Prosim o konrolu logu Vyřešeno

[Horis]

Mam tam asi vir nejde mi zvuk ale zvuky os mi jdou pak to restartuji a je to v poho takhle se mi to stane klidne i 4 dene


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:08, on 10.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Genius\ioCentre\GMouseService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tomas\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15187
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 6027 bytes

[Reklama]

[bledulka]

Ahoj,

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[Horis]

ComboFix 11-01-21.03 - Vlastník 22.01.2011 11:24:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.930 [GMT 1:00]
Spuštěný z: g:\antivir\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vlastník\Data aplikací\Desktopicon
c:\documents and settings\Vlastník\Data aplikací\Desktopicon\eBay.ico
c:\documents and settings\Vlastník\Data aplikací\Desktopicon\uninst.exe
c:\program files\c
c:\program files\c\awe3b5\hunkusage.dat
c:\program files\c\awe3b5\iw_gorefx.iwd
c:\program files\c\awe3b5\players\Tomas\config_mp.cfg
c:\program files\c\awe3b5\www.aAd-clan.com2.iwd
c:\program files\c\awe3b5\z_foced_auto_assign.iwd
c:\program files\c\awe3b5\zzz_all_rifles_v1.5.iwd
c:\program files\c\awe3b5\zzz_compass.iwd
c:\program files\c\awe3b5\zzz_messages.iwd
c:\program files\c\cod.bmp
c:\program files\c\CoD2MP_s.exe
c:\program files\c\CoD2SP_s.exe
c:\program files\c\codlogo.bmp
c:\program files\c\Docs\license.txt
c:\program files\c\Docs\TechHelp\_borders\left.htm
c:\program files\c\Docs\TechHelp\_borders\side_ie.css
c:\program files\c\Docs\TechHelp\_borders\style_ie.css
c:\program files\c\Docs\TechHelp\_borders\top.htm
c:\program files\c\Docs\TechHelp\_borders\top_files\atvi.jpg
c:\program files\c\Docs\TechHelp\_borders\top_files\filelist.xml
c:\program files\c\Docs\TechHelp\_borders\top_files\image001.gif
c:\program files\c\Docs\TechHelp\_borders\top_files\image002.png
c:\program files\c\Docs\TechHelp\_borders\top_files\image004.png
c:\program files\c\Docs\TechHelp\_borders\top_files\oledata.mso
c:\program files\c\Docs\TechHelp\Compatibility\msr.htm
c:\program files\c\Docs\TechHelp\Credits\credits.htm
c:\program files\c\Docs\TechHelp\Default.htm
c:\program files\c\Docs\TechHelp\images\3by3.gif
c:\program files\c\Docs\TechHelp\images\Activision.jpg
c:\program files\c\Docs\TechHelp\images\ATVIsmall.jpg
c:\program files\c\Docs\TechHelp\images\ATVIsmall_invert.jpg
c:\program files\c\Docs\TechHelp\images\cod2.gif
c:\program files\c\Docs\TechHelp\images\IW.jpg
c:\program files\c\Docs\TechHelp\images\redstripe.jpg
c:\program files\c\Docs\TechHelp\index.htm
c:\program files\c\Docs\TechHelp\Manual\manual_UK.pdf
c:\program files\c\Docs\TechHelp\Readme\readme.txt
c:\program files\c\Docs\TechHelp\Tech Help\Customer Support\Customer_support.htm
c:\program files\c\Docs\TechHelp\Tech Help\Default.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\Audio_Problems.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\autoplay.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\dedicated_serv.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\DirectX.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\Electronic_Registration.htm
c:\program files\c\Docs\TechHelp\Tech Help\Information\Updates_and_or_Patches.htm
c:\program files\c\gameparty10\gp1.iwd.tmp
c:\program files\c\gfx_d3d_mp_x86_s.dll
c:\program files\c\gfx_d3d_x86_s.dll
c:\program files\c\localization.txt
c:\program files\c\main\games_mp.log
c:\program files\c\main\hunkusage.dat
c:\program files\c\main\iw_00.iwd
c:\program files\c\main\iw_01.iwd
c:\program files\c\main\iw_02.iwd
c:\program files\c\main\iw_03.iwd
c:\program files\c\main\iw_04.iwd
c:\program files\c\main\iw_05.iwd
c:\program files\c\main\iw_06.iwd
c:\program files\c\main\iw_07.iwd
c:\program files\c\main\iw_08.iwd
c:\program files\c\main\iw_09.iwd
c:\program files\c\main\iw_10.iwd
c:\program files\c\main\iw_11.iwd
c:\program files\c\main\iw_12.iwd
c:\program files\c\main\iw_13.iwd
c:\program files\c\main\iw_14.iwd
c:\program files\c\main\localized_english_iw00.iwd
c:\program files\c\main\localized_english_iw01.iwd
c:\program files\c\main\localized_english_iw02.iwd
c:\program files\c\main\localized_english_iw03.iwd
c:\program files\c\main\localized_english_iw04.iwd
c:\program files\c\main\localized_english_iw05.iwd
c:\program files\c\main\localized_english_iw06.iwd
c:\program files\c\main\localized_english_iw07.iwd
c:\program files\c\main\localized_english_iw08.iwd
c:\program files\c\main\localized_english_iw09.iwd
c:\program files\c\main\localized_english_iw10.iwd
c:\program files\c\main\localized_english_iw11.iwd
c:\program files\c\main\localized_english_iw12.iwd
c:\program files\c\main\players\active.txt
c:\program files\c\main\players\Tomas\config.cfg
c:\program files\c\main\players\Tomas\config_mp.cfg
c:\program files\c\main\players\Tomas\save\88ridge.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge-1.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge-2.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge-3.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge-4.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\88ridge.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-0.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-1.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-10.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-2.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-3.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-4.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-5.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-6.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-7.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-8.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-9.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\beltot.svg
c:\program files\c\main\players\Tomas\save\autosave\cityhall-1.svg
c:\program files\c\main\players\Tomas\save\autosave\cityhall-2.svg
c:\program files\c\main\players\Tomas\save\autosave\cityhall-3.svg
c:\program files\c\main\players\Tomas\save\autosave\cityhall-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\cityhall.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-1.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-10.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-11.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-12.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-13.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-2.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-3.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-4.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-5.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-6.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-7.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-8.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-9.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\crossroads.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-2.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-3.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-4.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-5.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-6.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-7.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-8.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-9.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytown.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-1.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-10.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-11.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-12.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-13.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-14.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-15.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-16.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-2.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-3.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-4.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-5.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-6.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-7.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-8.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-9.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\decoytrenches.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-0.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-1.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-2.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-4.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-5.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-7.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\demolition.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-1.