Firewall windows - není možné ho nastavit (tvrdí win)* Vyřešeno

[zvada]

ak sa chcem dostat do nastavenia BRANY FIREWALL SYSTEM WINDOWS tak mi pocitac vyhodi hlasku:
Z DOVODU NEZNAMEHO PROBLEMU NEMOZE SYSTEM WINDOWS ZOBRAZIT NASTAVENIE BRANY FIREWALL WINDOWS..........
hmm co to znamena??co mam urobit aby to opat fungovalo??

[Reklama]

[memphisto]

Vlož sem log z programu HijackThis (návod na vytvoření logu mám v podpise)

[zvada]

ok,,je to tu::Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:15, on 11.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [mxClock] C:\Documents and Settings\b\Plocha\maydesign_mxclock_1.1.4\maydesign mxClock\mxClock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\b\Plocha\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

--
End of file - 11313 bytes

[memphisto]

Odinstaluj AskBar, Daemon Tool Toolbar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[zvada]

asi som vazne blba ale ten AskBar som nenasla hmm,,tu je ten druhy test:Malwarebytes' Anti-Malware 1.36
Verze databáze: 1945
Windows 5.1.2600 Service Pack 2

11.4.2009 23:35:45
mbam-log-2009-04-11 (23-35-45).txt

Typ skenu: Rychlý sken
Objektu skenováno: 74712
Uplynulý cas: 3 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[memphisto]

Vypni rezidentní ochrany Pandy IS a antispyware štít Spybota
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[zvada]

hmmm neviem ci som postupovala spravne ale asi nie uplne..po nainstalovani programu som pri hlaske PLEASE SELECT AN ACTION vzdy zatrhla moznost ALLOW THIS PROCESS TO CONTINUE..program siel dalej az na okamih ked skenovanie skoncilo a vypisalo REBOOTING WINDOWS...........PLEASE WAIT---------Ibaze ani po 20minutach sa nic nedialo a tak som pc restartovala a ta brana firewall zrazu funguje jupiiiiii,,,vobec neviem co sa stalo a preto chcem vediet ci mam spustit ten program este raz.....

[memphisto]

vlož sem obsah toho logu pokud ho to vytvořilo

[zvada]

nic take nevytvorilo,,ostala len cista obrazovka a nic viac,potom som restartovala pc
,skusim to spustit znova .....hm len je zvlastne ze doteraz som mala problem s Azureusom a zrazu nabehol aj on a ide ok

[zvada]

