kontrola logu - mluvící bios

[Ghostwriter]

cejtim zavirovanej komp, při rebootu mi nějaká ženská kecá anglický kraviny. Při spouštění Firefoxu zas problikává spyware, bude tam toho hodně.. předem dík


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:22, on 21.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
D:\honza\poweriso\PWRISOVM.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\honza\deamon\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
D:\ivan\movs\skate\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\honza\poweriso\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\honza\deamon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8101 bytes

[Reklama]

[jaro3]

Odinstaluj:
ICQ6Toolbar
DAEMON Tools Toolbar


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program F O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll iles\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe" 04 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Ghostwriter]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3210
Windows 5.1.2600 Service Pack 3

21.11.2009 22:25:26
mbam-log-2009-11-21 (22-25-26).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 109328
Uplynulý čas: 5 minute(s), 58 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Ghostwriter]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:00, on 21.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
D:\honza\poweriso\PWRISOVM.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\honza\deamon\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\ivan\movs\skate\hijackthis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\honza\poweriso\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\honza\deamon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6934 bytes

[jaro3]

Vypni rez. ochranu u NOD32.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zítra.

[Ghostwriter]

ComboFix 09-11-20.05 - 766g 21.11.2009 23:35.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1535.1219 [GMT 1:00]
Spuštěný z: d:\ivan\movs\skate\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-21 do 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\documents and settings\766g\Application Data\Malwarebytes
2009-11-21 21:18 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 21:18 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 14:11 . 2009-11-21 14:11 -------- d-----w- c:\documents and settings\766g\.dvdcss
2009-11-12 14:43 . 2009-11-12 14:43 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-12 14:43 . 2009-11-12 14:42 33921368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze.exe
2009-11-12 14:43 . 2009-11-12 14:43 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-12 14:43 . 2009-11-12 14:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-12 14:43 . 2009-11-12 14:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-12 14:43 . 2009-11-12 14:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-12 14:40 . 2009-11-12 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-12 14:26 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-12 14:22 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-11-12 14:22 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-11-12 14:22 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-11-07 00:21 . 2009-11-07 00:21 -------- d-----w- c:\program files\Space Taxi 2
2009-11-07 00:21 . 2009-11-07 00:21 -------- d-----w- c:\program files\ReflexiveArcade
2009-11-05 15:47 . 2009-11-08 14:16 798 ----a-w- c:\windows\eReg.dat
2009-10-31 18:58 . 2009-10-31 18:58 452104 ----a-w- c:\documents and settings\766g\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-10-29 18:39 . 2009-09-17 16:54 2491192 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-29 18:39 . 2006-10-18 16:32 499712 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-10-29 18:39 . 2006-10-16 17:44 196608 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-10-29 18:39 . 2008-03-04 17:52 286720 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-10-29 18:39 . 2007-10-31 08:39 59904 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-10-29 18:39 . 2007-05-17 12:58 143360 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-10-29 18:39 . 2006-10-18 16:32 348160 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-10-29 18:39 . 2006-10-16 17:44 1028096 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 14:12 . 2009-03-07 21:06 -------- d-----w- c:\documents and settings\766g\Application Data\dvdcss
2009-11-20 17:07 . 2008-10-27 10:32 -------- d-----w- c:\documents and settings\766g\Application Data\uTorrent
2009-11-17 15:35 . 2008-10-05 19:40 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-17 15:34 . 2008-10-05 19:40 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-13 22:48 . 2009-09-13 19:19 640272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-12 18:05 . 2009-05-22 15:33 -------- d-----w- c:\program files\Nokia
2009-11-12 14:51 . 2009-05-22 15:59 -------- d-----w- c:\documents and settings\766g\Application Data\Nokia
2009-11-12 14:43 . 2009-05-22 15:34 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-12 14:28 . 2008-11-04 21:25 50160 ----a-w- c:\documents and settings\766g\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 14:26 . 2009-05-22 15:33 -------- d-----w- c:\program files\DIFX
2009-11-08 14:14 . 2008-10-04 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 15:10 . 2009-05-30 08:29 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-10-31 19:02 . 2009-07-05 20:31 -------- d-----w- c:\program files\Common Files\Real
2009-10-31 19:01 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-31 19:01 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-16 12:18 . 2009-05-26 18:40 -------- d-----w- c:\program files\The KMPlayer
2009-10-09 07:30 . 2008-10-14 15:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-26 15:30 . 2009-09-26 15:24 -------- d-----w- c:\program files\CENZURA
2009-09-26 15:15 . 2009-09-26 15:15 -------- d-----w- c:\program files\Ask.com
2009-09-12 12:03 . 2009-09-12 12:03 3 ----a-w- c:\windows\msdbc_9500223.dat
2008-11-04 21:24 . 2008-11-04 21:24 133120 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\honza\deamon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-07-22 917504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 192512]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"PWRISOVM.EXE"="d:\honza\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-04 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2009-02-27 35696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\766g\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\hry\\Call of Duty\\CoDMP.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\honza\\SopCast\\SopCast.exe"=
"d:\\honza\\SopCast\\adv\\SopAdver.exe"=
"d:\\honza\\utorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\hry\\Call of Duty\\CoDUOMP.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [4.10.2008 20:46 89749]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4.10.2008 20:46 9600]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2008 15:11 717296]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [5.10.2008 4:24 176256]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10.3.2008 0:04 65536]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
.
Obsah adresáře 'Naplánované úlohy'

