
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 21:18 . 2010-07-09 15:50 -------- d-----w- c:\program files\CCleaner
2010-08-13 17:32 . 2010-08-13 17:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 17:32 . 2010-07-09 14:54 -------- d-----w- c:\program files\Java
2010-08-10 14:04 . 2010-08-10 14:03 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-08-10 13:41 . 2010-08-10 13:41 -------- d-----w- c:\program files\Zoner
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\Activision
2010-07-26 15:11 . 2010-07-26 15:11 -------- d-----w- c:\program files\Sunbelt Software
2010-07-22 15:46 . 2002-09-20 16:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-07-09 14:55 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 03:55 . 2010-07-10 03:55 30080 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-07-10 03:55 . 2010-07-10 03:55 247008 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-10 03:55 . 2010-07-10 03:55 96032 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-10 03:20 . 2010-07-10 03:20 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-09 16:51 . 2010-07-09 16:50 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 16:51 . 2010-07-09 16:51 64695 ----a-w- c:\windows\BricoPackUninst.cmd
2010-07-09 16:51 . 2002-09-20 16:04 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-07-09 16:32 . 2010-07-09 16:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-09 15:45 . 2010-07-09 13:57 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-07-09 15:45 . 2010-07-09 13:57 2724 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-07-09 15:44 . 2010-07-09 13:57 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-07-09 14:34 . 2010-07-09 14:34 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2010-07-09 14:34 . 2010-07-09 14:34 270336 ----a-w- c:\windows\system32\imon.dll
2010-07-09 13:57 . 2010-07-09 13:57 558142 ----a-w- c:\windows\java\Packages\WEEXR17F.ZIP
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\EUNLBR9V.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\CWSPVXVL.DAT
2010-07-09 13:57 . 2010-07-09 13:57 155995 ----a-w- c:\windows\java\Packages\GD3H3XJB.ZIP
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\Y2RXZZ5B.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\K8CIEX77.DAT
2010-07-09 13:57 . 2010-07-09 13:57 2678 ----a-w- c:\windows\java\Packages\Data\0CI5RTN7.DAT
2010-07-09 13:55 . 2010-07-09 13:55 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:33 . 2002-09-20 16:04 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2002-09-20 15:41 1851904 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-05 462104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-07-09 917504]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-03 997042]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-03 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HybridTM_A]
2006-05-16 09:05 118784 ----a-w- c:\program files\HybridTM_IR(A)\RC620_A.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
2001-11-09 06:47 356352 ----a-w- c:\program files\FSC\Wireless Wheel Mouse\Mouse32A.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2003-06-03 23:32 163840 ----a-w- c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [23.8.2010 18:00 6656]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.8.2010 10:41 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9.7.2010 16:05 39424]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [4.3.2009 14:42 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [4.3.2009 14:42 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [4.3.2009 14:42 566296]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.8.2010 10:41 65576]
R3 TridDev;USB Hybrid TV Device (TM6000);c:\windows\system32\drivers\Triddev.sys [18.5.2006 11:51 3584]
R3 TridVid;USB Hybrid TV Receiver (TM6000);c:\windows\system32\drivers\TridVid.sys [18.5.2006 11:51 169600]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [23.8.2010 18:00 28672]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [4.3.2009 14:42 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9.7.2010 18:32 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [4.3.2009 14:42 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [4.3.2009 14:42 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [4.3.2009 14:42 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [4.3.2009 14:42 566296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Jarda\Plocha\PROGRAMY\everest-uee-4.10.1091-reg\kerneld.wnt [11.7.2010 16:02 21104]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [1.3.2010 9:43 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [1.3.2010 9:43 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [1.3.2010 9:43 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [1.3.2010 9:43 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [1.3.2010 9:43 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [1.3.2010 9:43 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [1.3.2010 9:43 123504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.7.2010 17:24 685816]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PROCEXP100
