Nelze nic nainstalovat,pouze spustit

[Damned]

Máš to jak zahrádku, roste ti tam toho poženaně . Udělej následující, já musím teď pryč, večer se zas mrknu.

Odinstaluj si:
Crawler Toolbar
AskBarDis (AskTBar,AskToolBar)
PDFCreator Toolbar
BitTorrent DNA
WinHTTrack
Daemon Tools Toolbar

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [winsys] C:\WINDOWS\system32\user32\system32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [sysup32] C:\WINDOWS\system32\user32\system32.exe
O4 - HKLM\..\Policies\Explorer\Run: [system32] C:\WINDOWS\system32\user32\system32.exe
O4 - HKCU\..\Policies\Explorer\Run: [system32] C:\WINDOWS\system32\user32\system32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
*****************************************************************************************************************************************
Když to vše uděláš, měli by ti jít instalátory.Upozorňuji, že tímto odvirování nekončí.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.


Pokud by ti nešel instalovat MbAM:

Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[Reklama]

[Stene]

No chudák počítač

Tvůj komentář je úplně zbytečný, nic neřeší, jen to znepřehledňuje. Již jednou jsem Tě upozorňoval, že toto je poradna a ne diskusní fórum a už vůbec ne v této sekci. Laskavě se zdrž zbytečných poznámek. Děkuji za pochopení. Pic

[kvaska]

Tark hej tak ty jsi borec: mam tam jednoho vira ale mam ho pod kontrolou :D:D:D jak už tady bylo psano...chudáák počitač :)

Tvůj komentář je úplně zbytečný, nic neřeší, jen to znepřehledňuje. Laskavě buď raď, nebo mlč. Pokud chceš diskutovat, je na netu dost diskusních fór. Přečti si laskavě pravidla tohoto fóra a také se jimi řiď. Děkuji za pochopení! Pic

[Tark.]

No tak teda,Damned,ty jsi vážně machr(i vy ostatní :)).Udělal jsem vše jak jsi řekl,instalace jedou.Jsi super!
Jo a ten program Malwarebytes je sharewar nebo freeware?

K těm virům:

Nojo...mám tam jen 1 vir no ,trochu jsem se sekl





Malwarebytes' Anti-Malware 1.42
Verze databáze: 3340
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.12.2009 19:26:16
mbam-log-2009-12-10 (19-26-12).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107890
Uplynulý čas: 4 minute(s), 35 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované adresáře: 4
Infikované soubory: 20

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{671fs0jl-p34v-8c8i-4125-ofp615lj3c6t} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{mss11v86-0888-5l5j-r8mi-0bfnd3256i0y} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32 (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Win32GI (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32Gl (Backdoor.Bot) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\sys32\winsys.exe (Generic.Bot.H) -> No action taken.
C:\WINDOWS\system32\system32\system32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\sysup32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\user32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\winsys.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\system32\winup32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Win32GI\system32.exe (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32GI\sysup32.exe (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32GI\user32.exe (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32GI\winsys.exe (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32GI\winup32.exe (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\Win32Gl\system32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\Win32Gl\sysup32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\Win32Gl\user32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\Win32Gl\winsys.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\Win32Gl\winup32.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Jana\Data aplikací\addon.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\sysdefender.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\srosa.sys (Worm.Bagle) -> No action taken.

[Damned]

Jeden ti nechám?

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Tark.]

Po dlouze vysilujícím skenování,vše (asi v pořádku) proběhlo.Damned,chci upozornit že ten tvuj Combofix nefungoval,ani s nerozjel,hodilo to error.Proto jsem si stáhl combofix z internetu http://www.combofix.org/

K průběhu:

Malwarebytes potřeboval restartovat notebook a smazat havěť ještě před spuštěním NTB nebo jak to mam nazvat (jak se to dělá u odolnější havěti).

A Combofix má zase smysl pro humor:Scanování nemělo trvat dýl jak 10 minut.Ano trvalo asi jen 6,za to "pouhé" psaní logu trvalo snad 20 minut...