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-10.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-2.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-3.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-4.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-5.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-7.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_assault.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-1.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-2.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-3.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-4.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-5.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-6.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\downtown_sniper.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-10.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-11.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-12.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-13.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-14.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-15.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-16.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-17.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-2.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-3.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-4.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-5.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-6.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-7.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-8.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-9.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_assault.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-1.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-10.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-11.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-12.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-13.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-14.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-2.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-3.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-4.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-5.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-6.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-7.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-8.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-9.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\duhoc_defend.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-1.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-10.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-11.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-12.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-13.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-14.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-2.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-3.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-4.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-5.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-6.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-7.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-8.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-9.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\elalamein.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-1.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-10.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-2.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-3.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-4.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-5.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-6.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-7.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-8.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-9.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\eldaba.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-1.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-2.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-3.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-4.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-5.svg
c:\program files\c\main\players\Tomas\save\autosave\libya-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\libya.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-1.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-2.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-3.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-4.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-5.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-6.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-7.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-8.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-9.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\matmata.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-1.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-10.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-11.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-12.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-13.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-14.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-15.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-16.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-17.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-18.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-2.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-3.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-4.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-5.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-6.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-7.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-8.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-9.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\moscow.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-1.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-2.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-3.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-4.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-5.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-6.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers-7.svg
c:\program files\c\main\players\Tomas\save\autosave\newvillers.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-1.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-10.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-11.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-12.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-13.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-14.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-15.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-16.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-17.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-18.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-19.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-2.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-20.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-21.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-22.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-23.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-24.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-25.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-26.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-27.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-28.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-29.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-3.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-30.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-31.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-32.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-4.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-5.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-6.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-7.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-8.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-9.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\silotown_assault.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-1.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-10.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-11.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-12.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-13.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-14.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-15.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-16.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-17.