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
LSP: imon.dll
TCP: {82FA26CE-5887-4BD6-B231-43A97305DBE5} = 192.168.2.133,217.197.144.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Web Translator - c:\windows\XXLGS\UN32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 10:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Jarda\Plocha\PROGRAMY\everest-uee-4.10.1091-reg\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B56F7CE57344A96751A63E01E8EBFA6584644448B882E01EF053F84CC60A3D21C8B19A6E1AEAD915093295547E97E8B87AEE2FEF6A4DD4EC8AF07893BC59E3D868391E1BCF77241202EEFA21CBB6AFE2C1848146D9FB3B0F27877906228676BB2AE98120910D3FD86DE7E98CFA649C1F48F860020442952114D6E38D5CFE4DE8D508903AD4F27526328C36432EE20F6CB005C0DFD1F97803CE7EF217C5D35141E7C0EB247E93277D683104F27814FB8FD0C46D1FA6A00ED88B85B511ABBB006812A00AA1EAFDC7A3DE0C4C4EE2806A8DB4398503D6D4130B33541172500F6EC7B79A3176E865DD241539DF0BE754F8B21AC57B54AADC59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933A9C6AECB7A5D140721DB9DC9EE3F0DA1F6CF48FB592A398ADBA246B8215C12BC83982063BA984A9FBE36759D281A05D5773CF377F87B1291400757E263F536AFF429FBFDE9EB09AC63E4852B9048DA62926F89F9282A321C86075B5F1D5E56F12A54D33C672EEAFD34213F3A777E13DA2BDE4770C43738727274F85EDD83C922E8EA5732945B9CA9955A7B62AFE3D6E868B5CC183398E3F38B583A643A48087439F017C8D6637354313175920F16EF4737529C84DC361B101E6E0CC74B02B02CE7A08A3C19A665BAF5794C0DEF2250C6C447A11CAAEDE54C3AA54035AD7A842487E48C9D48FD8CAB16BE03E6B28E894B04DAA7990F90F14334A08B2E00F06A4C6D5E5A535534290B88BD818A3852D54F2D87DE8B7AE20FA024B788836A966C253162181436091CCF85E81334E8DA905C3C7C5B56E71E3326667732DD1311B647B1F8C96CE5AE6F048D646776AC86B793ED9B95AED06EF62A9B9DEC3A28F91DDA0F5EDB3FE04B4B48DF8A11B7752AF12AC6FC6B20B4769694271EFCE6D861949D2E841C3F28FA7F5006E708B1348D06E78EE81B891A4AF36330A00A89DAC7B764388EBB76C24DFE62473FA7F1DEEC5F28CFDE491D84F313A6A4022497E524C3141BD45341394460D9B206305972F70E5DD8907FE303ED9E06B4CF3BDEB7DF9A2688E4DBD01AD6DF261B64439F6AD246093E66AA35A22C613854CF25FC8F58422A73FD34A97771DA4B17B96ACCCB956045D57919427992CC8D39771BE7B360E5C117179E23E471545FFE968E3F1DCCD73EBB98018D1E79F66463723AE5EC3ED0A36F55C16D7EAA740EF1408128E877CB334FC6F96DAAAE183290218414062B76993E182706DFE4859752B1748EBC8A01F9B23A008B41F38B82C5175FE051D6ED81086E3EC22C59F4CCC596014B2BEDDF794EDC746805FBD4F0CA1B949122606E50181DD94C0838D797B6D0210CCC7DF22ECB4D9BD61CF117AEAA2ACFBB52E05709F7"
"OODEFRAG12.00.00.01PROFESSIONAL"="50A074CE98E1C7750EC97E8BFE36FEA22DA3C9A1E19384C1ABD291D56D7161E2603B63592699B619A58B03FAB3399300D1CCAA7C04FB1ACB7FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933A9C6AECB7A5D1407ADB90CB2A1AD28AC1D017255B0D155C43180CB8C43693764D1B96CE87C8DF899192CF42A4A0DFAF064931CD97E8F5B46007B09C1038D1A5AD9113D281411D2374957916512CC757067A2BDBFDE7D9FA37261739CCBA47BD8C43B0C841785B5A1DEFE3EEDFCFD7B9BF8DBEA63562B90B1ABEEF97144DB7139A822BE65ED5502D57D56F960556A5736EB5F5E38AEDC8119D052ADA65594F52A99A163C7C2A07DA6CB076C6F248DB5561AC4F6C4758CA8558BAFC737AEE4EAAD3408A73C06B64FBB76AE5DDEBC162A6A5F1736A2F96521B90A1DA2B342161399959BE166EA22050FAC5C3908306727AF1DD1408053C867687D253C3E45A594166193877F671A8D6F22179159599888BB3868611F59C960DB9BC8380FB144FB23BC9AB6D2360FBE808ED61B54D2F689F598C086D62AB24FDF9D78DCEF48D8381154D22E4158A2CF38AD0A2E0C7C01CD982BB54011267FE115C11E16C1077C9C0655CED1BE102C5E613F0F48AB7B695936DF14C64CF2DF2572C8917176387DE1FB7318A95464B46A9B863D0A7038981530AB1EF21BF9398ABDF9A42396E3DAA1BF6529E19DA07C57D7CBDDB82BDDAA50BF098AC222E7A3E8951D98023D574C5B756472C94AD3F56E5F592C3E405D6EBAEFF281D79EAD6CFBEA81258798A6BB7490B0D7D59F51C5DCCA015AA42BE9E7EA20692478DB8093E08078F5D36DA744B15B8B329D75B0C7310A148C1FF67C4E598572818F3D5A4D9AF1D6A82A91F2B9C074BC4DDCB84C0C61DFEBDC82C5518CE3A696A1A8B877020FA977D0EFF0E8A1AE4D0EE8F4E8C251C462E35746CD68424B5F617D765A594F88E93676B10BA9B371AACE38671A7991987D5BFD0957844436E0E403D03EC48437C676939D729CDE5F2851645D7594767D6E35458ABEAF19AD2DB415AE97C3A72BA99C1785CEEAC3B2326C0A24B6825DF549DA16AFF6B5FC1E9D6A89B0AC236F5B4E93E462DC04B98C8A7B37A82EEF59EC74B5CD028426DD59DB212916587349A3C548534E6999486F48DBF181C0D0B12DAA38BCAE81D5E016697B3447080BD640F62C2D8758A1AD43D2F0B165655CE0E77A5429859A5D5DEB1A1DDACCBD816AD596B531712356DBD26AA0E02FAA0E14B0C7014B7C1016DDD915AEC3D310350E68B4DD9413D135764E9FD661E02E242F80473BD0AB39A3A23F56DB0830A9C67EE4B122FB170781D9485881861DA5A147B485825ACFFD682063ACD7B7D6499B2A18C084044C73409239"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-09-22 10:43:32
ComboFix-quarantined-files.txt 2010-09-22 08:43

Před spuštěním: Volných bajtů: 29 713 854 464
Po spuštění: Volných bajtů: 29 698 478 080

- - End Of File - - DD44BFFFCCE444BD79416610EC6C886C

Takže virustotal vše bez nálezu?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

vlož ještě nový log z HJT+ info , zda jsou nějaké problémy.

vše ok, dík moc