HiJackThis-kontrola Vyřešeno

[horca31]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:06, on 5.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
c:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\HiJackThis.exe

[Reklama]

[jaro3]

Ten log není celý , chybí Ti tam nejmíň půlka....

[horca31]

prosím o kontrolu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:29, on 8.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\HiJackThis.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4601\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IEPR] c:\TempImages\IEPR.exe
O4 - HKCU\..\Run: [iOmem] c:\TempImages\iOmem101.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={2B29DA0B-8E55-4B01-AAD1-950558546201}; .NET CLR 1.1.4322)" -"http://www.superhryonline.net/zahraj-si-online-hru/zavodni/203-formula-fog.php"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ClocX.lnk = C:\Program Files\ClocX\ClocX.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ClocX.lnk = C:\Program Files\ClocX\ClocX.exe (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE (User 'Default user')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: ClocX.lnk = C:\Program Files\ClocX\ClocX.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/35.06/uploader2.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42764D17-109C-47FE-9498-8B4CE18A15F8}: NameServer = 192.168.11.1,80.78.144.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

--
End of file - 18064 bytes

[jaro3]

Odinstaluj:
AskBar
speedapps Toolbar
ICQToolBar


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×ȤąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Zítra.

[horca31]

Udělal jsem jak jsi řekl,zde výsledek logu


Malwarebytes' Anti-Malware 1.34
Verze databáze: 1828
Windows 5.1.2600 Service Pack 3

9.3.2009 9:06:43
mbam-log-2009-03-09 (09-06-11)èistìní

Typ skenu: Rychlý sken
Objektu skenováno: 183904
Uplynulý cas: 15 minute(s), 1 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 6
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 15

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEPR (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iOmem (Trojan.Agent) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sfxzmtsmtspm.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtforum.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtsmt.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtsmtspm.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtwbmail.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z M?bAM.

Poté vypnui rez. ochranu u Avastu.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[horca31]

ZDE JE MBAM LOG

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1828
Windows 5.1.2600 Service Pack 3

9.3.2009 13:15:40
mbam-log-2009-03-09 (13-15-40).txt

Typ skenu: Rychlý sken
Objektu skenováno: 140378
Uplynulý cas: 6 minute(s), 25 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 6
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 15

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEPR (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iOmem (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> Delete on reboot.

[horca31]

zde log Combofix

ComboFix 09-03-06.02 - Jirka 2009-03-09 13:54:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.216 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090308-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\paars.ini
c:\windows\system32\taskmgr.com
c:\windows\system32\wincom32.ini
c:\windows\system32\zlbw.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINCOM32
-------\Service_wincom32


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-09 do 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 14:04 . 2009-03-09 14:04 53,248 --a------ c:\temp\catchme.dll
2009-03-09 14:02 . 2009-03-09 14:02 <DIR> d-------- c:\temp\WPDNSE
2009-03-09 13:25 . 2009-03-09 13:25 <DIR> d-------- c:\temp\_avast4_
2009-03-09 12:57 . 2009-03-09 13:49 <DIR> d-------- c:\temp\__SkypeIEToolbar_Cache
2009-03-09 09:27 . 2009-03-09 14:03 <DIR> d-------- c:\temp\nsz20.tmp
2009-03-09 09:27 . 2009-03-09 14:03 <DIR> d-------- c:\temp\nse21.tmp
2009-03-09 09:15 . 2009-03-09 09:15 <DIR> d-------- c:\program files\Unlocker odinst. programů
2009-03-09 09:15 . 2009-03-09 09:15 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Desktopicon
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware čistění pc
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-09 08:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 08:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 18:58 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER029d.dir00
2009-03-05 07:29 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER2ec1.dir00
2009-02-23 19:41 . 2009-02-23 19:42 <DIR> d-------- c:\program files\FLVPlayer4Free
2009-02-22 10:44 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER1d21.dir00
2009-02-22 10:17 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER4a97.dir00
2009-02-22 10:17 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER48f7.dir00
2009-02-21 15:12 . 2009-03-09 06:39 <DIR> d-------- c:\program files\DNA
2009-02-21 15:12 . 2009-03-09 13:23 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\DNA
2009-02-18 17:44 . 2009-02-18 17:46 <DIR> d-------- c:\temp\{8CAE6A33-93D0-41C0-AF95-DDE1F5EE0872}
2009-02-18 17:44 . 2009-03-08 19:03 <DIR> d-------- c:\program files\ICQ6.5
2009-02-18 17:13 . 2009-02-18 18:27 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-18 17:13 . 2009-02-18 17:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-02-18 17:10 . 2009-02-18 17:13 <DIR> d-------- c:\temp\{D58E56BD-4506-48C8-8DE8-72B070BC0017}
2009-02-18 14:21 . 2009-02-18 14:21 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\program files\TeamViewer3
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\TeamViewer
2009-02-17 20:02 . 2009-02-17 20:02 <DIR> d-------- c:\documents and settings\Jirka\temp
2009-02-13 15:46 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WERc597.dir00
2009-02-13 15:46 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WERc4f0.dir00
2009-02-13 15:46 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WERc404.dir00
2009-02-13 15:46 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER1bd7.dir00
2009-02-13 15:46 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER1b0f.dir00
2009-02-13 15:45 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER3b94.dir00
2009-02-13 15:45 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER2f2a.dir00
2009-02-13 15:45 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER2b18.dir00
2009-02-13 15:45 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WER26c4.dir00
2009-02-11 19:05 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WERfb82.dir00
2009-02-11 19:05 . 2009-03-09 14:03 <DIR> d-------- c:\temp\WERe7d2.dir00
2009-02-11 18:12 . 2009-03-09 14:03 <DIR> d-------- c:\temp\is-KNOQM.tmp
2009-02-11 18:12 . 2009-03-09 14:03 <DIR> d-------- c:\temp\is-F96H3.tmp
2009-02-10 14:46 . 2009-02-10 14:46 <DIR> d-------- c:\temp\tmp10