tak skusila som to zas a tu je vysledok:ComboFix 09-04-04.01 - b 2009-04-12 9:11:16.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.958.178 [GMT 2:00]
Running from: c:\documents and settings\b\Plocha\ComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*
FW: PC Tools Firewall Plus *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\scsE.tmp
.
---- Previous Run -------
.
c:\documents and settings\b\Nabídka Start\Programy\Download programs.url
c:\documents and settings\b\Nabídka Start\Programy\Games.url
c:\documents and settings\b\Nabídka Start\Programy\Translator.url
c:\documents and settings\b\Nabídka Start\Programy\Videos.url
c:\windows\regedit.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\taskmgr.com
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-12 09:12 . 2009-04-12 09:12 0 --a--c--- c:\windows\system32\wndtx1.dll
2009-04-12 09:12 . 2009-04-12 09:12 0 --a--c--- c:\windows\system32\mi5035a0.dll
2009-04-12 09:12 . 2009-04-12 09:12 0 --a--c--- c:\windows\system32\directpt.dll
2009-04-12 09:09 . 2006-03-03 00:42 73,728 --a--c--- C:\pv.exe
2009-04-12 07:55 . 2009-04-12 07:55 <DIR> d----c--- c:\program files\PopCap Games
2009-04-12 07:55 . 2009-04-12 08:01 16 --a--c--- c:\windows\popcinfo.dat
2009-04-11 23:22 . 2009-04-11 23:22 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 23:22 . 2009-04-06 15:32 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 23:22 . 2009-04-06 15:32 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-04-10 23:48 . 2009-04-10 23:48 <DIR> d----c--- c:\documents and settings\b\Data aplikací\DAEMON Tools Pro
2009-04-10 23:48 . 2009-04-10 23:48 <DIR> d----c--- c:\documents and settings\b\Data aplikací\DAEMON Tools
2009-04-10 23:47 . 2009-04-11 23:43 <DIR> d----c--- c:\program files\DAEMON Tools Toolbar
2009-04-10 23:47 . 2009-04-10 23:47 <DIR> d----c--- c:\documents and settings\b\Data aplikací\DAEMON Tools Lite
2009-04-10 23:47 . 2009-04-10 23:47 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-04-10 18:11 . 2009-04-10 18:12 <DIR> d----c--- c:\program files\Brany Skeldalu
2009-04-10 10:45 . 2009-04-10 10:45 <DIR> d----c--- c:\program files\Windows Doctor
2009-03-29 18:41 . 2009-03-29 18:41 28,096 --ah-c--- c:\windows\system32\mlfcache.dat
2009-03-29 09:54 . 2009-03-29 09:59 <DIR> d----c--- c:\program files\Blitzkrieg Anthology
2009-03-26 22:03 . 2009-03-26 22:13 <DIR> d----c--- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-26 22:03 . 2009-03-26 22:13 <DIR> d----c--- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-26 22:03 . 2009-03-26 22:03 <DIR> d----c--- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-26 22:03 . 2009-03-26 22:03 <DIR> d----c--- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-26 21:49 . 2009-03-26 22:20 <DIR> d----c--- c:\program files\Spybot - Search & Destroy
2009-03-26 21:49 . 2009-04-11 11:49 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-24 23:06 . 2009-03-24 23:06 <DIR> d----c--- c:\program files\Autodesk
2009-03-22 01:04 . 2009-03-22 01:04 <DIR> d----c--- c:\program files\Common Files\MicroWorld
2009-03-22 01:04 . 2009-03-22 01:04 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-22 01:04 . 2004-08-17 15:49 147,968 --a--c--- c:\windows\R.COM
2009-03-22 01:04 . 2004-08-17 15:49 137,216 --a--c--- c:\windows\system32\T.COM
2009-03-22 00:03 . 2009-03-22 00:10 155,648 --a--c--- c:\windows\system32\libssl32.dll
2009-03-21 23:20 . 2009-04-10 18:13 <DIR> d----c--- C:\DOWNLOAD
2009-03-21 18:49 . 2009-03-21 18:49 <DIR> d----c--- c:\program files\AskBarDis
2009-03-21 18:49 . 2009-04-12 09:14 <DIR> d----c--- c:\documents and settings\b\Data aplikací\Azureus
2009-03-21 18:49 . 2009-03-21 18:49 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\Azureus
2009-03-21 18:35 . 2009-04-12 00:55 <DIR> d----c--- c:\program files\Vuze
2009-03-20 22:50 . 2008-12-11 09:38 159,600 --a--c--- c:\windows\system32\drivers\pctgntdi.sys
2009-03-20 22:50 . 2009-03-20 22:54 130,424 --a--c--- c:\windows\system32\drivers\PCTCore.sys
2009-03-20 22:50 . 2008-12-18 13:16 73,840 --a--c--- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-20 22:49 . 2009-03-20 22:49 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\PC Tools
2009-03-20 22:49 . 2008-09-22 13:29 97,408 --a--c--- c:\windows\system32\drivers\pctfw.sys
2009-03-20 22:49 . 2009-01-21 11:38 95,640 --a--c--- c:\windows\system32\drivers\pctplfw.sys
2009-03-20 22:49 . 2009-03-03 13:19 51,472 --a--c--- c:\windows\system32\drivers\TfFsMon.sys
2009-03-20 22:49 . 2009-03-03 13:19 39,184 --a--c--- c:\windows\system32\drivers\TfSysMon.sys
2009-03-20 22:49 . 2009-03-03 13:19 33,040 --a--c--- c:\windows\system32\drivers\TfNetMon.sys
2009-03-20 22:49 . 2009-03-03 13:19 12,560 --a--c--- c:\windows\system32\drivers\TfKbMon.sys
2009-03-19 23:16 . 2009-03-20 22:36 <DIR> d----c--- c:\program files\Sunbelt Software
2009-03-17 17:26 . 2009-03-17 17:26 <DIR> d----c--- c:\documents and settings\myst\TSGUIDE
2009-03-17 17:26 . 2009-03-17 23:48 <DIR> d----c--- c:\documents and settings\myst\SETUP32
2009-03-17 17:26 . 2009-03-17 17:26 <DIR> d----c--- c:\documents and settings\myst\SETUP16
2009-03-17 17:26 . 2009-03-17 17:26 <DIR> d----c--- c:\documents and settings\myst\QTWSETUP
2009-03-17 17:25 . 2009-03-17 17:26 <DIR> d----c--- c:\documents and settings\myst\QTW
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\PROG32
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\PROG16
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\LEDEMO
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\EREG32
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\EREG16
2009-03-17 17:25 . 2009-03-17 17:25 <DIR> d----c--- c:\documents and settings\myst\AUTORUN
2009-03-17 17:21 . 2009-03-17 17:26 <DIR> d----c--- c:\documents and settings\myst
2009-03-15 00:38 . 2009-03-15 00:38 <DIR> dr-h-c--- c:\documents and settings\b\Data aplikací\SecuROM
2009-03-15 00:34 . 2009-03-30 23:48 0 --a--c--- c:\windows\vpd.properties
2009-03-14 21:56 . 1996-08-26 03:12 345,600 -ra--c--- c:\windows\system\QTIM32.DLL
2009-03-14 21:39 . 2009-03-17 17:40 <DIR> d----c--- c:\program files\Myst
2009-03-14 21:39 . 2009-03-14 21:39 1,198 --a--c--- c:\windows\WININI.QTW
2009-03-14 21:39 . 2009-03-14 21:39 271 --a--c--- c:\windows\SYSINI.QTW
2009-03-14 21:39 . 2009-03-14 21:39 30 --a--c--- c:\windows\RESULT.QTW
2009-03-14 21:39 . 2009-03-14 21:39 0 --a--c--- c:\windows\QTW.QTW
2009-03-14 21:13 . 2009-03-26 22:51 <DIR> d----c--- c:\program files\Disk Cleaner
2009-03-14 21:13 . 2009-03-14 21:13 <DIR> d----c--- c:\documents and settings\All Users\Data aplikací\Disk Cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 07:16 13,880 -c--a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-12 07:16 1,132 -c--a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-12 07:16 1,132 -c--a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-04-12 07:16 --------- dc--a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-12 07:10 323,236 -c--a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-12 07:10 323,236 -c--a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-11 21:42 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-11 19:59 --------- dc----w c:\documents and settings\b\Data aplikací\Skype