Posílám logy s obou programů...snad se to tu vleze

Malwarebytes

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3340
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11.12.2009 12:58:40
mbam-log-2009-12-11 (12-58-40).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107940
Uplynulý čas: 4 minute(s), 45 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované adresáře: 4
Infikované soubory: 20

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{671fs0jl-p34v-8c8i-4125-ofp615lj3c6t} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{mss11v86-0888-5l5j-r8mi-0bfnd3256i0y} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Delete on reboot.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované adresáře:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované soubory:
C:\WINDOWS\system32\sys32\winup32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\system32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\sysup32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\user32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\winsys.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32\winup32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI\system32.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI\sysup32.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI\user32.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI\winsys.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32GI\winup32.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl\system32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl\sysup32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl\user32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl\winsys.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Win32Gl\winup32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jana\Data aplikací\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sysdefender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\srosa.sys (Worm.Bagle) -> Quarantined and deleted successfully.















Combofix log je zde:


ComboFix 09-12-10.01 - Jana 11.12.2009 13:20:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1014.604 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\recycler\S-1-5-21-898231767-865743312-4065519179-1003
c:\windows\system32\drivers\FSC__PI__AMILO Pro Edition V3505 __FUJITSU SIEMENS_AMILO Pro Edition V3505 __Ver 1.00PARTTBL_FSC - 6040000_R01-B0G .MRK
c:\windows\system32\drivers\mdelk.exe
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-11 do 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- C:\OtsLabs
2009-12-10 18:19 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 18:19 . 2009-12-10 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 18:19 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 18:20 . 2009-12-05 22:25 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-12-04 08:43 . 2009-12-04 08:43 -------- d-----w- c:\windows\system32\xlive
2009-12-04 08:20 . 2009-12-04 08:20 -------- d-----w- c:\documents and settings\Jana\.thumbnails
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\program files\Empire Interactive
2009-12-03 20:59 . 2009-12-03 20:59 -------- d--h--w- c:\program files\wins
2009-12-03 20:57 . 2009-12-03 20:57 -------- d-----w- c:\windows\Files
2009-12-03 20:57 . 2008-12-29 10:06 1109065 ----a-w- c:\windows\EPVP-MSI 4.0.exe
2009-12-03 20:57 . 2009-01-02 02:53 1351392 ----a-w- c:\windows\EPVP-MHS 4.0.exe
2009-12-03 15:33 . 2009-12-10 10:33 69 ----a-w- c:\documents and settings\Jana\jagex_runescape_preferences2.dat
2009-12-03 15:32 . 2009-12-10 10:33 39 ----a-w- c:\documents and settings\Jana\jagex_runescape_preferences.dat
2009-11-12 17:52 . 2009-11-12 17:54 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-11-12 17:52 . 2009-11-12 17:52 -------- d-----w- c:\program files\3DO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 12:30 . 2009-05-08 12:48 -------- d-----w- c:\program files\Steam
2009-12-10 17:53 . 2009-01-24 19:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-10 17:52 . 2009-10-17 11:03 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.6
2009-12-10 12:37 . 2009-08-14 18:16 -------- d-----w- c:\program files\Cheat Engine
2009-12-10 10:46 . 2009-08-30 09:43 -------- d-----w- c:\program files\DNA
2009-12-09 19:40 . 2009-05-01 13:30 -------- d-----w- c:\program files\Metin2_CZ
2009-12-09 17:01 . 2009-09-23 15:04 -------- d-----w- c:\program files\World of Warcraft
2009-12-08 19:31 . 2009-07-30 07:10 -------- d-----w- c:\program files\Valve
2009-12-05 08:00 . 2009-09-25 18:49 -------- d-----w- c:\program files\Spyware Terminator
2009-12-04 16:43 . 2009-06-26 16:48 -------- d-----w- c:\program files\Google
2009-12-04 08:29 . 2009-07-25 17:59 -------- d-----w- c:\program files\TRAIN VIEWER
2009-12-03 18:23 . 2009-08-16 10:12 -------- d-----w- c:\program files\Warcraft III
2009-12-02 14:48 . 2008-07-18 14:47 181417 ----a-w- c:\windows\War3Unin.dat
2009-11-24 17:37 . 2008-05-21 17:53 -------- d-----w- c:\program files\CamStudio