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 -c--a-r c:\windows\system32\KAMENAK.scr
2009-03-09 12:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 12:22 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Skype
2009-03-09 11:58 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-09 09:37 --------- d-----w c:\program files\CCleaner
2009-03-09 07:28 --------- d-----w c:\program files\speedapps
2009-03-09 05:50 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Hamachi
2009-03-08 19:51 --------- d-----w c:\documents and settings\Jirka\Data aplikací\ICQ
2009-03-08 17:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-06 18:54 --------- d-----w c:\program files\USARadioNow
2009-03-06 18:54 --------- d-----w c:\program files\forumswatcher.com
2009-03-05 11:44 --------- d-----w c:\program files\SearchIn1Step
2009-02-27 19:13 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Xfire
2009-02-24 18:23 --------- d-----w c:\program files\MediaCell Video Converter
2009-02-18 17:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-18 16:13 --------- d-----w c:\program files\ICQLite
2009-02-18 16:12 --------- d-----w c:\program files\ICQ6
2009-02-15 13:18 --------- d-----w c:\program files\GamePark
2009-02-15 13:14 --------- d-----w c:\program files\Metin2_TESTER
2009-02-11 20:00 --------- d-----w c:\documents and settings\Jirka\Data aplikací\gtk-2.0
2009-02-11 19:59 --------- d-----w c:\program files\Avidemux 2.4
2009-02-11 19:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\SearchIn1Step
2009-02-04 09:43 --------- d-----w c:\program files\Vietcong2
2009-01-26 17:19 --------- d-----w c:\program files\EA SPORTS
2009-01-24 15:29 --------- d-----w c:\program files\QuickMediaConverter
2009-01-23 17:05 --------- d-----w c:\program files\AskBarDis
2009-01-23 17:04 --------- d-----w c:\program files\OneClick Mobile Video Converter
2009-01-23 17:03 --------- d-----w c:\program files\Conduit
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-09 19:19 --------- d-----w c:\program files\Ashampoo
2009-01-09 19:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\ashampoo
2008-12-26 21:24 921,632 ----a-w C:\PA7302.DAT
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 09:08 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-10 08:57 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2008-12-10 08:57 17,212 -c--atw c:\windows\system32\SIntf32.dll
2008-12-10 08:57 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-10 08:27 94,208 ----a-w c:\windows\DIIUnin.exe
2008-12-10 08:27 2,829 -c--a-w c:\windows\DIIUnin.pif
2008-08-17 20:04 43,720 ----a-w c:\documents and settings\Jirka\Data aplikací\GDIPFONTCACHEV1.DAT
2007-08-20 12:36 5,184,554 -c--a-w c:\program files\pits.jr2
2007-08-03 19:25 435 ----a-w c:\program files\pomoc na viry - HiJackThis.lnk
2007-01-17 16:13 50,030 -c--a-w c:\program files\Uninstal.exe
2008-10-13 11:23 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101320081014\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\program files\speedapps\tbspee.dll" [2008-08-20 1780248]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2009-03-06 1883672]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2009-03-06 1883672]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-30 16:18 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2009-03-06 19:54 1883672 --a------ c:\program files\forumswatcher.com\tbfor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2009-03-06 19:54 1883672 --a------ c:\program files\USARadioNow\tbUSA1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
2008-08-20 23:03 1780248 --a------ c:\program files\speedapps\tbspee.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\program files\speedapps\tbspee.dll" [2008-08-20 1780248]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2009-03-06 1883672]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2009-03-06 1883672]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2009-03-06 1883672]
"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"= "c:\program files\speedapps\tbspee.dll" [2008-08-20 1780248]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2009-03-06 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-10-30 333192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer WLAN 11g USB Dongle.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer WLAN 11g USB Dongle.lnk
backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^ClocX.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\ClocX.lnk
backup=c:\windows\pss\ClocX.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
--a------ 2006-06-09 12:24 110592 c:\program files\Acer\Acer eMode Management\AspireService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-02-21 15:12 318272 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-10 22:56 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-10 22:56 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-02-11 10:19 399504 c:\program files\Malwarebytes' Anti-Malware čistění pc\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
--a------ 2006-05-04 14:55 425984 c:\program files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 18:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-03-29 21:50 143360 c:\program files\Acer TV-FM\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2005-03-24 13:52 94770 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-12-02 10:02 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker odinst. programů\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Documents and Settings\\Jirka\\Plocha\\FIFA08.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50215:TCP"= 50215:TCP:*:Disabled:SolidNetworkManager
"50215:UDP"= 50215:UDP:*:Disabled:SolidNetworkManager
"53160:TCP"= 53160:TCP:*:Disabled:SolidNetworkManager
"53160:UDP"= 53160:UDP:*:Disabled:SolidNetworkManager
"38639:TCP"= 38639:TCP:*:Disabled:SolidNetworkManager
"38639:UDP"= 38639:UDP:*:Disabled:SolidNetworkManager
"31872:TCP"= 31872:TCP:*:Disabled:SolidNetworkManager
"31872:UDP"= 31872:UDP:*:Disabled:SolidNetworkManager
"15233:TCP"= 15233:TCP:BitComet 15233 TCP
"15233:UDP"= 15233:UDP:BitComet 15233 UDP
"30455:TCP"= 30455:TCP:*:Disabled:SolidNetworkManager
"30455:UDP"= 30455:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 111184]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-03-16 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-03-16 72496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-18 20560]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-09-10 457984]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-01-01 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-01-01 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-01-01 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-01-01 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-01-01 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d3adb0-b394-11dc-9850-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8768e2a3-b4b1-11dc-9852-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{decfe94b-b315-11dc-984f-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-03-08 c:\windows\Tasks\Norton Security Scan for Jirka.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={2B29DA0B-8E55-4B01-AAD1-950558546201}; .NET