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-18.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-19.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-2.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-20.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-21.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-22.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-23.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-3.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-4.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-5.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-6.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-7.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-8.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-9.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\tankhunt.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-1.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-10.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-11.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-12.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-13.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-14.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-2.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-3.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-4.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-5.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-6.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-7.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-8.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-9.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-1.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-10.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-2.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-3.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-4.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-5.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-6.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-7.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-8.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-9.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\toujane_ride.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-1.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-10.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-11.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-12.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-13.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-14.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-15.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-16.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-17.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-18.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-19.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-2.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-20.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-21.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-3.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-4.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-5.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-6.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-7.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-8.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-9.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard-levelend.svg
c:\program files\c\main\players\Tomas\save\autosave\trainyard.svg
c:\program files\c\main\players\Tomas\save\beltot.svg
c:\program files\c\main\players\Tomas\save\cityhall.svg
c:\program files\c\main\players\Tomas\save\crossroads.svg
c:\program files\c\main\players\Tomas\save\decoytown.svg
c:\program files\c\main\players\Tomas\save\decoytrenches.svg
c:\program files\c\main\players\Tomas\save\demolition.svg
c:\program files\c\main\players\Tomas\save\downtown_assault.svg
c:\program files\c\main\players\Tomas\save\downtown_sniper.svg
c:\program files\c\main\players\Tomas\save\duhoc_assault.svg
c:\program files\c\main\players\Tomas\save\duhoc_defend.svg
c:\program files\c\main\players\Tomas\save\elalamein.svg
c:\program files\c\main\players\Tomas\save\eldaba.svg
c:\program files\c\main\players\Tomas\save\libya.svg
c:\program files\c\main\players\Tomas\save\matmata.svg
c:\program files\c\main\players\Tomas\save\moscow.svg
c:\program files\c\main\players\Tomas\save\newvillers.svg
c:\program files\c\main\players\Tomas\save\silotown_assault.svg
c:\program files\c\main\players\Tomas\save\tankhunt.svg
c:\program files\c\main\players\Tomas\save\toujane.svg
c:\program files\c\main\players\Tomas\save\toujane_ride.svg
c:\program files\c\main\players\Tomas\save\trainyard.svg
c:\program files\c\main\screenshots\shot0000.jpg
c:\program files\c\main\screenshots\shot0001.jpg
c:\program files\c\main\screenshots\shot0002.jpg
c:\program files\c\main\zzz_nodustmod_v2.iwd
c:\program files\c\miles\mssa3d.m3d
c:\program files\c\miles\mssds3d.m3d
c:\program files\c\miles\mssdsp.flt
c:\program files\c\miles\mssdx7.m3d
c:\program files\c\miles\msseax.m3d
c:\program files\c\miles\mssmp3.asi
c:\program files\c\miles\mssrsx.m3d
c:\program files\c\miles\msssoft.m3d
c:\program files\c\miles\mssvoice.asi
c:\program files\c\mod\c1.iwd
c:\program files\c\mod\gu-all-rifle.iwd
c:\program files\c\mod\hunkusage.dat
c:\program files\c\mod\players\Tomas\config_mp.cfg
c:\program files\c\mod\zzz_nodust.iwd
c:\program files\c\mss32.dll
c:\program files\c\servercache.dat
c:\windows\daemon.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-06 19:25 . 2011-01-06 19:25 -------- d-----w- c:\documents and settings\Vlastník\Local Settings\Data aplikací\Opera
2011-01-06 19:25 . 2011-01-06 19:25 -------- d-----w- c:\program files\Opera
2010-12-31 12:38 . 2010-12-31 12:38 -------- d--h--r- c:\documents and settings\Vlastník\Data aplikací\SecuROM
2010-12-31 12:38 . 2010-12-31 12:38 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\Disney Interactive Studios
2010-12-31 12:25 . 2010-12-31 12:25 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\InstallShield
2010-12-27 14:14 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-27 14:14 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-12-27 14:14 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-27 14:14 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-10-19 18:25 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-04-05 12:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-04-05 12:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-04-05 12:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-04-05 12:28 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-04-05 12:28 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-04-05 12:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-04-05 12:28 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-04-05 12:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 12:38 . 2009-05-27 11:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-23 10:17 . 2010-08-14 16:09 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-23 10:15 . 2010-08-14 16:08 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-23 10:15 . 2010-08-14 16:08 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 18:15 . 2009-04-02 20:33 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 06:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:25 . 2008-04-14 06:52 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2009-06-17 19:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2008-04-14 06:52 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 2008-04-14 06:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2008-04-14 05:50 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-04-14 05:45 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 17:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"AceGain LiveUpdate"="c:\program files\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [N/A]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Age of Empires IImoje\\empires2.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfVietnam.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.8.2010 18:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.8.2010 18:09 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2009 13:28 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2009 13:28 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.4.2009 19:21 247096]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.12.2009 14:14 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.3.2010 18:47 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.3.2010 18:47 8320]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2011-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 13:09]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 13:14]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 13:14]