2009-04-11 17:00 --------- dc----w c:\documents and settings\b\Data aplikací\skypePM
2009-04-10 21:32 --------- dc----w c:\program files\GameSpy Arcade
2009-04-09 17:07 --------- dc----w c:\program files\PC Tools Firewall Plus
2009-04-08 19:15 --------- dc----w c:\program files\Java
2009-03-23 20:58 --------- dc----w c:\program files\Crawler
2009-03-20 20:50 --------- dc----w c:\program files\Common Files\PC Tools
2009-03-20 20:49 --------- dc----w c:\program files\ThreatFire
2009-03-20 19:55 --------- dc----w c:\program files\Google
2009-03-20 19:53 --------- dc----w c:\program files\VS Revo Group
2009-03-20 19:49 --------- dc----w c:\program files\Common Files\Adobe
2009-03-19 22:05 --------- dc----w c:\program files\Lavasoft
2009-03-19 22:05 --------- dc----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-03-16 20:57 --------- dc----w c:\program files\Alcohol Soft
2009-03-14 22:32 --------- dc----w c:\program files\UBISOFT
2009-03-09 03:19 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-08 14:05 --------- dc----w c:\documents and settings\b\Data aplikací\Malwarebytes
2009-03-08 14:05 --------- dc----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-08 12:33 --------- dc----w c:\program files\Trend Micro
2009-02-19 22:39 --------- dc----w c:\program files\Common Files\DVDVideoSoft
2009-02-19 00:08 --------- dc----w c:\program files\Common Files\Skype
2009-02-19 00:08 --------- dc----w c:\documents and settings\All Users\Data aplikací\Skype
2009-02-19 00:08 --------- dc----r c:\program files\Skype
2009-02-18 21:50 --------- dc----w c:\program files\Kinomania
2009-02-15 12:19 --------- dc----w c:\documents and settings\All Users\Data aplikací\Panda Software
2009-02-15 12:02 --------- dc----w c:\program files\Panda Security
2009-02-15 12:02 --------- dc----w c:\documents and settings\b\Data aplikací\Panda Security
2009-02-15 12:02 --------- dc----w c:\documents and settings\All Users\Data aplikací\Panda Security
2009-02-15 12:00 --------- dc----w c:\program files\Common Files\Panda Security
2009-02-14 18:57 --------- dc----w c:\program files\Ashampoo
2009-02-14 14:13 --------- dc----w c:\program files\GameTop.com
2009-02-14 13:10 --------- dc----w c:\program files\AVG
2009-02-13 19:57 --------- dc----w c:\program files\COMODO
2009-02-13 19:57 --------- dc----w c:\documents and settings\b\Data aplikací\Comodo
2009-02-13 19:54 --------- dc----w c:\program files\ESET
2009-02-13 13:15 --------- dc----w c:\documents and settings\b\Data aplikací\Software Informer
2009-02-13 12:04 --------- dc----w c:\documents and settings\b\Data aplikací\HTML Executable
2009-02-13 12:04 --------- dc----w c:\documents and settings\b\Data aplikací\Desktopicon
2009-02-12 21:36 249,592 -c--a-w c:\windows\system32\cssdll32.dll
2009-02-12 15:55 --------- dc----w c:\documents and settings\b\Data aplikací\PCToolsFirewallPlus
2009-01-30 20:49 65,365 -c--a-w c:\windows\BricoPackUninst.cmd
2009-01-30 20:49 6,106 -c--a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-30 20:49 219,648 -c--a-w c:\windows\system32\uxtheme.dll
2009-01-25 16:23 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-06 20:57 0 -c--a-w c:\program files\secure32.html
2008-10-06 20:57 0 -c--a-w c:\program files\cqwydcgt.exe
2008-06-24 18:43 533 -c--a-w c:\program files\Zástupce - The Rise of Atlantis.lnk
2006-10-12 10:03 8,838,336 -c--a-w c:\program files\ashampoo_burningstudio2007_vnu_gb.exe
2006-07-18 12:41 1,019,094 -csha-r c:\program files\serial.tde
2005-07-01 12:11 24,455,072 -c--a-w c:\program files\act30pkg.exe
2007-10-31 21:58 8,192 -csha-w c:\windows\o2cLicStore.bin
2009-01-03 21:27 8 -csh--r c:\windows\system32\8B2D3681B0.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 19:40 333192 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" [2006-08-03 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-10 c:\windows\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 17:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-02-15 28544]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-20 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-20 39184]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-10-31 11264]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-02-15 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-02-15 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-02-15 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-02-15 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-02-15 14:02:51 158848]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-20 159600]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-02-15 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-02-15 46720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-03-21 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-03-21 234888]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-02-15 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2009-02-15 28928]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-02-15 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-02-15 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-20 95640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-10-31 659456]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-20 33040]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-20 73840]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-01-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-01-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-01-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-01-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-01-21 86368]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [2008-01-26 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [2008-01-26 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [2008-01-26 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [2008-01-26 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [2008-01-26 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [2008-01-26 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [2008-01-26 98952]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cce96c0-93e4-11dd-b4d5-001bfcda139b}]
\Shell\applet\command - l:\autorun\autorun.exe /s
\Shell\AutoRun\command - l:\autorun\autorun.exe
\Shell\ereg\command - l:\ereg32\ereg32.exe
\Shell\install\command - L:\setup.exe
\Shell\qtim\command - l:\qtwsetup\win32\custom\qt32inst.exe
\Shell\readfile\command - Notepad Readme.txt
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]