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.74\AMVConverter\grab.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.04\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.74\MediaManager\grab.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\update
Trusted Zone: stahuj.cz
TCP: {42764D17-109C-47FE-9498-8B4CE18A15F8} = 192.168.11.1,80.78.144.6
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 14:04:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0344F07E-345E-96FF-EA41-291D1C9A2246}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iangnembjlncegdben"=hex:6a,61,69,69,67,62,70,66,69,6d,66,68,66,70,61,62,6f,70,
6c,6c,00,00
"hahadfhjonghldlf"=hex:6a,61,6a,69,6e,61,6f,6a,61,61,63,69,69,6b,62,68,65,61,
61,68,00,00

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3AEE9093-85CB-0C41-5019-F8A3188F12E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandgncghmkpmkdeim"=hex:6a,61,6a,61,65,62,6f,6e,70,67,66,6c,70,6f,6b,61,69,70,
6f,66,00,00
"haphieaifakolama"=hex:69,61,6e,61,6a,67,64,6d,68,6d,69,6e,66,6e,6e,70,66,6a,
00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
c:\program files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe
c:\program files\TeamViewer3\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2009-03-09 14:09:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-09 13:08:57

Před spuštěním: Volných bajtů: 10 987 380 736
Po spuštění: Volných bajtů: 14,212,440,064

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

391 --- E O F --- 2009-02-25 11:28:05

[jaro3]

Máš tam zbytky po Symantec..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

@echo off
sc stop Nss
sc delete Nss
exit

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FixServices.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Poklepej na soubor FixServices.bat . Okno se otevře a zavře, to je normální.
Restart PC.
*****************************************************************************************************************************************
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\temp\WER*.dir00
c:\temp\nsz20.tmp
c:\temp\nse21.tmp
c:\temp\is-KNOQM.tmp
c:\temp\is-F96H3.tmp
c:\windows\Tasks\Norton Security Scan for Jirka.job
c:\program files\Norton Security Scan\Nss.exe
c:\program files\AskBarDis\bar\bin\askBar1.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\temp\{8CAE6A33-93D0-41C0-AF95-DDE1F5EE0872}
c:\temp\{D58E56BD-4506-48C8-8DE8-72B070BC0017}

Folder::
c:\program files\Norton Security Scan
c:\program files\SearchIn1Step
c:\program files\AskBarDis


Registry::
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
[-HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[-HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
[-HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[-HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= -
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
[-HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
[-HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\program files\Uninstal.exe
Vlož sem pak odkaz výsledku.