2009-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
HKLM-Run-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-CmUsbSound - cmcnfgu.cpl
AddRemove-Splinter Cell CZ 1.0_is1 - d:\hry\splinter\Splinter Cell\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 23:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x8A37C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Coppe -> SendCompleteHandler -> NDIS.sys @ 0xba65fbb0
PacketIndicateHandler -> NDIS.sys @ 0xba64ea0d
SendHandler -> NDIS.sys @ 0xba662b40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1637723038-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2476)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
d:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-11-21 23:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-21 22:43

Před spuštěním: 1 710 604 288 bytes free
Po spuštění: 8 847 908 864

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E74AA6E6B51B965C28C868740B85343B

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\eReg.dat
c:\windows\msdbc_9500223.dat
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Ask.com\GenericAskToolbar.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Firefox::
FF - ProfilePath - c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Stáhni si GooredFix

a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).

Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

[Ghostwriter]

ComboFix 09-11-20.05 - 766g 22.11.2009 13:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1535.1218 [GMT 1:00]
Spuštěný z: d:\ivan\movs\skate\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\766g\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\eReg.dat"
"c:\windows\msdbc_9500223.dat"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\eReg.dat
c:\windows\msdbc_9500223.dat
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\documents and settings\766g\Application Data\Malwarebytes
2009-11-21 21:18 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 21:18 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 21:18 . 2009-11-21 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 14:11 . 2009-11-21 14:11 -------- d-----w- c:\documents and settings\766g\.dvdcss
2009-11-12 14:43 . 2009-11-12 14:43 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-12 14:43 . 2009-11-12 14:42 33921368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze.exe
2009-11-12 14:43 . 2009-11-12 14:43 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-12 14:43 . 2009-11-12 14:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-12 14:43 . 2009-11-12 14:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-12 14:43 . 2009-11-12 14:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-12 14:40 . 2009-11-12 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-12 14:26 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-12 14:22 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-11-12 14:22 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-11-12 14:22 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-11-07 00:21 . 2009-11-07 00:21 -------- d-----w- c:\program files\Space Taxi 2
2009-11-07 00:21 . 2009-11-07 00:21 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-31 18:58 . 2009-10-31 18:58 452104 ----a-w- c:\documents and settings\766g\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-10-29 18:39 . 2009-09-17 16:54 2491192 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-29 18:39 . 2006-10-18 16:32 499712 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-10-29 18:39 . 2006-10-16 17:44 196608 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-10-29 18:39 . 2008-03-04 17:52 286720 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-10-29 18:39 . 2007-10-31 08:39 59904 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-10-29 18:39 . 2007-05-17 12:58 143360 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-10-29 18:39 . 2006-10-18 16:32 348160 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-10-29 18:39 . 2006-10-16 17:44 1028096 ----a-w- c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 11:58 . 2008-10-05 19:40 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 11:58 . 2008-10-05 19:40 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-21 14:12 . 2009-03-07 21:06 -------- d-----w- c:\documents and settings\766g\Application Data\dvdcss