2009-11-24 16:26 . 2009-02-19 16:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 14:06 . 2009-09-25 18:56 -------- d-----w- c:\program files\WinClamAVShield
2009-11-21 06:41 . 2006-02-16 21:42 75640 ----a-w- c:\windows\system32\perfc005.dat
2009-11-21 06:41 . 2006-02-16 21:42 403558 ----a-w- c:\windows\system32\perfh005.dat
2009-11-16 09:58 . 2009-07-07 10:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2009-10-31 20:43 . 2009-04-25 15:00 -------- d-----w- c:\program files\EA GAMES
2009-10-31 09:44 . 2009-08-19 14:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-23 10:24 . 2009-10-23 10:20 -------- d-----w- c:\program files\Nero
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\Common Files\Nero
2009-10-20 13:34 . 2008-11-04 18:36 -------- d-----w- c:\program files\F1 Challenge 99-02
2009-10-16 15:42 . 2007-10-15 08:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 15:41 . 2007-10-15 08:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-25 18:49 . 2009-09-25 18:49 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-03-22 18:08 . 2008-03-22 18:08 14290 ----a-w- c:\program files\settings.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-09 288048]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe Conexant\AccessRunner ADSL USB" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 110592]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-05-04 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-12-11 52896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\AndariaClient.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Warcraft III\\war3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58653:TCP"= 58653:TCP:Pando Media Booster
"58653:UDP"= 58653:UDP:Pando Media Booster
"6112:TCP"= 6112:TCP:WarCraft III Battle.net
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.1.2009 20:13 717296]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [28.8.2009 17:42 2944]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [28.7.2009 15:07 19064]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.9.2009 19:49 142592]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [23.2.2008 16:02 100032]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11.8.2008 17:35 1373480]
S1 mailKmd;mailKmd; [x]
S2 gupdate1c9f67e16775000;Služba Google Update (gupdate1c9f67e16775000);c:\program files\Google\Update\GoogleUpdate.exe [26.6.2009 17:49 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [22.4.2009 11:08 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [22.4.2009 11:08 618112]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [23.4.2009 13:33 61952]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [22.4.2009 11:08 52736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83E2861C-F1C5-C96F-8DF8-1F5152CC2042}]
2008-12-29 10:06 1109065 ---h--w- c:\program files\wins\svchost.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ul5sz2kp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-winup32 - c:\windows\system32\sys32\winup32.exe
HKLM-Explorer_Run-system32 - c:\windows\system32\sys32\winup32.exe
HKCU-Explorer_Run-system32 - c:\windows\system32\sys32\winup32.exe
AddRemove-Casino-On-Net - c:\progra~1\CASINO~1\UNWISE.EXE
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Jana\Plocha\HijackThis.exe
AddRemove-ijji.com - c:\ijji\ENGLISH\ijjiUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\SoftwareDistribution
c:\windows\system32\wuapi.dll.mui 15072 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.197125.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 15072 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.198968.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.mui 18136 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.200406.bak 1134592 bytes executable
c:\windows\system32\wucltui.dll.mui 22232 bytes executable
c:\windows\system32\wups2.dll 44768 bytes executable

sken byl úspešně dokončen
skryté soubory: 9

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys iaStor.sys spfh.sys >>UNKNOWN [0x86385938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7660fc3
\Driver\ACPI -> ACPI.sys @ 0xf74abcb8
\Driver\atapi -> sfsync02.sys @ 0xf762d8b4
\Driver\iaStor -> sfsync02.sys @ 0xf762d8b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e412c
ParseProcedure -> ntoskrnl.exe @ 0x8057c799
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e412c
ParseProcedure -> ntoskrnl.exe @ 0x8057c799
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf727bba0
PacketIndicateHandler -> NDIS.sys @ 0xf726aa0b
SendHandler -> NDIS.sys @ 0xf727eb31
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3282382579-559682900-3503029638-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1248)
c:\windows\system32\shdoclc.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Launch Manager\WLBTTray.exe
c:\program files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-12-11 13:41:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-11 12:41

Před spuštěním: Volných bajtů: 12 622 274 560
Po spuštění: Volných bajtů: 12 371 259 392

- - End Of File - - 1FD10E2A7A2E6CB660450ED4E7A8B464

[Tark.]