[horca31]

OT Movelt -výsledek
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\temp\WER029d.dir00 moved successfully.
c:\temp\WER1b0f.dir00 moved successfully.
c:\temp\WER1b25.dir00 moved successfully.
c:\temp\WER1bb9.dir00 moved successfully.
c:\temp\WER1bd7.dir00 moved successfully.
c:\temp\WER1d21.dir00 moved successfully.
c:\temp\WER26c4.dir00 moved successfully.
c:\temp\WER2b18.dir00 moved successfully.
c:\temp\WER2d04.dir00 moved successfully.
c:\temp\WER2ec1.dir00 moved successfully.
c:\temp\WER2f2a.dir00 moved successfully.
c:\temp\WER3b94.dir00 moved successfully.
c:\temp\WER48f7.dir00 moved successfully.
c:\temp\WER4a97.dir00 moved successfully.
c:\temp\WER5190.dir00 moved successfully.
c:\temp\WER51a3.dir00 moved successfully.
c:\temp\WER5342.dir00 moved successfully.
c:\temp\WER5564.dir00 moved successfully.
c:\temp\WER5957.dir00 moved successfully.
c:\temp\WER5bc3.dir00 moved successfully.
c:\temp\WER5d1e.dir00 moved successfully.
c:\temp\WER5fe3.dir00 moved successfully.
c:\temp\WER5ffc.dir00 moved successfully.
c:\temp\WER606e.dir00 moved successfully.
c:\temp\WER6655.dir00 moved successfully.
c:\temp\WER6a78.dir00 moved successfully.
c:\temp\WER6b4b.dir00 moved successfully.
c:\temp\WER6d20.dir00 moved successfully.
c:\temp\WER7026.dir00 moved successfully.
c:\temp\WER75c8.dir00 moved successfully.
c:\temp\WER834e.dir00 moved successfully.
c:\temp\WER84ab.dir00 moved successfully.
c:\temp\WER8ac7.dir00 moved successfully.
c:\temp\WER8fe3.dir00 moved successfully.
c:\temp\WER9ab1.dir00 moved successfully.
c:\temp\WERa0bd.dir00 moved successfully.
c:\temp\WERb706.dir00 moved successfully.
c:\temp\WERc404.dir00 moved successfully.
c:\temp\WERc4f0.dir00 moved successfully.
c:\temp\WERc597.dir00 moved successfully.
c:\temp\WERd05a.dir00 moved successfully.
c:\temp\WERd10e.dir00 moved successfully.
c:\temp\WERd1a6.dir00 moved successfully.
c:\temp\WERd671.dir00 moved successfully.
c:\temp\WERe7d2.dir00 moved successfully.
c:\temp\WERe912.dir00 moved successfully.
c:\temp\WERea59.dir00 moved successfully.
c:\temp\WEReda6.dir00 moved successfully.
c:\temp\WERee0a.dir00 moved successfully.
c:\temp\WERfb82.dir00 moved successfully.
c:\temp\nsz20.tmp moved successfully.
c:\temp\nse21.tmp moved successfully.
c:\temp\is-KNOQM.tmp\_isetup moved successfully.
c:\temp\is-KNOQM.tmp moved successfully.
c:\temp\is-F96H3.tmp moved successfully.
c:\windows\Tasks\Norton Security Scan for Jirka.job moved successfully.
c:\program files\Norton Security Scan\Nss.exe moved successfully.
c:\program files\AskBarDis\bar\bin\askBar1.dll unregistered successfully.
c:\program files\AskBarDis\bar\bin\askBar1.dll moved successfully.
========== COMMANDS ==========
File delete failed. c:\Temp\~DFAEFC.tmp scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DFE694.tmp scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DFE6E8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETDCC3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_470.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_580.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_tDmoM4cdo0bMW6M scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_074116

Files moved on Reboot...
c:\Temp\~DFAEFC.tmp moved successfully.
File c:\Temp\~DFE694.tmp not found!
File c:\Temp\~DFE6E8.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\JETDCC3.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_470.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_580.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_618.dat moved successfully.
File C:\WINDOWS\temp\sqlite_tDmoM4cdo0bMW6M not found!