2009-02-15 c:\windows\Tasks\At1.job
- c:\windows\System32\wunauclt.exe []

2009-03-15 c:\windows\Tasks\At2.job
- c:\windows\System32\wunauclt.exe []

2008-07-15 c:\windows\Tasks\At3.job
- c:\windows\System32\wunauclt.exe []

2009-03-15 c:\windows\Tasks\At4.job
- c:\windows\System32\wunauclt.exe []

2009-02-15 c:\windows\Tasks\At5.job
- c:\windows\System32\wunauclt.exe []

2008-07-15 c:\windows\Tasks\At6.job
- c:\windows\System32\wunauclt.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-mxClock - c:\documents and settings\b\Plocha\maydesign_mxclock_1.1.4\maydesign mxClock\mxClock.exe
HKCU-Run-uTorrent - c:\documents and settings\b\Plocha\utorrent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\b\Data aplikací\Mozilla\Firefox\Profiles\4mpk45wr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 09:17:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1425521274-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-484763869-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B32CF76-CD72-23C9-11B0-C5E8B51F8381}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abccjpbkjkdhcabdpkhliaomndnjplnfid"=hex:61,61,00,00
"bbccjpbkjkdhcabdpkeljdfndlljhfoabaoa"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,47,50,4b,a1,38,b8,b2,a7,a3,bd,f2,f6,8f,39,a7,aa,97,40,66,9e,99,ee,
dc,cf,49,e6,fb,0d,1d,09,69,7c,4d,23,eb,54,94,43,d5,58,0e,21,0b,7c,53,83,4d,\
"??"=hex:98,e5,f2,a4,f1,10,12,9d,3b,d1,2a,82,42,dc,ee,c9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\avldr.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(1532)
c:\program files\ThreatFire\TFWAH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2009\TPSrv.exe
c:\program files\Panda Security\Panda Internet Security 2009\WebProxy.exe
c:\windows\system32\dllhost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\program files\Panda Security\Panda Internet Security 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\PSIService.exe
c:\program files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\UAService7.exe
c:\program files\Panda Security\Panda Internet Security 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Internet Security 2009\FIREWALL\PSHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Panda Security\Panda Internet Security 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-12 9:19:31 - machine was rebooted [b]
ComboFix-quarantined-files.txt 2009-04-12 07:19:28