Tak prosím,vím že je toho nademnou moc,ale vážně prosím,aby se na to už nějaký profík podíval.Už den čekám.Jo a je normální,že potom co jsem smazal tolik virů,mi ted windows stahuje neustále aktualizace?

[Tark.]

Tak lidi :( prosím já už čekám 3 dny až mi to nějaký profík zkontroluje,fakt je to pro mě duležité.Opustili jste mě uprostřed mazání virů :(

[guest]

Tady je problém zřejmě v tom, že již od počátku jsi dával logy do špatné sekce, chlapi toho mají na řešení mnoho a Damnedovi to zřejmě zmizelo z očí. Já tě mohu jenom vypíchnou nahoru.

[Damned]

Omlouvám se, byl jsem mimo a zas budu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\program files\settings.dat
c:\windows\system32\GameMon.des
c:\program files\wins\svchost.exe

Folder::
c:\program files\DAEMON Tools Toolbar
c:\program files\wins

DDS::
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

FireFox::
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

Driver::
mailKmd;mailKmd
mailKmd
npggsvc;nProtect GameGuard Service
npggsvc

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83E2861C-F1C5-C96F-8DF8-1F5152CC2042}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Tark.]

Omlouvat se nemusíš,přece taky vedeš normální život já jen aby se na mě nezapomělo

Chování počítače:
Počítač je poslušnější než byl.Jenom momentálně neustále chce stahovat aktualizace systému Windows.Nevím jestli je to chyba,a musí to stahovat postupně.Docela bych ocenil,kdyby těch aktualizací stáhl víc "naráz".Ale jsem rád,že vubec nějaké stahuje,předtím totiž nestahoval a já si to neuvdědomoval.
Co se týče instalací,tak ty jedou,akorát se někdy stane že se NTB tváří jako že je seklý,ale jakmile drbnu do myši tak zase jede.Např.Dám instalovat,kliknu další,nic se neděje,ale jakmile trošičku pohnu myší,hned to zase valí.Ale toto mi nepřipadne jako velká vada.
Zrovna jsem nainstaloval Avast,konečně mi totiž antiviry nehlásí:že nejsou součástí Win32...ale je shareware ...takže odinstaluju a nainstaluji Avira.Nebo znáte nějaký freeware antivir,který je spolehlivý?Pokud ano tak kdokoliv napište prosím.Možná vyhrabu ze skříně stařičké AVGčko,ale myslím že mi už došla doba klíče.
Využití CPU se drží v rozumných hodnotách při těměř žádné zátěži (psaní této odpovědi)>>>4%
chyby mi nějak nehlásí.

Posílám logy:


Combofix:

ComboFix 09-12-10.01 - Jana 14.12.2009 18:25:30.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1014.740 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jana\Plocha\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\program files\settings.dat"
"c:\program files\wins\svchost.exe"
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\settings.dat
c:\program files\wins
c:\program files\wins\errorlog.dat
c:\program files\wins\svchost.exe
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mailKmd


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-14 do 2009-12-14 )))))))))))))))))))))))))))))))
.