ComboFix

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\temp\WER029d.dir00 moved successfully.
c:\temp\WER1b0f.dir00 moved successfully.
c:\temp\WER1b25.dir00 moved successfully.
c:\temp\WER1bb9.dir00 moved successfully.
c:\temp\WER1bd7.dir00 moved successfully.
c:\temp\WER1d21.dir00 moved successfully.
c:\temp\WER26c4.dir00 moved successfully.
c:\temp\WER2b18.dir00 moved successfully.
c:\temp\WER2d04.dir00 moved successfully.
c:\temp\WER2ec1.dir00 moved successfully.
c:\temp\WER2f2a.dir00 moved successfully.
c:\temp\WER3b94.dir00 moved successfully.
c:\temp\WER48f7.dir00 moved successfully.
c:\temp\WER4a97.dir00 moved successfully.
c:\temp\WER5190.dir00 moved successfully.
c:\temp\WER51a3.dir00 moved successfully.
c:\temp\WER5342.dir00 moved successfully.
c:\temp\WER5564.dir00 moved successfully.
c:\temp\WER5957.dir00 moved successfully.
c:\temp\WER5bc3.dir00 moved successfully.
c:\temp\WER5d1e.dir00 moved successfully.
c:\temp\WER5fe3.dir00 moved successfully.
c:\temp\WER5ffc.dir00 moved successfully.
c:\temp\WER606e.dir00 moved successfully.
c:\temp\WER6655.dir00 moved successfully.
c:\temp\WER6a78.dir00 moved successfully.
c:\temp\WER6b4b.dir00 moved successfully.
c:\temp\WER6d20.dir00 moved successfully.
c:\temp\WER7026.dir00 moved successfully.
c:\temp\WER75c8.dir00 moved successfully.
c:\temp\WER834e.dir00 moved successfully.
c:\temp\WER84ab.dir00 moved successfully.
c:\temp\WER8ac7.dir00 moved successfully.
c:\temp\WER8fe3.dir00 moved successfully.
c:\temp\WER9ab1.dir00 moved successfully.
c:\temp\WERa0bd.dir00 moved successfully.
c:\temp\WERb706.dir00 moved successfully.
c:\temp\WERc404.dir00 moved successfully.
c:\temp\WERc4f0.dir00 moved successfully.
c:\temp\WERc597.dir00 moved successfully.
c:\temp\WERd05a.dir00 moved successfully.
c:\temp\WERd10e.dir00 moved successfully.
c:\temp\WERd1a6.dir00 moved successfully.
c:\temp\WERd671.dir00 moved successfully.
c:\temp\WERe7d2.dir00 moved successfully.
c:\temp\WERe912.dir00 moved successfully.
c:\temp\WERea59.dir00 moved successfully.
c:\temp\WEReda6.dir00 moved successfully.
c:\temp\WERee0a.dir00 moved successfully.
c:\temp\WERfb82.dir00 moved successfully.
c:\temp\nsz20.tmp moved successfully.
c:\temp\nse21.tmp moved successfully.
c:\temp\is-KNOQM.tmp\_isetup moved successfully.
c:\temp\is-KNOQM.tmp moved successfully.
c:\temp\is-F96H3.tmp moved successfully.
c:\windows\Tasks\Norton Security Scan for Jirka.job moved successfully.
c:\program files\Norton Security Scan\Nss.exe moved successfully.
c:\program files\AskBarDis\bar\bin\askBar1.dll unregistered successfully.
c:\program files\AskBarDis\bar\bin\askBar1.dll moved successfully.
========== COMMANDS ==========
File delete failed. c:\Temp\~DFAEFC.tmp scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DFE694.tmp scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DFE6E8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETDCC3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_470.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_580.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_tDmoM4cdo0bMW6M scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_074116

Files moved on Reboot...
c:\Temp\~DFAEFC.tmp moved successfully.
File c:\Temp\~DFE694.tmp not found!
File c:\Temp\~DFE6E8.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\JETDCC3.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_470.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_580.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_618.dat moved successfully.
File C:\WINDOWS\temp\sqlite_tDmoM4cdo0bMW6M not found!

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:16, on 10.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4601\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE (User 'Default user')
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\TEMP\{5AB2A97A-0378-47B1-9D6F-8185FB731FD2}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/35.06/uploader2.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42764D17-109C-47FE-9498-8B4CE18A15F8}: NameServer = 192.168.11.1,80.78.144.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

--
End of file - 11023 bytes

Virustotal
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.03.10 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 -
Authentium 5.1.0.4 2009.03.09 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.09 -
BitDefender 7.2 2009.03.10 -
CAT-QuickHeal 10.00 2009.03.09 -
ClamAV 0.94.1 2009.03.10 -
Comodo 1039 2009.03.09 -
DrWeb 4.44.0.09170 2009.03.10 -
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.09 -
F-Secure 8.0.14470.0 2009.03.10 -
Fortinet 3.117.0.0 2009.03.10 -
GData 19 2009.03.10 -
Ikarus T3.1.1.45.0 2009.03.10 -
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.10 -
McAfee 5548 2009.03.09 -
McAfee+Artemis 5548 2009.03.09 -
Microsoft 1.4405 2009.03.10 -
NOD32 3922 2009.03.09 -
Norman 6.00.06 2009.03.09 -
nProtect 2009.1.8.0 2009.03.10 -
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.10 -
Rising 21.20.10.00 2009.03.10 -
SecureWeb-Gateway 6.7.6 2009.03.09 -
Sophos 4.39.0 2009.03.10 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.10 -
TheHacker 6.3.3.0.278 2009.03.10 -
TrendMicro 8.700.0.1004 2009.03.10 -
VBA32 3.12.10.1 2009.03.10 -
ViRobot 2009.3.10.1642 2009.03.10 -
VirusBuster 4.5.11.0 2009.03.09 -
Rozšiřující informace
File size: 50030 bytes
MD5...: cbcd6efb5dae90ed0ca2cd289ee54d20
SHA1..: 453dbcab138cd139f11040434b76be090f139933
SHA256: 6eda53d541182237a831966e1039f903e7a987807c066dcc50fb6d1c2de0d208
SHA512: d929327d935a211527f1422402fa7686f38f2dcb076b332d63747bcd255715d2
7ddcedf57ca1e00d07dd44566968a432b8f7da1ff991a6961e12b0e66ba813f6
ssdeep: 768:yuwpjhKuCfAqgRgPLF4OiG2+e99Z3vjLtI1CZ0POugqcv1F7fo:lIgPLeG2+
e9rLWHPlfcNxo

