Prosím o kontrol, děkuji! Vyřešeno

[Riky]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:10, on 4.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {085DC8B2-91F1-4225-901E-1ABD470E04EC} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {58B66E6C-6BD0-4A32-AB5A-FD5751A18264} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {5CD80C75-C66F-41FF-A7F1-DFB0D8AF6CF1} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {633A7A4C-2FDA-4E36-BE03-7AFBBDDA4810} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {77BBDCB5-A7E9-4471-AC89-A18B9AB1CBA9} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {921B279B-9AF4-40AB-957A-5E02963A9377} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Sportplus - {A0663626-BAD7-4D52-B0F1-8D1E9324791A} - http://sportplus.centrum.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {B2BBA780-9DC2-4301-9D34-B8427FEEBE87} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {E4800C77-B498-4FA1-B035-B9CFB6752E2C} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {FF3EA5F8-AE39-4999-9253-F4624D2E0120} - http://www.bleskove.cz (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6567629796
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 12485 bytes

[Reklama]

[memphisto]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Riky]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6514

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.5.2011 19:02:29
mbam-log-2011-05-05 (19-02-16).txt

Typ kontroly: Rychlý test
Testované objekty: 192695
Uplynulý čas: 16 minut, 42 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 3
Infikované soubory: 41

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{CEF14066-D3D2-4AD0-A040-731A70476EA4} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CFF1F9DE-0153-41B7-A947-E5B146ED913F} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\TrustedProtection (Rogue.TrustedProtection) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\xppoliceantivirus (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\sounds (Rogue.XPPolice) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\d56v5a8b.exe.a_a (Trojan.Agent) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mdx_w95.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.rvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ceva_dll.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ceva_emu.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ceva_vfs.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ceva_vfs.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cookie.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cran.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\cran.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\emalware.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\e_spyw.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\e_spyw.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\gvmscripts.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\hpe.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\java.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mdx_97.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mdx_97.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mdx_x95.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mdx_xf.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\mobmalware.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\na.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\nelf.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\regarch.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\regscan.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\rup.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\sdx.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\sdx.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\unpack.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\unpack.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\vb0.dat (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\vb1.dat (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\vb2.dat (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ve.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\ve.ivd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\Plugins\vedata.cvd (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\sounds\alert.wav (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\sounds\click.wav (Rogue.XPPolice) -> No action taken.
c:\program files\xppoliceantivirus\sounds\fire.wav (Rogue.XPPolice) -> No action taken.

[Žbeky]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Riky]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6514

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.5.2011 19:34:43
mbam-log-2011-05-05 (19-34-43).txt

Typ kontroly: Rychlý test
Testované objekty: 192685
Uplynulý čas: 14 minut, 25 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 3
Infikované soubory: 41

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{CEF14066-D3D2-4AD0-A040-731A70476EA4} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CFF1F9DE-0153-41B7-A947-E5B146ED913F} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\xppoliceantivirus (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\sounds (Rogue.XPPolice) -> Quarantined and deleted successfully.

Infikované soubory:
c:\WINDOWS\system32\d56v5a8b.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mdx_w95.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cevakrnl.rvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ceva_dll.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ceva_emu.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ceva_vfs.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ceva_vfs.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cookie.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cran.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\cran.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\emalware.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\e_spyw.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\e_spyw.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\gvmscripts.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\hpe.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\java.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mdx_97.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mdx_97.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mdx_x95.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mdx_xf.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\mobmalware.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\na.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\nelf.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\regarch.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\regscan.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\rup.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\sdx.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\sdx.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\unpack.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\unpack.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\vb0.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\vb1.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\vb2.dat (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ve.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\ve.ivd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\Plugins\vedata.cvd (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\sounds\alert.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\sounds\click.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.
c:\program files\xppoliceantivirus\sounds\fire.wav (Rogue.XPPolice) -> Quarantined and deleted successfully.

[Riky]

ComboFix 11-05-04.04 - Owner 05.05.2011 19:55:27.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Data aplikací\PriceGong
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\daemon.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-05 do 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2011-05-05 16:41 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 16:41 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 18:35 . 2011-04-14 16:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-04 18:35 . 2011-04-14 16:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-04 18:35 . 2011-04-14 16:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-04 18:35 . 2011-04-14 16:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-04 18:35 . 2011-04-14 16:38 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-04 18:35 . 2011-04-14 16:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-04 18:35 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-04 18:35 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 16:29 . 2011-05-03 16:29 -------- d-----w- c:\documents and settings\Administrator.RIKY\Local Settings\Data aplikací\ATI
2011-05-03 16:29 . 2011-05-03 16:29 -------- d-----w- c:\documents and settings\Administrator.RIKY\Data aplikací\ATI
2011-05-03 16:04 . 2011-05-03 16:04 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2007-08-08 08:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2004-10-01 13:00 . 2007-08-10 22:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-04-14 16:38 . 2011-05-04 18:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PowerBar"="c:\documents and settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 928448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-11-02 1397760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-28 74752]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-5 333088]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [6.11.2007 18:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [6.11.2007 18:13 5248]
R1 atm;NettGain 1200 ATM;c:\windows\system32\drivers\ATM.sys [29.7.2008 17:31 233684]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 TSM;TSM Driver - Layered Version;c:\windows\system32\drivers\TSM.sys [29.7.2008 17:31 36413]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [24.9.2007 18:35 9728]
R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [15.8.2007 21:49 4832]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.3.2009 22:55 222456]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [15.8.2007 21:49 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [15.8.2007 21:49 6336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [8.8.2007 11:07 24576]
R3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [24.9.2007 18:35 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [24.9.2007 18:35 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [24.9.2007 18:35 95440]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [8.8.2007 11:07 1245056]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {0304E364-FEE3-41BF-AD2B-728DE103E197} = 62.141.0.1 213.162.65.1
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-American Conquest - c:\hry\American Conquest\uninstall.exe
AddRemove-Call of Duty - c:\hry\CALLOF~1\Uninstall\Unwise.exe
AddRemove-Delta Force 2 Demo - c:\documents and settings\owner\plocha\hry\delta force ii\Uninst.isu
AddRemove-GameSpy Arcade - c:\docume~1\Owner\Plocha\Hry\UNWISE.EXE
AddRemove-Midtown Madness Demo - c:\documents and settings\Owner\Plocha\Hry\UNINSTAL.EXE
AddRemove-Online Service Tool - c:\program files\Web Technologies\uninst.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-Sudoku - c:\program files\Sudoku\uninstall.exe
AddRemove-Vietcong - c:\program files\Vietcong\Uninstall.exe
AddRemove-Vypínač na dobrou noc_is1 - c:\documents and settings\Owner\Plocha\Vypínač na dobrou noc\unins000.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\q00n9i6q.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2068)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2011-05-05 20:10:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-05 18:10
.
Před spuštěním: Volných bajtů: 62 370 148 352
Po spuštění: Volných bajtů: 73 117 736 960
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 92A8AB99EC80537140EA3E547E8A9A6A