Pre-Run: Volných bajtů: 42,416,254,976
Post-Run: Volných bajtů: 43,234,430,976

383 --- E O F --- 2009-02-09 16:48:12

[jaro3]

Zaskočím za memphista.
Toto vypadá...
Odinstaluj:
Windows Doctor
Máš tam zbytky po ESETU, COMODO,AVG..Symantec...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\wndtx1.dll
c:\windows\system32\mi5035a0.dll
c:\windows\system32\directpt.dll
c:\windows\popcinfo.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\KGyGaAvL.sys
c:\program files\secure32.html
c:\program files\cqwydcgt.exe
c:\program files\serial.tde
c:\windows\system32\8B2D3681B0.sys
c:\windows\System32\wunauclt.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

Folder::
c:\program files\AskBarDis
c:\program files\AVG
c:\program files\COMODO
c:\documents and settings\b\Data aplikací\Comodo
c:\program files\ESET

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cce96c0-93e4-11dd-b4d5-001bfcda139b}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[zvada]

no vyzera to tak ze mam riadny bordel v pc hmmm..tu je novy log z ComboFix:ComboFix 09-04-12.02 - b 2009-04-12 16:18.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.958.192 [GMT 2:00]
Running from: c:\documents and settings\b\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\b\Plocha\CFScript.txt
AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*
FW: PC Tools Firewall Plus *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\cqwydcgt.exe
c:\program files\secure32.html
c:\program files\serial.tde
c:\windows\popcinfo.dat
c:\windows\system32\8B2D3681B0.sys
c:\windows\system32\directpt.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\mi5035a0.dll
c:\windows\system32\mlfcache.dat
c:\windows\system32\wndtx1.dll
c:\windows\System32\wunauclt.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\b\Data aplikací\Comodo
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AVG
c:\program files\COMODO
c:\program files\COMODO\SafeSurf\cssurf.exe
c:\program files\cqwydcgt.exe
c:\program files\ESET
c:\program files\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files\ESET\ESET Online Scanner\log.txt
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod203E.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod5381.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod57D7.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod61EA.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0949.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod28C0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2D61.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod33F1.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3606.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4A69.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5441.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5B8D.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5D37.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5DA8.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6289.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6320.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6528.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7164.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7A8A.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\mod_comp.dat
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files\ESET\ESET Online Scanner\unicows.dll
c:\program files\secure32.html
c:\program files\serial.tde
c:\windows\popcinfo.dat
c:\windows\system32\8B2D3681B0.sys
c:\windows\system32\bmtdhh.dll
c:\windows\system32\directpt.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\mi5035a0.dll
c:\windows\system32\mlfcache.dat
c:\windows\system32\wndtx1.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job