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (62.7%)
Win32 Executable Generic (14.1%)
Win32 Dynamic Link Library (generic) (12.6%)
Win32 Executable MS Visual FoxPro 7 (3.7%)
Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x34a3
timedatestamp.....: 0x3caa052c (Tue Apr 02 19:23:24 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x59e0 0x6000 6.37 4b5c0f8271192563df1b32aa1a75557e
.rdata 0x7000 0xdb6 0x1000 4.86 9f84d171226835f6209d1e1006cc3952
.data 0x8000 0x2ca4 0x3000 0.69 041d37e1e8616ba1be2d41c10d106188
.rsrc 0xb000 0x620 0x1000 1.43 532c28634c63331447f94288b23040dd

( 6 imports )
> KERNEL32.dll: lstrlenA, GetModuleFileNameA, SetCurrentDirectoryA, CreateProcessA, FreeLibrary, CloseHandle, SetFilePointer, WriteFile, GetWindowsDirectoryA, GetSystemDirectoryA, GetVersionExA, LoadLibraryA, GetProcAddress, GetShortPathNameA, CreateFileA, GetFileAttributesA, RemoveDirectoryA, SetFileAttributesA, LCMapStringA, MultiByteToWideChar, RtlUnwind, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetOEMCP, GetACP, GetLastError, ReadFile, HeapReAlloc, VirtualAlloc, HeapCreate, HeapDestroy, VirtualFree, GetStringTypeW, GetStringTypeA, LCMapStringW, HeapCompact, HeapAlloc, HeapFree, GetCPInfo, DeleteFileA, GetModuleHandleA, ExitProcess, TerminateProcess, GetCurrentProcess, GetVersion, GetStartupInfoA, GetCommandLineA, GetEnvironmentVariableA
> USER32.dll: GetWindow, GetSysColor, SendMessageA, DispatchMessageA, MessageBoxA, wsprintfA, SetDlgItemTextA, SetWindowTextA, EndDialog, DialogBoxParamA, DefWindowProcA, PostQuitMessage, RegisterClassA, LoadCursorA, LoadIconA, DestroyWindow, GetMessageA, CreateWindowExA
> GDI32.dll: CreateSolidBrush, CreateFontIndirectA, GetObjectA, SetBkColor, RemoveFontResourceA, GetStockObject, DeleteObject
> ADVAPI32.dll: RegOpenKeyExA, RegDeleteKeyA, RegCloseKey, RegDeleteValueA, RegSetValueExA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA
> ole32.dll: OleUninitialize, OleInitialize

( 0 exports )

[jaro3]

Dal jsi 2x log z OTMoveIt3! místo logu z CF.Tak bych ho rád viděl.

[horca31]