2011-01-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 17:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://open-articles.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {42AE1014-A732-4D5C-9C4F-658DC57A9CDA} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\p36w2a2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2832595&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: InnoGames International Community Toolbar: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - %profile%\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-Vista Sidebar - c:\program files\Vista Sidebar\sidebar.exe
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NiwradSoft Welcome - c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
AddRemove-Counter-strike 1.6 CZ - c:\program files\Valve\Odinstalovat CZ.exe
AddRemove-eBay Icon - c:\documents and settings\Vlastník\Data aplikací\Desktopicon\uninst.exe
AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - c:\program files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 11:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AceGain\LiveUpdate\aceagent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-01-22 11:45:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-22 10:45

Před spuštěním: Volných bajtů: 43 867 242 496
Po spuštění: Volných bajtů: 44 275 081 216

- - End Of File - - C0F93EC1B6B2ABD9D6687B7BC3EBD867
tady to je

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Ask.com
c:\program files\Winamp Toolbar
c:\program files\SweetIM
c:\program files\ICQ6Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Driver::
ICQ Service

File::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Firefox::
FF - ProfilePath - c:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\p36w2a2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2832595&q=
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: InnoGames International Community Toolbar: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - %profile%\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Horis]

tady je ten log:
ComboFix 11-08-10.01 - Tomas 10.08.2011 21:50:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1040 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\steam.exe
c:\windows\system32\VIRepair
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-10 do 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 14:50 . 2004-08-17 13:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-08-10 14:50 . 2004-08-17 13:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-08-09 17:56 . 2011-08-09 17:56 -------- d-----w- c:\program files\Realtek AC97
2011-08-09 17:28 . 2011-08-09 17:28 -------- d-----w- c:\program files\Lavalys
2011-08-09 11:44 . 2006-11-17 03:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-08-09 07:18 . 2011-08-09 07:18 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-09 07:17 . 2011-08-09 07:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-04 10:27 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-04 10:17 . 2011-08-04 11:48 -------- d-----w- c:\program files\Activision
2011-08-02 21:16 . 2011-08-10 20:00 -------- d-----w- c:\program files\The KMPlayer
2011-07-31 10:50 . 2011-07-31 10:50 -------- d-----r- C:\MSOCache
2011-07-27 07:44 . 2011-07-27 07:48 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-07-26 16:02 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-26 16:02 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-26 16:02 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-26 16:02 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-26 16:02 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-26 16:02 . 2011-07-26 16:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-26 16:02 . 2011-07-26 16:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-25 01:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-25 01:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-25 01:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-25 01:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-25 01:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-25 01:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- C:\b090cd3fc7295379d3
2011-07-25 01:22 . 2011-07-25 01:22 -------- d-----w- c:\program files\MSXML 6.0
2011-07-24 20:23 . 2011-07-26 13:33 -------- d-----w- c:\program files\Common Files\Steam
2011-07-24 20:23 . 2011-08-10 20:02 -------- d-----w- c:\program files\Steam
2011-07-24 09:33 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-24 09:33 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-24 09:33 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 09:33 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-24 09:33 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-24 09:33 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-24 09:33 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-24 09:33 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-24 09:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 09:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-24 09:33 . 2011-07-24 09:33 -------- d-----w- c:\program files\AVAST Software
2011-07-24 09:16 . 2006-11-17 03:40 18804736 ------w- c:\windows\system32\SET7E.tmp
2011-07-23 14:17 . 2011-08-10 15:20 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-23 14:17 . 2011-08-10 15:18 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-23 14:17 . 2011-08-10 15:18 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-23 14:17 . 2011-08-05 12:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-21 18:56 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-07-21 18:56 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-21 18:56 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-07-21 16:58 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-21 16:58 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-07-21 16:57 . 2011-07-21 16:57 -------- d-----w- c:\windows\Logs
2011-07-21 16:14 . 2011-07-21 16:14 -------- d-----w- c:\program files\Turbine
2011-07-20 16:27 . 2011-07-20 16:27 -------- d-----w- c:\program files\Pando Networks
2011-07-19 07:21 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-18 17:46 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-07-18 17:46 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-07-18 17:45 . 2011-08-04 10:05 -------- d-----w- c:\program files\VstPlugins
2011-07-18 17:45 . 2011-07-18 17:45 -------- d-----w- c:\program files\Outsim
2011-07-18 17:43 . 2011-08-04 10:06 -------- d-----w- c:\program files\Image-Line
2011-07-17 20:49 . 2011-07-17 20:49 -------- d-----w- c:\program files\Windows Media Connect 2
2011-07-17 18:08 . 2011-07-17 18:08 -------- d-----w- c:\program files\ICQ6Toolbar
2011-07-17 18:07 . 2011-07-17 18:09 -------- d-----w- c:\program files\ICQ7.5
2011-07-17 12:44 . 2011-07-17 12:44 -------- d-----w- c:\program files\YoWindow
2011-07-16 18:28 . 2011-07-16 18:28 -------- d-----w- c:\windows\system32\KB905474
2011-07-16 18:20 . 2011-07-16 18:20 -------- d-----w- c:\windows\ServicePackFiles