2009-12-12 21:27 . 2009-12-12 21:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-12 21:27 . 2009-12-12 21:27 -------- d-----w- c:\program files\MSBuild
2009-12-12 21:27 . 2009-12-12 21:27 -------- d-----w- c:\program files\Reference Assemblies
2009-12-12 21:27 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-12 21:26 . 2009-12-12 21:27 -------- d-----w- C:\a1632877f393c3248d8c
2009-12-12 21:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-12 21:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-12 21:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-12 21:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-12 21:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-12 21:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-12 21:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-12 21:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-12 21:24 . 2009-12-12 21:24 -------- d-----w- c:\program files\MSXML 6.0
2009-12-12 20:36 . 2009-12-14 14:10 -------- d-----w- c:\program files\DaemonicMU
2009-12-12 12:12 . 2009-12-12 12:12 -------- d-----w- c:\windows\ServicePackFiles
2009-12-12 12:12 . 2009-12-12 12:12 -------- d-----w- c:\program files\MSXML 4.0
2009-12-12 08:41 . 2009-12-12 08:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-12 08:35 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-12 08:29 . 2009-08-04 17:18 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-12 08:29 . 2009-08-04 17:18 2065152 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-12 08:29 . 2009-08-04 17:18 2188160 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-12 08:29 . 2009-08-04 17:18 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- C:\OtsLabs
2009-12-10 18:19 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 18:19 . 2009-12-10 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 18:19 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 18:20 . 2009-12-11 20:11 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-12-04 08:43 . 2009-12-04 08:43 -------- d-----w- c:\windows\system32\xlive
2009-12-04 08:20 . 2009-12-04 08:20 -------- d-----w- c:\documents and settings\Jana\.thumbnails
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\program files\Empire Interactive
2009-12-03 20:57 . 2009-12-03 20:57 -------- d-----w- c:\windows\Files
2009-12-03 20:57 . 2008-12-29 10:06 1109065 ----a-w- c:\windows\EPVP-MSI 4.0.exe
2009-12-03 20:57 . 2009-01-02 02:53 1351392 ----a-w- c:\windows\EPVP-MHS 4.0.exe
2009-12-03 15:33 . 2009-12-10 10:33 69 ----a-w- c:\documents and settings\Jana\jagex_runescape_preferences2.dat
2009-12-03 15:32 . 2009-12-10 10:33 39 ----a-w- c:\documents and settings\Jana\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-14 17:37 . 2009-05-08 12:48 -------- d-----w- c:\program files\Steam
2009-12-14 06:37 . 2006-02-16 21:42 84776 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 06:37 . 2006-02-16 21:42 442644 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 18:30 . 2009-05-01 13:30 -------- d-----w- c:\program files\Metin2_CZ
2009-12-12 10:44 . 2009-07-30 07:10 -------- d-----w- c:\program files\Valve
2009-12-10 17:52 . 2009-10-17 11:03 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.6
2009-12-10 12:37 . 2009-08-14 18:16 -------- d-----w- c:\program files\Cheat Engine
2009-12-10 10:46 . 2009-08-30 09:43 -------- d-----w- c:\program files\DNA
2009-12-09 17:01 . 2009-09-23 15:04 -------- d-----w- c:\program files\World of Warcraft
2009-12-05 08:00 . 2009-09-25 18:49 -------- d-----w- c:\program files\Spyware Terminator
2009-12-04 16:43 . 2009-06-26 16:48 -------- d-----w- c:\program files\Google
2009-12-04 08:29 . 2009-07-25 17:59 -------- d-----w- c:\program files\TRAIN VIEWER
2009-12-03 18:23 . 2009-08-16 10:12 -------- d-----w- c:\program files\Warcraft III
2009-12-02 14:48 . 2008-07-18 14:47 181417 ----a-w- c:\windows\War3Unin.dat
2009-11-24 17:37 . 2008-05-21 17:53 -------- d-----w- c:\program files\CamStudio
2009-11-24 16:26 . 2009-02-19 16:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 14:06 . 2009-09-25 18:56 -------- d-----w- c:\program files\WinClamAVShield
2009-11-16 09:58 . 2009-07-07 10:36 -------- d-----w- c:\program files\Algodoo Phun Edition
2009-11-12 17:54 . 2009-11-12 17:52 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-11-12 17:52 . 2009-11-12 17:52 -------- d-----w- c:\program files\3DO
2009-10-31 20:43 . 2009-04-25 15:00 -------- d-----w- c:\program files\EA GAMES
2009-10-31 09:44 . 2009-08-19 14:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-29 05:21 . 2006-02-16 21:41 669696 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 10:24 . 2009-10-23 10:20 -------- d-----w- c:\program files\Nero
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\Common Files\Nero
2009-10-21 06:03 . 2006-02-16 21:41 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2006-02-16 21:41 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 13:34 . 2008-11-04 18:36 -------- d-----w- c:\program files\F1 Challenge 99-02