zde je Combofix

ComboFix 09-03-06.02 - Jirka 2009-03-10 7:56:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.192 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090309-0] *On-access scanning enabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\askPopStp1.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\011FF4DB
c:\program files\AskBarDis\bar\Cache\011FFAB7
c:\program files\AskBarDis\bar\Cache\012002A6.bin
c:\program files\AskBarDis\bar\Cache\0120067F.bin
c:\program files\AskBarDis\bar\Cache\01200B03.bin
c:\program files\AskBarDis\bar\Cache\01200C5B.bin
c:\program files\AskBarDis\bar\Cache\012012E3.bin
c:\program files\AskBarDis\bar\Cache\01202031.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\allowed
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\ccL70U.dll
c:\program files\Norton Security Scan\ccScanw.dll
c:\program files\Norton Security Scan\ccVrTrst.dll
c:\program files\Norton Security Scan\dec_abi.dll
c:\program files\Norton Security Scan\DefUtDCD.dll
c:\program files\Norton Security Scan\ecmldr32.dll
c:\program files\Norton Security Scan\help.htm
c:\program files\Norton Security Scan\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\msl.dll
c:\program files\Norton Security Scan\msvcp80.dll
c:\program files\Norton Security Scan\msvcr80.dll
c:\program files\Norton Security Scan\patch25d.dll
c:\program files\Norton Security Scan\SAUpdt.dll
c:\program files\Norton Security Scan\ScanCore.dll
c:\program files\Norton Security Scan\ScanRes.dll
c:\program files\Norton Security Scan\SKURes.dll
c:\program files\Norton Security Scan\SymHTML.dll
c:\program files\SearchIn1Step
c:\program files\SearchIn1Step\home.js
c:\program files\SearchIn1Step\readme.html
c:\program files\SearchIn1Step\searchin1.dll
c:\program files\SearchIn1Step\si1opt.exe
c:\program files\SearchIn1Step\uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-10 do 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 08:03 . 53,248 c:\temp\catchme.dll
2009-03-10 07:57 . 2009-03-10 07:57 <DIR> d-------- c:\temp\WPDNSE
2009-03-10 07:47 . 2009-03-10 07:52 <DIR> d-------- c:\temp\__SkypeIEToolbar_Cache
2009-03-10 07:44 . 2009-03-10 07:44 <DIR> d-------- c:\temp\_avast4_
2009-03-10 07:41 . 2009-03-10 07:41 <DIR> d-------- C:\_OTMoveIt
2009-03-10 07:40 . 2009-03-10 07:40 348,160 --a------ C:\OTMoveIt3 čištění pc 10 3 2009.exe
2009-03-09 09:15 . 2009-03-09 09:15 <DIR> d-------- c:\program files\Unlocker odinst. programů
2009-03-09 09:15 . 2009-03-09 09:15 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Desktopicon
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware čistění pc
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2009-03-09 08:47 . 2009-03-09 08:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-09 08:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 08:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 19:41 . 2009-02-23 19:42 <DIR> d-------- c:\program files\FLVPlayer4Free
2009-02-21 15:12 . 2009-03-09 06:39 <DIR> d-------- c:\program files\DNA
2009-02-21 15:12 . 2009-03-09 13:23 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\DNA
2009-02-18 17:44 . 2009-03-08 19:03 <DIR> d-------- c:\program files\ICQ6.5
2009-02-18 17:13 . 2009-02-18 18:27 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-18 17:13 . 2009-02-18 17:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-02-18 14:21 . 2009-02-18 14:21 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\TeamViewer
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\program files\TeamViewer3
2009-02-17 20:03 . 2009-02-17 20:03 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\TeamViewer
2009-02-17 20:02 . 2009-02-17 20:02 <DIR> d-------- c:\documents and settings\Jirka\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 -c--a-r c:\windows\system32\KAMENAK.scr
2009-03-10 06:47 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-09 18:36 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Skype
2009-03-09 12:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 09:37 --------- d-----w c:\program files\CCleaner
2009-03-09 07:28 --------- d-----w c:\program files\speedapps
2009-03-09 05:50 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Hamachi
2009-03-08 19:51 --------- d-----w c:\documents and settings\Jirka\Data aplikací\ICQ
2009-03-06 18:54 --------- d-----w c:\program files\USARadioNow
2009-03-06 18:54 --------- d-----w c:\program files\forumswatcher.com
2009-02-27 19:13 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Xfire
2009-02-24 18:23 --------- d-----w c:\program files\MediaCell Video Converter
2009-02-18 17:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-18 16:13 --------- d-----w c:\program files\ICQLite
2009-02-18 16:12 --------- d-----w c:\program files\ICQ6
2009-02-15 13:18 --------- d-----w c:\program files\GamePark
2009-02-15 13:14 --------- d-----w c:\program files\Metin2_TESTER
2009-02-11 20:00 --------- d-----w c:\documents and settings\Jirka\Data aplikací\gtk-2.0
2009-02-11 19:59 --------- d-----w c:\program files\Avidemux 2.4
2009-02-11 19:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\SearchIn1Step
2009-02-04 09:43 --------- d-----w c:\program files\Vietcong2
2009-01-26 17:19 --------- d-----w c:\program files\EA SPORTS
2009-01-24 15:29 --------- d-----w c:\program files\QuickMediaConverter
2009-01-23 17:04 --------- d-----w c:\program files\OneClick Mobile Video Converter
2009-01-23 17:03 --------- d-----w c:\program files\Conduit
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-26 21:24 921,632 ----a-w C:\PA7302.DAT
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 09:08 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-10 08:57 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2008-12-10 08:57 17,212 -c--atw c:\windows\system32\SIntf32.dll
2008-12-10 08:57 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-10 08:27 94,208 ----a-w c:\windows\DIIUnin.exe
2008-12-10 08:27 2,829 -c--a-w c:\windows\DIIUnin.pif
2008-08-17 20:04 43,720 ----a-w c:\documents and settings\Jirka\Data aplikací\GDIPFONTCACHEV1.DAT
2007-08-20 12:36 5,184,554 -c--a-w c:\program files\pits.jr2
2007-08-03 19:25 435 ----a-w c:\program files\pomoc na viry - HiJackThis.lnk
2007-01-17 16:13 50,030 -c--a-w c:\program files\Uninstal.exe
2008-10-13 11:23 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101320081014\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\temp\{8CAE6A33-93D0-41C0-AF95-DDE1F5EE0872} ----