2011-07-16 18:10 . 2011-07-17 12:35 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-16 09:00 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-16 09:00 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-16 09:00 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-16 09:00 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-16 08:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-16 08:55 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-16 08:51 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-16 08:51 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-15 20:58 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-15 10:38 . 2011-08-10 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 10:22 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-07-15 10:22 . 2004-08-17 15:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-15 10:21 . 2004-08-03 23:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2011-07-15 10:21 . 2001-08-17 20:11 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2011-07-15 10:21 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-07-15 10:21 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2011-07-15 10:21 . 2004-08-03 23:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2011-07-15 10:18 . 2011-07-24 20:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2011-07-15 10:18 . 2011-07-15 08:37 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2011-07-15 09:04 . 2011-07-15 09:04 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-15 09:02 . 2008-05-11 23:08 32768 ----a-w- c:\windows\system\VRAIDlog.dll
2011-07-15 09:01 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-07-15 09:01 . 2004-08-03 21:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-07-15 09:01 . 2004-08-03 21:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-07-15 09:01 . 2004-08-03 21:07 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2011-07-15 09:01 . 2004-08-03 21:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-07-15 09:01 . 2001-08-17 20:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-07-15 09:01 . 2004-08-03 20:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2011-07-15 09:01 . 2004-08-03 20:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2011-07-15 09:01 . 2004-08-03 21:07 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2011-07-15 09:01 . 2004-08-03 21:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-07-15 09:01 . 2004-08-03 21:07 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2011-07-15 09:01 . 2004-08-03 21:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-07-15 08:59 . 2007-09-20 08:43 331184 ------w- c:\windows\system32\difxapi.dll
2011-07-15 08:58 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-07-15 08:55 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-07-15 08:55 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-07-15 08:54 . 2011-07-15 08:54 -------- d-----w- C:\Genius
2011-07-15 08:41 . 2011-07-15 08:41 -------- d-----w- c:\program files\Driver-Soft
2011-07-15 08:37 . 2011-08-10 20:04 -------- d-----w- c:\documents and settings\Tomas
2011-07-15 08:35 . 2011-07-15 08:35 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-07-15 08:35 . 2011-07-15 08:35 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-07-15 08:33 . 2001-10-24 10:25 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-07-15 08:33 . 2001-10-24 10:25 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-07-15 08:33 . 2001-10-24 10:25 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-15 08:33 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-07-15 08:33 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-07-15 08:33 . 2001-10-24 10:24 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-07-15 08:33 . 2004-08-17 13:49 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2011-07-15 08:33 . 2001-10-25 14:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2011-07-15 08:33 . 2001-10-25 14:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-07-15 08:33 . 2001-10-25 14:00 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-07-15 08:33 . 2004-08-17 13:49 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2011-07-15 08:33 . 2001-10-25 14:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-07-15 08:31 . 2001-10-25 14:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-07-15 08:28 . 2001-10-25 14:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2011-07-15 08:28 . 2001-10-25 14:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2011-07-15 08:28 . 2001-10-25 14:00 7168 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2011-07-15 08:28 . 2001-10-25 14:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 08:14 . 2004-07-17 09:36 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-05-27 13:15 . 2011-05-27 13:15 688128 ----a-w- c:\windows\system32\yowindow.scr
2011-07-08 07:29 . 2011-08-03 19:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [BU]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-20 3077528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2010-03-05 2375392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:3156e7b6
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfVietnam.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\h0ris\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2647:TCP"= 2647:TCP:evfmt
"56361:TCP"= 56361:TCP:Pando Media Booster
"56361:UDP"= 56361:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.7.2011 11:33 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.7.2011 11:33 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.8.2011 9:18 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.7.2011 11:33 19544]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [15.7.2011 10:55 12288]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [15.7.2011 11:02 52888]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.12.2009 15:14 133104]
S2 pmygxfxtx;wfmqdi;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S2 quqjbv;lwdxsmgx;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S3 cpuz134;cpuz134;\??\c:\docume~1\Tomas\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Tomas\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [15.7.2011 10:55 20480]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [15.7.2011 10:55 11520]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.12.2009 15:14 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pmygxfxtx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 13:14]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 13:14]
.
2011-08-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-16 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15187
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.174.1
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\fonsrreb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Steam - c:\program files\Steam\steam.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 22:07
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?y\SuperOvl
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmygxfxtx]
"ServiceDll"="c:\windows\system32\xpwho.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\quqjbv]
"ServiceDll"="c:\windows\system32\xpwho.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-10 22:13:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-10 20:13
ComboFix2.txt 2011-01-22 10:45
.
Před spuštěním: 8 876 429 312
Po spuštění: Volných bajtů: 10 811 953 152
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CEBEBE89675EA67B50EE184D0ECA9B5B