.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-12 08:38 . 2009-04-12 08:38 -------- dc----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-04-12 08:08 . 2009-04-12 08:08 0 -c--a-w c:\windows\PowerReg.dat
2009-04-11 21:48 . 2000-08-31 06:00 89504 -c--a-w c:\windows\fdsv.exe
2009-04-11 21:22 . 2009-04-06 13:32 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 21:22 . 2009-04-06 13:32 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 21:48 . 2009-04-10 21:48 -------- dc----w c:\documents and settings\b\Data aplikací\DAEMON Tools Pro
2009-04-10 21:48 . 2009-04-10 21:48 -------- dc----w c:\documents and settings\b\Data aplikací\DAEMON Tools
2009-04-10 21:47 . 2009-04-10 21:47 -------- dc----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-04-10 21:47 . 2009-04-10 21:47 -------- dc----w c:\documents and settings\b\Data aplikací\DAEMON Tools Lite
2009-03-26 19:49 . 2009-04-11 09:49 -------- dc----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-21 23:04 . 2004-08-17 13:49 137216 -c--a-w c:\windows\system32\T.COM
2009-03-21 23:04 . 2004-08-17 13:49 147968 -c--a-w c:\windows\R.COM
2009-03-21 23:04 . 2009-03-21 23:04 -------- dc----w c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-21 22:03 . 2009-03-21 22:10 155648 -c--a-w c:\windows\system32\libssl32.dll
2009-03-21 21:20 . 2009-04-10 16:13 -------- dc----w C:\DOWNLOAD
2009-03-21 16:49 . 2009-03-21 16:49 -------- dc----w c:\documents and settings\All Users\Data aplikací\Azureus
2009-03-21 16:49 . 2009-04-12 14:23 -------- dc----w c:\documents and settings\b\Data aplikací\Azureus
2009-03-20 20:50 . 2009-03-20 20:54 130424 -c--a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-20 20:50 . 2008-12-18 11:16 73840 -c--a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-20 20:50 . 2008-12-11 07:38 159600 -c--a-w c:\windows\system32\drivers\pctgntdi.sys
2009-03-20 20:49 . 2008-09-22 11:29 97408 -c--a-w c:\windows\system32\drivers\pctfw.sys
2009-03-20 20:49 . 2009-01-21 09:38 95640 -c--a-w c:\windows\system32\drivers\pctplfw.sys
2009-03-20 20:49 . 2009-03-03 11:19 39184 -c--a-w c:\windows\system32\drivers\TfSysMon.sys
2009-03-20 20:49 . 2009-03-03 11:19 33040 -c--a-w c:\windows\system32\drivers\TfNetMon.sys
2009-03-20 20:49 . 2009-03-03 11:19 51472 -c--a-w c:\windows\system32\drivers\TfFsMon.sys
2009-03-20 20:49 . 2009-03-03 11:19 12560 -c--a-w c:\windows\system32\drivers\TfKbMon.sys
2009-03-20 20:49 . 2009-03-20 20:49 -------- dc----w c:\documents and settings\All Users\Data aplikací\PC Tools
2009-03-17 15:26 . 2009-03-17 15:26 -------- dc----w c:\documents and settings\myst\TSGUIDE
2009-03-17 15:26 . 2009-03-17 21:48 -------- dc----w c:\documents and settings\myst\SETUP32
2009-03-17 15:26 . 2009-03-17 15:26 -------- dc----w c:\documents and settings\myst\SETUP16
2009-03-17 15:26 . 2009-03-17 15:26 -------- dc----w c:\documents and settings\myst\QTWSETUP
2009-03-17 15:25 . 2009-03-17 15:26 -------- dc----w c:\documents and settings\myst\QTW
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\PROG32
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\PROG16
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\LEDEMO
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\EREG32
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\EREG16
2009-03-17 15:25 . 2009-03-17 15:25 -------- dc----w c:\documents and settings\myst\AUTORUN
2009-03-17 15:21 . 2009-03-17 15:26 -------- dc----w c:\documents and settings\myst
2009-03-14 22:38 . 2009-03-14 22:38 -------- dc-h--r c:\documents and settings\b\Data aplikací\SecuROM
2009-03-14 22:34 . 2009-04-12 13:13 8432 -c--a-w c:\windows\vpd.properties
2009-03-14 19:56 . 1996-08-26 01:12 345600 -c--a-r c:\windows\system\QTIM32.DLL
2009-03-14 19:39 . 2009-03-14 19:39 271 -c--a-w c:\windows\SYSINI.QTW
2009-03-14 19:39 . 2009-03-14 19:39 1198 -c--a-w c:\windows\WININI.QTW
2009-03-14 19:39 . 2009-03-14 19:39 0 -c--a-w c:\windows\QTW.QTW
2009-03-14 19:39 . 2009-03-14 19:39 30 -c--a-w c:\windows\RESULT.QTW
2009-03-14 19:13 . 2009-03-14 19:13 -------- dc----w c:\documents and settings\All Users\Data aplikací\Disk Cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 14:25 . 2009-02-12 15:52 -------- dc--a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-12 14:25 . 2009-02-15 12:03 318892 -c--a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-12 14:25 . 2009-02-15 12:03 318892 -c--a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-04-12 14:25 . 2009-02-15 12:03 1132 -c--a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-12 14:25 . 2009-02-15 12:03 1132 -c--a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-04-12 14:25 . 2009-02-15 12:05 13880 -c--a-w c:\windows\system32\drivers\COMFiltr.sys
2009-04-12 14:07 . 2008-12-01 15:45 -------- dc----w c:\program files\GameSpy Arcade
2009-04-12 14:06 . 2009-04-10 21:47 -------- dc----w c:\program files\DAEMON Tools Toolbar
2009-04-12 13:06 . 2008-10-08 14:24 -------- dc----w c:\program files\UBISOFT
2009-04-12 08:41 . 2009-04-12 08:38 -------- dc----w c:\program files\DAEMON Tools Pro
2009-04-12 08:35 . 2008-06-20 07:25 721904 -c--a-w c:\windows\system32\drivers\sptd.sys
2009-04-12 08:06 . 2008-05-28 12:21 -------- dc----w c:\program files\Infogrames
2009-04-12 05:55 . 2009-04-12 05:55 -------- dc----w c:\program files\PopCap Games
2009-04-11 22:55 . 2009-03-21 16:35 -------- dc----w c:\program files\Vuze