2009-10-16 15:42 . 2007-10-15 08:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 15:41 . 2007-10-15 08:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-13 10:53 . 2006-02-16 21:41 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-02-16 21:41 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-02-16 21:41 112640 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 18:49 . 2009-09-25 18:49 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-25 05:50 . 2006-02-16 21:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-09 288048]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe Conexant\AccessRunner ADSL USB" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 110592]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-05-04 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-12-11 52896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\AndariaClient.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Warcraft III\\war3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58653:TCP"= 58653:TCP:Pando Media Booster
"58653:UDP"= 58653:UDP:Pando Media Booster
"6112:TCP"= 6112:TCP:WarCraft III Battle.net
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.1.2009 20:13 717296]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [28.8.2009 17:42 2944]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [28.7.2009 15:07 19064]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.9.2009 19:49 142592]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [23.2.2008 16:02 100032]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11.8.2008 17:35 1373480]
S2 gupdate1c9f67e16775000;Služba Google Update (gupdate1c9f67e16775000);c:\program files\Google\Update\GoogleUpdate.exe [26.6.2009 17:49 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [22.4.2009 11:08 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [22.4.2009 11:08 618112]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [23.4.2009 13:33 61952]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [22.4.2009 11:08 52736]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ul5sz2kp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-14 18:36
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?H???\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@??v??????0y?w,??????????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?sdi9? :@?pi9????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys iaStor.sys spwf.sys >>UNKNOWN [0x86385938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7660fc3
\Driver\ACPI -> ACPI.sys @ 0xf74abcb8
\Driver\atapi -> sfsync02.sys @ 0xf762d8b4
\Driver\iaStor -> sfsync02.sys @ 0xf762d8b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4d75
ParseProcedure -> ntoskrnl.exe @ 0x8057950b
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4d75
ParseProcedure -> ntoskrnl.exe @ 0x8057950b
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf727bba0
PacketIndicateHandler -> NDIS.sys @ 0xf726aa0b
SendHandler -> NDIS.sys @ 0xf727eb31
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3282382579-559682900-3503029638-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(632)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\sm56hlpr.exe
c:\program files\Launch Manager\WLBTTray.exe
c:\windows\RTHDCPL.EXE
c:\program files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe
.
**************************************************************************
.
Celkový čas: 2009-12-14 18:44:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-14 17:44
ComboFix2.txt 2009-12-11 12:41

Před spuštěním: 7 917 731 840
Po spuštění: 7 928 029 184

- - End Of File - - CB69992C2AA8E3BF50AFF752A1D39DAE





HJT log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:45, on 14.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\steam\steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Launch Manager\WLBTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jana\Plocha\Složka na opravy\necojentak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe" "Conexant\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Služba Google Update (gupdate1c9f67e16775000) (gupdate1c9f67e16775000) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Služba Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9394 bytes

[Damned]

Vidím tam avast, Norton Internet Security a ještě chceš instalovat aviru?

Pokud máš legální kompletní NIS, odinstaluj si avast (použij i aws_cleaner ze stránek avastu). Pokud ne, ponech si avast (je 60 dní Pro, pak se přepne do Free verze) a nic jiné neistaluj.

V PC stačí jeden antivir, víc antivirů může způsobit nefunkčnost všech co tam máš a rapidní zpomalení PC.

Takže si vyber a pak mi sem dej nový log z HJT,ať vidím jestli tam ještě něco je.

Před odinstalací si vypní body obnovení, a po chvíli si je znovu zapni,pak smaž karanténu toho co budeš odinstalovávat a poté teprve odinstaluj vybraný antivir.

To co ti tam pak zbude aktualizuj a projeď si s tím PC.