[memphisto]

WTF? To je úplně jiný log

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\SET7E.tmp
c:\windows\ativpsrm.bin
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\xpwho.dll

Folder::
c:\program files\ICQ6Toolbar

Driver::
Evfmt
xpwho
pmygxfxtx
quqjbv
cpuz134

NetSvcs::
pmygxfxtx
quqjbv

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2647:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmygxfxtx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\quqjbv]

DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=15187


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Horis]

toty mi vybehlo po ukonceni combofixu udal jsem to an carku presne podel vas:

ComboFix 11-08-10.03 - Tomas 11.08.2011 10:58:33.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1183 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-11 do 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-10 14:50 . 2004-08-17 13:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-08-10 14:50 . 2004-08-17 13:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-08-09 17:56 . 2011-08-09 17:56 -------- d-----w- c:\program files\Realtek AC97
2011-08-09 17:28 . 2011-08-09 17:28 -------- d-----w- c:\program files\Lavalys
2011-08-09 11:44 . 2006-11-17 03:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2011-08-09 07:18 . 2011-08-09 07:18 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-09 07:17 . 2011-08-09 07:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-04 10:27 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-04 10:17 . 2011-08-04 11:48 -------- d-----w- c:\program files\Activision
2011-08-02 21:16 . 2011-08-10 20:33 -------- d-----w- c:\program files\The KMPlayer
2011-07-31 10:50 . 2011-07-31 10:50 -------- d-----r- C:\MSOCache
2011-07-27 07:44 . 2011-07-27 07:48 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-07-26 16:02 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-26 16:02 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-26 16:02 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-26 16:02 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-26 16:02 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-26 16:02 . 2011-07-26 16:02 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-26 16:02 . 2011-07-26 16:02 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-25 01:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-25 01:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-25 01:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-25 01:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-25 01:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-25 01:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-25 01:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-25 01:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-25 01:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- C:\b090cd3fc7295379d3
2011-07-25 01:22 . 2011-07-25 01:22 -------- d-----w- c:\program files\MSXML 6.0
2011-07-24 20:23 . 2011-07-26 13:33 -------- d-----w- c:\program files\Common Files\Steam
2011-07-24 20:23 . 2011-08-10 20:02 -------- d-----w- c:\program files\Steam
2011-07-24 09:33 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-24 09:33 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-24 09:33 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 09:33 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-24 09:33 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-24 09:33 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-24 09:33 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-24 09:33 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-24 09:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 09:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-24 09:33 . 2011-07-24 09:33 -------- d-----w- c:\program files\AVAST Software
2011-07-24 09:16 . 2006-11-17 03:40 18804736 ------w- c:\windows\system32\SET7E.tmp
2011-07-23 14:17 . 2011-08-11 07:49 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-23 14:17 . 2011-08-11 07:49 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-23 14:17 . 2011-08-11 07:49 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-23 14:17 . 2011-08-05 12:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-21 18:56 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-07-21 18:56 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-21 18:56 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-07-21 16:58 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-21 16:58 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-07-21 16:57 . 2011-07-21 16:57 -------- d-----w- c:\windows\Logs