2009-11-20 17:07 . 2008-10-27 10:32 -------- d-----w- c:\documents and settings\766g\Application Data\uTorrent
2009-11-13 22:48 . 2009-09-13 19:19 640272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-12 18:05 . 2009-05-22 15:33 -------- d-----w- c:\program files\Nokia
2009-11-12 14:51 . 2009-05-22 15:59 -------- d-----w- c:\documents and settings\766g\Application Data\Nokia
2009-11-12 14:43 . 2009-05-22 15:34 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-12 14:28 . 2008-11-04 21:25 50160 ----a-w- c:\documents and settings\766g\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 14:26 . 2009-05-22 15:33 -------- d-----w- c:\program files\DIFX
2009-11-08 14:14 . 2008-10-04 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 15:10 . 2009-05-30 08:29 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-10-31 19:02 . 2009-07-05 20:31 -------- d-----w- c:\program files\Common Files\Real
2009-10-31 19:01 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-31 19:01 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-16 12:18 . 2009-05-26 18:40 -------- d-----w- c:\program files\The KMPlayer
2009-10-09 07:30 . 2008-10-14 15:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-26 15:30 . 2009-09-26 15:24 -------- d-----w- c:\program files\CENZURA
2008-11-04 21:24 . 2008-11-04 21:24 133120 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\honza\deamon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-07-22 917504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 192512]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"PWRISOVM.EXE"="d:\honza\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-04 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2009-02-27 35696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\766g\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\hry\\Call of Duty\\CoDMP.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\honza\\SopCast\\SopCast.exe"=
"d:\\honza\\SopCast\\adv\\SopAdver.exe"=
"d:\\honza\\utorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\hry\\Call of Duty\\CoDUOMP.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [4.10.2008 20:46 89749]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4.10.2008 20:46 9600]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.10.2008 15:11 717296]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [5.10.2008 4:24 176256]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10.3.2008 0:04 65536]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - CLASSPNP_2
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\766g\Application Data\Mozilla\Firefox\Profiles\l40c2o8v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 13:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x8A3961F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Coppe -> SendCompleteHandler -> NDIS.sys @ 0xba65fbb0
PacketIndicateHandler -> NDIS.sys @ 0xba64ea0d
SendHandler -> NDIS.sys @ 0xba662b40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1637723038-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
d:\honza\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-11-22 13:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-22 12:38
ComboFix2.txt 2009-11-21 22:43

Před spuštěním: 9 214 386 176 bytes free
Po spuštění: 9 239 818 240

- - End Of File - - 0A368A0096355C89788075BD2CB8F983

[Ghostwriter]

GooredFix by jpshortstuff (18.11.09.1)
Log created at 14:02 on 22/11/2009 (766g)
Firefox version 3.0.15 (cs)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07} [09:37 14/03/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:36 04/10/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:04 16/08/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [19:02 31/10/2009]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [14:43 12/11/2009]

-=E.O.F=-

[Ghostwriter]

Dr WEB žádnej vir nenašel

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš


Spusť F-Secure Online Scanner z odkazu.
http://support.f-secure.com/enu/home/ols.shtml

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Polkiking]

mluvící bios to ses v nem asi wrtal a ženská ti ted hlásí že byl pc spušten a nabotuje z toho a toho , celkem neškodné ale otravné