c:\temp\{8CAE6A33-93D0-41C0-AF95-DDE1F5EE0872}\

---- Directory of c:\temp\{D58E56BD-4506-48C8-8DE8-72B070BC0017} ----

c:\temp\{D58E56BD-4506-48C8-8DE8-72B070BC0017}\


((((((((((((((((((((((((((((( SnapShot@2009-03-09_14.06.52.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-10 06:43:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_24c.dat
+ 2009-03-10 06:43:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_620.dat
+ 2009-03-10 06:43:38 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SiSPower"="SiSPower.dll" [2005-08-26 c:\windows\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer WLAN 11g USB Dongle.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer WLAN 11g USB Dongle.lnk
backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^ClocX.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\ClocX.lnk
backup=c:\windows\pss\ClocX.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
--a------ 2006-06-09 12:24 110592 c:\program files\Acer\Acer eMode Management\AspireService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-02-21 15:12 318272 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-10 22:56 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-10 22:56 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-02-11 10:19 399504 c:\program files\Malwarebytes' Anti-Malware čistění pc\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
--a------ 2006-05-04 14:55 425984 c:\program files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 18:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-03-29 21:50 143360 c:\program files\Acer TV-FM\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2005-03-24 13:52 94770 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-12-02 10:02 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker odinst. programů\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Documents and Settings\\Jirka\\Plocha\\FIFA08.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50215:TCP"= 50215:TCP:*:Disabled:SolidNetworkManager
"50215:UDP"= 50215:UDP:*:Disabled:SolidNetworkManager
"53160:TCP"= 53160:TCP:*:Disabled:SolidNetworkManager
"53160:UDP"= 53160:UDP:*:Disabled:SolidNetworkManager
"38639:TCP"= 38639:TCP:*:Disabled:SolidNetworkManager
"38639:UDP"= 38639:UDP:*:Disabled:SolidNetworkManager
"31872:TCP"= 31872:TCP:*:Disabled:SolidNetworkManager
"31872:UDP"= 31872:UDP:*:Disabled:SolidNetworkManager
"15233:TCP"= 15233:TCP:BitComet 15233 TCP
"15233:UDP"= 15233:UDP:BitComet 15233 UDP
"30455:TCP"= 30455:TCP:*:Disabled:SolidNetworkManager
"30455:UDP"= 30455:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 111184]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-03-16 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-03-16 72496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-18 20560]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-09-10 457984]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-01-01 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-01-01 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-01-01 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-01-01 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-01-01 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d3adb0-b394-11dc-9850-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8768e2a3-b4b1-11dc-9852-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{decfe94b-b315-11dc-984f-0016ecccc2db}]
\Shell\AutoRun\command - J:\start.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
URLSearchHooks-{50d0cd27-d4ef-4a21-917e-a1573771def4} - (no file)
URLSearchHooks-{669163c1-c4b9-46de-ad62-a0271d3a0a75} - (no file)
BHO-{50d0cd27-d4ef-4a21-917e-a1573771def4} - (no file)
BHO-{669163c1-c4b9-46de-ad62-a0271d3a0a75} - (no file)
BHO-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
Toolbar-{50d0cd27-d4ef-4a21-917e-a1573771def4} - (no file)
Toolbar-{669163c1-c4b9-46de-ad62-a0271d3a0a75} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{50D0CD27-D4EF-4A21-917E-A1573771DEF4} - (no file)
WebBrowser-{D9C9A8C9-460D-4343-888E-AE02BCC3CE57} - (no file)
WebBrowser-{669163C1-C4B9-46DE-AD62-A0271D3A0A75} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.74\AMVConverter\grab.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.04\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.74\MediaManager\grab.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\update
Trusted Zone: stahuj.cz
TCP: {42764D17-109C-47FE-9498-8B4CE18A15F8} = 192.168.11.1,80.78.144.6
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 08:03:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0344F07E-345E-96FF-EA41-291D1C9A2246}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iangnembjlncegdben"=hex:6a,61,69,69,67,62,70,66,69,6d,66,68,66,70,61,62,6f,70,
6c,6c,00,00
"hahadfhjonghldlf"=hex:6a,61,6a,69,6e,61,6f,6a,61,61,63,69,69,6b,62,68,65,61,
61,68,00,00

[HKEY_USERS\S-1-5-21-3151727940-1724118872-637169990-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3AEE9093-85CB-0C41-5019-F8A3188F12E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandgncghmkpmkdeim"=hex:6a,61,6a,61,65,62,6f,6e,70,67,66,6c,70,6f,6b,61,69,70,
6f,66,00,00
"haphieaifakolama"=hex:69,61,6e,61,6a,67,64,6d,68,6d,69,6e,66,6e,6e,70,66,6a,
00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-03-10 8:06:25
ComboFix-quarantined-files.txt 2009-03-10 07:06:20
ComboFix2.txt 2009-03-09 13:09:09

Před spuštěním: Volných bajtů: 14 732 984 320
Po spuštění: Volných bajtů: 14,715,105,280

346 --- E O F --- 2009-02-25 11:28:05