2011-07-21 16:14 . 2011-07-21 16:14 -------- d-----w- c:\program files\Turbine
2011-07-20 16:27 . 2011-07-20 16:27 -------- d-----w- c:\program files\Pando Networks
2011-07-19 07:21 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-18 17:46 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-07-18 17:46 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-07-18 17:45 . 2011-08-04 10:05 -------- d-----w- c:\program files\VstPlugins
2011-07-18 17:45 . 2011-07-18 17:45 -------- d-----w- c:\program files\Outsim
2011-07-18 17:43 . 2011-08-04 10:06 -------- d-----w- c:\program files\Image-Line
2011-07-18 13:39 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-07-17 20:49 . 2011-07-17 20:49 -------- d-----w- c:\program files\Windows Media Connect 2
2011-07-17 18:07 . 2011-07-17 18:09 -------- d-----w- c:\program files\ICQ7.5
2011-07-17 12:44 . 2011-07-17 12:44 -------- d-----w- c:\program files\YoWindow
2011-07-16 18:28 . 2011-07-16 18:28 -------- d-----w- c:\windows\system32\KB905474
2011-07-16 18:20 . 2011-07-16 18:20 -------- d-----w- c:\windows\ServicePackFiles
2011-07-16 18:10 . 2011-07-17 12:35 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-16 09:00 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-16 09:00 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-16 09:00 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-16 09:00 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-16 08:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-16 08:55 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-16 08:51 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-16 08:51 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-15 20:58 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-15 10:38 . 2011-08-10 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 10:22 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-07-15 10:22 . 2004-08-17 15:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-15 10:21 . 2004-08-03 23:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2011-07-15 10:21 . 2001-08-17 20:11 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2011-07-15 10:21 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-07-15 10:21 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2011-07-15 10:21 . 2004-08-03 23:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2011-07-15 10:18 . 2011-07-24 20:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2011-07-15 10:18 . 2011-07-15 08:37 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2011-07-15 09:04 . 2011-07-15 09:04 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-15 09:02 . 2008-05-11 23:08 32768 ----a-w- c:\windows\system\VRAIDlog.dll
2011-07-15 09:00 . 2004-08-03 21:15 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2011-07-15 08:59 . 2007-09-20 08:43 331184 ------w- c:\windows\system32\difxapi.dll
2011-07-15 08:58 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-07-15 08:55 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-07-15 08:55 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-07-15 08:54 . 2011-07-15 08:54 -------- d-----w- C:\Genius
2011-07-15 08:41 . 2011-07-15 08:41 -------- d-----w- c:\program files\Driver-Soft
2011-07-15 08:37 . 2011-08-10 20:04 -------- d-----w- c:\documents and settings\Tomas
2011-07-15 08:35 . 2011-07-15 08:35 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-07-15 08:35 . 2011-07-15 08:35 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-07-15 08:32 . 2004-08-17 13:49 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-07-15 08:31 . 2001-10-25 14:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-07-15 08:28 . 2001-10-25 14:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2011-07-15 08:28 . 2001-10-25 14:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2011-07-15 08:28 . 2001-10-25 14:00 7168 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2011-07-15 08:28 . 2001-10-25 14:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
2011-07-15 08:28 . 2001-10-25 14:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2011-07-15 08:28 . 2001-10-25 14:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-07-15 08:28 . 2001-10-25 14:00 11264 ----a-w- c:\windows\system32\atrace.dll
2011-07-15 08:28 . 2001-10-25 14:00 47104 -c--a-w- c:\windows\system32\dllcache\srdiag.exe
2011-07-15 08:28 . 2001-10-25 14:00 12288 -c--a-w- c:\windows\system32\dllcache\nmevtmsg.dll
2011-07-15 08:28 . 2001-10-25 14:00 12288 ----a-w- c:\windows\system32\nmevtmsg.dll