2009-04-11 21:42 . 2007-10-31 19:37 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-11 21:22 . 2009-04-11 21:22 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 19:59 . 2009-02-19 00:08 -------- dc----w c:\documents and settings\b\Data aplikací\Skype
2009-04-11 17:00 . 2009-02-09 18:36 -------- dc----w c:\documents and settings\b\Data aplikací\skypePM
2009-04-10 16:12 . 2009-04-10 16:11 -------- dc----w c:\program files\Brany Skeldalu
2009-04-10 08:45 . 2009-04-10 08:45 -------- dc----w c:\program files\Windows Doctor
2009-04-09 17:07 . 2009-02-12 15:52 -------- dc----w c:\program files\PC Tools Firewall Plus
2009-04-08 19:15 . 2009-03-08 16:40 -------- dc----w c:\program files\Java
2009-04-08 19:15 . 2001-10-25 12:00 68876 ----a-w c:\windows\system32\perfc005.dat
2009-04-08 19:15 . 2001-10-25 12:00 389780 ----a-w c:\windows\system32\perfh005.dat
2009-03-29 07:59 . 2009-03-29 07:54 -------- dc----w c:\program files\Blitzkrieg Anthology
2009-03-26 20:51 . 2009-03-14 19:13 -------- dc----w c:\program files\Disk Cleaner
2009-03-26 20:20 . 2009-03-26 19:49 -------- dc----w c:\program files\Spybot - Search & Destroy
2009-03-26 20:13 . 2009-03-26 20:03 -------- dc----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-26 20:13 . 2009-03-26 20:03 -------- dc----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-26 20:03 . 2009-03-26 20:03 -------- dc----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-26 20:03 . 2009-03-26 20:03 -------- dc----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-24 21:06 . 2009-03-24 21:06 -------- dc----w c:\program files\Autodesk
2009-03-23 20:58 . 2009-02-09 17:30 -------- dc----w c:\program files\Crawler
2009-03-21 23:04 . 2009-03-21 23:04 -------- dc----w c:\program files\Common Files\MicroWorld
2009-03-20 20:50 . 2009-02-12 15:53 -------- dc----w c:\program files\Common Files\PC Tools
2009-03-20 20:49 . 2009-02-12 15:52 -------- dc----w c:\program files\ThreatFire
2009-03-20 20:36 . 2009-03-19 21:16 -------- dc----w c:\program files\Sunbelt Software
2009-03-20 19:55 . 2009-01-25 21:14 -------- dc----w c:\program files\Google
2009-03-20 19:53 . 2008-12-12 19:31 -------- dc----w c:\program files\VS Revo Group
2009-03-20 19:49 . 2007-10-31 22:09 -------- dc----w c:\program files\Common Files\Adobe
2009-03-19 22:05 . 2009-03-11 19:20 -------- dc----w c:\program files\Lavasoft
2009-03-19 22:05 . 2009-03-11 19:20 -------- dc----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-03-19 21:44 . 2009-03-11 20:43 4700 -c--a-w C:\aaw7boot.log
2009-03-17 15:40 . 2009-03-14 19:39 -------- dc----w c:\program files\Myst
2009-03-16 20:57 . 2008-10-06 21:43 -------- dc----w c:\program files\Alcohol Soft
2009-03-09 03:19 . 2009-03-08 16:40 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-08 14:05 . 2009-03-08 14:05 -------- dc----w c:\documents and settings\b\Data aplikací\Malwarebytes
2009-03-08 14:05 . 2009-03-08 14:05 -------- dc----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-08 12:33 . 2009-03-08 12:33 -------- dc----w c:\program files\Trend Micro
2009-02-19 22:39 . 2009-02-19 22:24 -------- dc----w c:\program files\Common Files\DVDVideoSoft
2009-02-19 00:08 . 2009-02-19 00:08 -------- dc----w c:\program files\Common Files\Skype
2009-02-19 00:08 . 2009-02-09 18:33 -------- dc----r c:\program files\Skype
2009-02-19 00:08 . 2009-02-08 12:45 -------- dc----w c:\documents and settings\All Users\Data aplikací\Skype
2009-02-18 21:50 . 2009-02-18 21:50 -------- dc----w c:\program files\Kinomania
2009-02-15 12:19 . 2009-02-15 12:19 -------- dc----w c:\documents and settings\All Users\Data aplikací\Panda Software
2009-02-15 12:02 . 2009-02-15 12:02 -------- dc----w c:\documents and settings\b\Data aplikací\Panda Security
2009-02-15 12:02 . 2009-02-15 12:02 -------- dc----w c:\program files\Panda Security
2009-02-15 12:02 . 2009-02-15 12:02 -------- dc----w c:\documents and settings\All Users\Data aplikací\Panda Security
2009-02-15 12:00 . 2009-02-15 12:00 -------- dc----w c:\program files\Common Files\Panda Security
2009-02-14 18:57 . 2008-12-12 20:05 -------- dc----w c:\program files\Ashampoo
2009-02-14 14:13 . 2008-12-12 20:53 -------- dc----w c:\program files\GameTop.com
2009-02-13 13:15 . 2009-01-25 16:48 -------- dc----w c:\documents and settings\b\Data aplikací\Software Informer
2009-02-13 12:04 . 2009-02-13 12:04 -------- dc----w c:\documents and settings\b\Data aplikací\HTML Executable
2009-02-13 12:04 . 2009-02-13 12:04 -------- dc----w c:\documents and settings\b\Data aplikací\Desktopicon
2009-02-12 21:36 . 2009-02-12 21:36 249592 -c--a-w c:\windows\system32\cssdll32.dll
2009-02-12 15:55 . 2009-02-12 15:55 -------- dc----w c:\documents and settings\b\Data aplikací\PCToolsFirewallPlus
2009-01-30 20:49 . 2009-01-30 20:49 65365 -c--a-w c:\windows\BricoPackUninst.cmd
2009-01-30 20:49 . 2009-01-30 20:48 6106 -c--a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-30 20:49 . 2007-10-31 19:30 219648 -c--a-w c:\windows\system32\uxtheme.dll
2008-06-24 18:43 . 2008-06-24 18:43 533 -c--a-w c:\program files\Zástupce - The Rise of Atlantis.lnk
2006-10-12 10:03 . 2008-11-01 18:37 8838336 -c--a-w c:\program files\ashampoo_burningstudio2007_vnu_gb.exe
2005-07-01 12:11 . 2009-01-31 14:27 24455072 -c--a-w c:\program files\act30pkg.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" [2006-08-03 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-10 c:\windows\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 17:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