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Winamp Toolbar
c:\program files\uTorrentBar
c:\program files\ConduitEngine
c:\program files\ICQ6Toolbar

Driver::
ICQ Service

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Riky]

Jen malý dotaz, vždy po restartování se mi při startu objeví chybové hlášení: C:/Windows/daemon.dll error! Co s tím? Děkuji!


ComboFix 11-05-04.04 - Owner 05.05.2011 20:39:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.506 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-05 do 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2011-05-05 16:41 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 16:41 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 18:35 . 2011-04-14 16:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-04 18:35 . 2011-04-14 16:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-04 18:35 . 2011-04-14 16:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-04 18:35 . 2011-04-14 16:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-04 18:35 . 2011-04-14 16:38 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-04 18:35 . 2011-04-14 16:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-04 18:35 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-04 18:35 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 16:29 . 2011-05-03 16:29 -------- d-----w- c:\documents and settings\Administrator.RIKY\Local Settings\Data aplikací\ATI
2011-05-03 16:29 . 2011-05-03 16:29 -------- d-----w- c:\documents and settings\Administrator.RIKY\Data aplikací\ATI
2011-05-03 16:04 . 2011-05-03 16:04 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2007-08-08 08:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2004-10-01 13:00 . 2007-08-10 22:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-04-14 16:38 . 2011-05-04 18:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PowerBar"="c:\documents and settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 928448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-11-02 1397760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-28 74752]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-5 333088]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [6.11.2007 18:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [6.11.2007 18:13 5248]
R1 atm;NettGain 1200 ATM;c:\windows\system32\drivers\ATM.sys [29.7.2008 17:31 233684]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 TSM;TSM Driver - Layered Version;c:\windows\system32\drivers\TSM.sys [29.7.2008 17:31 36413]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [24.9.2007 18:35 9728]
R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [15.8.2007 21:49 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [15.8.2007 21:49 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [15.8.2007 21:49 6336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [8.8.2007 11:07 24576]
R3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [24.9.2007 18:35 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [24.9.2007 18:35 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [24.9.2007 18:35 95440]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [8.8.2007 11:07 1245056]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {0304E364-FEE3-41BF-AD2B-728DE103E197} = 62.141.0.1 213.162.65.1
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
.
**************************************************************************
.
Celkový čas: 2011-05-05 21:02:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-05 19:02
ComboFix2.txt 2011-05-05 18:10
.
Před spuštěním: Volných bajtů: 73 121 488 896
Po spuštění: Volných bajtů: 73 041 944 576
.
- - End Of File - - BF527D144EF5648E194E179231F664C3

[Žbeky]

Toto otestuj na Virustotal
C:\Qoobox\Quarantine\c\windows\daemon.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Riky]

Tak ta kontrola ve čtvrtek trvala přes hodinu, nakonec se mi to seklo a dostal jsem se sem až teď. Program DAEMONTools jsem smazal a nainstaloval znovu a funguje. Mohu poprosit o další instrukce? Děkuji!

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[Riky]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:14, on 9.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {085DC8B2-91F1-4225-901E-1ABD470E04EC} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {58B66E6C-6BD0-4A32-AB5A-FD5751A18264} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {5CD80C75-C66F-41FF-A7F1-DFB0D8AF6CF1} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {633A7A4C-2FDA-4E36-BE03-7AFBBDDA4810} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {77BBDCB5-A7E9-4471-AC89-A18B9AB1CBA9} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {921B279B-9AF4-40AB-957A-5E02963A9377} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Sportplus - {A0663626-BAD7-4D52-B0F1-8D1E9324791A} - http://sportplus.centrum.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {B2BBA780-9DC2-4301-9D34-B8427FEEBE87} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {E4800C77-B498-4FA1-B035-B9CFB6752E2C} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {FF3EA5F8-AE39-4999-9253-F4624D2E0120} - http://www.bleskove.cz (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6567629796
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 11197 bytes