2011-07-15 08:26 . 2004-08-17 13:49 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-07-15 08:25 . 2001-10-25 14:00 80896 -c--a-w- c:\windows\system32\dllcache\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 08:14 . 2004-07-17 09:36 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-05-27 13:15 . 2011-05-27 13:15 688128 ----a-w- c:\windows\system32\yowindow.scr
2011-07-08 07:29 . 2011-08-03 19:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-10_20.07.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2011-08-10 19:06 71060 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-08-11 08:57 71060 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-08-10 19:06 82372 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-11 08:57 82372 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-08-11 08:57 441124 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-08-10 19:06 441124 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2011-08-11 08:57 437940 c:\windows\system32\perfh005.dat
- 2001-10-25 14:00 . 2011-08-10 19:06 437940 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [BU]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-20 3077528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2010-03-05 2375392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:3156e7b6
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfVietnam.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\h0ris\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2647:TCP"= 2647:TCP:evfmt
"56361:TCP"= 56361:TCP:Pando Media Booster
"56361:UDP"= 56361:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.7.2011 11:33 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.7.2011 11:33 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.8.2011 9:18 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.7.2011 11:33 19544]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [15.7.2011 10:55 12288]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [15.7.2011 11:02 52888]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.12.2009 15:14 133104]
S2 pmygxfxtx;wfmqdi;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S2 quqjbv;lwdxsmgx;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S3 cpuz134;cpuz134;\??\c:\docume~1\Tomas\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Tomas\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [15.7.2011 10:55 20480]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [15.7.2011 10:55 11520]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.12.2009 15:14 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pmygxfxtx
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-16 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15187
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.174.1
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\fonsrreb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 11:11
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?y\SuperOvl
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmygxfxtx]
"ServiceDll"="c:\windows\system32\xpwho.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\quqjbv]
"ServiceDll"="c:\windows\system32\xpwho.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-11 11:16:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-11 09:16
ComboFix2.txt 2011-01-22 10:45
.
Před spuštěním: Volných bajtů: 10 862 403 584
Po spuštění: Volných bajtů: 10 853 208 064
.
- - End Of File - - D7F73D0AA0EC073B49E4513329A0EF76

[Horis]

log z hijack this:


Scan saved at 11:19:00, on 11.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Genius\ioCentre\GMouseService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tomas\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15187
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 5048 bytes

[jaro3]

zopakuj si ten script s tímto ( je třeba zkopírovat myší celý text!!!, je tam posuvník):

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\xpwho.dll
c:\windows\system32\SET7E.tmp
c:\windows\ativpsrm.bin

Driver::
evfmt
pmygxfxtx
quqjbv
cpuz134
pmygxfxtx
xpwho

NetSvcs::
pmygxfxtx

DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=15187

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\quqjbv]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"ServiceDll"="c:\windows\system32\xpwho.dll"47:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmygxfxtx]
"ServiceDll"="c:\windows\system32\xpwho.dll"


[Horis]

hned to dodam ja vym zeje tam posuvnik nejsem blbej

[jaro3]

nejprve:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15187
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)

Pak ten script v Combofixu.