R2 ASKService;ASKService; [x]
R2 ASKUpgrade;ASKUpgrade; [x]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
R3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
R3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
R3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
R3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
R3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
R3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-06-29 83208]
R3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-06-29 15112]
R3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-06-29 108552]
R3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-06-29 100360]
R3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-06-29 23176]
R3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-06-29 98568]
R3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-06-29 98952]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-03 51472]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-03 39184]
S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\DRIVERS\xfilt.sys [2006-02-23 11264]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 15:58 158848]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
S2 Gwmsrv;Panda Goodware Cache Manager; [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\PskSvc.exe [2008-06-25 28928]
S2 ThreatFire;ThreatFire; [x]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2009-04-12 13880]
S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
S3 PavTPK.sys;PavTPK.sys; [x]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-21 95640]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-09-12 659456]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-03 33040]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
panda REG_MULTI_SZ Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8867f7d-273d-11de-b660-001bfcda139b}]
\Shell\AutoRun\command - D:\Launcher.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\b\Data aplikací\Mozilla\Firefox\Profiles\4mpk45wr.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1425521274-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-484763869-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B32CF76-CD72-23C9-11B0-C5E8B51F8381}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abccjpbkjkdhcabdpkhliaomndnjplnfid"=hex:61,61,00,00
"bbccjpbkjkdhcabdpkeljdfndlljhfoabaoa"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,47,50,4b,a1,38,b8,b2,a7,a3,bd,f2,f6,8f,39,a7,aa,97,40,66,9e,99,ee,
dc,cf,49,e6,fb,0d,1d,09,69,7c,4d,23,eb,54,94,43,d5,58,0e,21,0b,7c,53,83,4d,\
"??"=hex:98,e5,f2,a4,f1,10,12,9d,3b,d1,2a,82,42,dc,ee,c9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\avldr.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(1532)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(3452)
c:\program files\Panda Security\Panda Internet Security 2009\pavoepl.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2009\TPSrv.exe
c:\program files\Panda Security\Panda Internet Security 2009\WebProxy.exe
c:\windows\system32\dllhost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\program files\Panda Security\Panda Internet Security 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\PSIService.exe
c:\program files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\UAService7.exe
c:\program files\Panda Security\Panda Internet Security 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Internet Security 2009\FIREWALL\PSHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Panda Security\Panda Internet Security 2009\SrvLoad.exe
c:\program files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-12 16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 14:28
ComboFix2.txt 2009-04-12 07:19

Pre-Run: Volných bajtů: 34 474 627 072
Post-Run: Volných bajtů: 35,705,425,920

436 --- E O F --- 2009-02-09 16:48