Prosím o kontrolu logu.

[Fílek]

Ahoj, dneska jsem potřeboval něco udělat na sestry PC, a bylo to tak zpomalený, že jsem to nevydržel, stáhnul HJT, ATF a MBAM.
ATF smazal něco kolem 150MB, a tady jsou logy HJT a MBAM:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:07, on 22.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programy\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Bibi\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Bibi\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Programy\OpwareSE4.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 9463 bytes



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5172

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

22.11.2010 20:46:58
mbam-log-2010-11-22 (20-46-58).txt

Typ skenu: Rychlý sken
Skenované objekty: 140002
Uplynulý čas: 6 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 136
Infikované hodnoty registru: 6
Infikované datové položky registru: 0
Infikované složky: 18
Infikované soubory: 52

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00012843 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0032D6D4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0066AA78.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E81F4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E8436.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E859E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E8792.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E8B4B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0144A967 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01490DF9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01491A7D.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01491DD8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01492133.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01512582.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.


(ten MBAM je nářez, co si to tam dávala...)
Díky Vám moc.

[Reklama]

[memphisto]

Fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Bibi\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Bibi\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Fílek]

ComboFix 10-11-22.01 - Bibi 22.11.2010 21:19:27.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1278.776 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bibi\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aphat.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nkqftucf


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-22 do 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-22 20:13 . 2010-11-22 20:13 -------- d-----w- c:\windows\system32\LogFiles
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\documents and settings\Bibi\Data aplikací\Malwarebytes
2010-11-22 19:39 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-22 19:39 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 19:35 . 2010-11-22 19:35 388096 ----a-r- c:\documents and settings\Bibi\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-22 19:35 . 2010-11-22 19:35 -------- d-----w- c:\program files\Trend Micro
2010-10-27 08:51 . 2004-05-17 14:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-10-27 08:51 . 2004-05-17 13:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2010-10-27 08:51 . 2004-05-10 08:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2010-10-27 08:51 . 2004-05-17 14:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-10-27 08:51 . 2004-05-17 14:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-10-27 08:51 . 2004-05-17 14:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2010-10-27 08:51 . 2004-05-17 13:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2010-10-27 08:51 . 2004-05-10 08:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2010-10-27 08:43 . 2010-10-27 08:43 -------- d-----w- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\programy\OpwareSE4.exe" [2007-02-04 79400]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
S1 afab;afab;\??\c:\windows\system32\afab.sys --> c:\windows\system32\afab.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2010 13:17 135664]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [30.7.2010 12:42 611584]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 12:17]

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 12:17]

2010-11-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\Bibi\Data aplikací\Mozilla\Firefox\Profiles\ltkjreuh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 21:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x893E9EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8850f872; SUB DWORD [EBP-0x4], 0x8850f12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8974C030]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000064[0x896EEBA0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x89734030]
[0x89681898] -> IRP_MJ_CREATE -> 0x893E9EC5
error: Read Nesprávná funkce.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000062 -> \??\IDE#DiskST380011A_______________________________8.01____#4A3343565A4C4754202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="00034FA84C46BCF6"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2672)
d:\programy\OpHookSE4.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-22 21:32:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-22 20:32

Před spuštěním: 4 650 860 544
Po spuštění: 4 613 287 936

- - End Of File - - 72EE293927AEEC056FC908AD7D569DD2

[jaro3]

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

******************************************************************************************
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc

Udělej nový sken Combofixu a vlož ho sem
**************************************************************************************************************************************
Toto zatím nepoužij , teprve když Ti napíšu...

V tom případě by to mohl být TDL3 rootkit. Postupuj takto:

1) Tento krok proveď na PC s vypalovačkou, do které vlož prázdné CD vhodné k zápisu:
Stáhni si MSDaRT pro svůj příslušný operační systém:
Windows XP -> http://www.mediafire.com/?ddsfd2xdndw
Windows Vista -> http://www.mediafire.com/?knvmygelfxy
Windows 7 -> http://www.mediafire.com/?5qmmdkzjeg3

Nainstaluj program dle pokynů staženého instalátoru.
Po dokončení instalace spusť tento soubor: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\ERDC.exe
Klikej postupně na tlačítko Next, nech vytvořit .iso soubor a pomocí průvodce ho vypal na CD.
2) Restartuj počítač, na kterém máš problémy a vlož do jeho mechaniky vypálené CD. Předtím, než se Windows načtou, mačkej libovolnou klávesu a počítač začne bootovat z CD.
Po nabootování jdi přes menu Start - System Tools - System Files Repair.
Spustí se průvodce, který vyhledá virem narušené / poškozené systémové soubory. Všechny soubory, které najde, nech opravit.

Jdi přes menu Start - Log Off(vypnout) - Restart - OK a tvůj počítač se restartuje.

3) Po restartu počítače jdi v OS přes menu Start - Nastavení - Ovládací panely - Přidat nebo odebrat programy - vyber: Microsoft Diagnostics and Recovery Toolset - klikni na Odebrat. Tohle MSDaRT zase odinstaluje.
Napiš výsledky. Po provedení těchto kroků vlož nový log z ComboFixu.
Podle všeho MSDaRT ten nakažený atapi.sys opravil.
Microsoft Diagnostics and Recovery Toolset (MSDaRT or DaRT) is one of the best tools when it comes to repairing a non-bootable Windows.

[Fílek]

Takže první MBR Rootkit Detektor?
Vlítnu na to odpoledne, teď musím do školy.

[jaro3]

přesně tak , to druhé zatím nepoužij..

[Fílek]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully
error: Read Nesprávná funkce.
kernel: MBR read successfully
detected disk devices:
\Device\00000061 -> \??\IDE#DiskST380011A_______________________________8.01____#4A3343565A4C4754202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK


Potom jsem udělal to C:\mbr.exe -f, mám udělat nový MBR log po restartu?

[jaro3]

jo udělej , a pak nový sken Combofixu.

[Fílek]

MBR:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully
error: Read Nesprávná funkce.
kernel: MBR read successfully
detected disk devices:
\Device\00000061 -> \??\IDE#DiskST380011A_______________________________8.01____#4A3343565A4C4754202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK



Combofix:
ComboFix 10-11-22.01 - Bibi 23.11.2010 15:39:21.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1278.860 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bibi\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bibi\Data aplikací\Winamp
c:\documents and settings\Bibi\Data aplikací\Winamp\auth.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\demo.mp3
c:\documents and settings\Bibi\Data aplikací\Winamp\links.xml
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\gen_ml.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\gen_mud.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\milk2_img.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\milk2_msg.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\feeds.xml
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\main.dat
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\main.idx
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metA9F9.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metAA18.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metAA28.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metAA37.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metAA47.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metB9CB.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\metBA19.vmd
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\ml_online.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\omServices\omService_{0000010100}.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\omServices\omService_{0000010200}.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\omServices\omService_{0000011004}.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\omServices\omService_{0000221836}.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\omServices\omService_{0000222151}.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\playlists.xml
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\recent.dat
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\recent.idx
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\ml\rss.xml
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(1).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(10).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(11).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(12).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(13).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(14).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(15).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(16).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(17).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(18).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(19).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(2).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(20).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(21).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(22).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(23).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(24).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(25).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(26).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(27).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(28).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(29).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(3).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(30).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(31).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(32).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(33).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(34).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(35).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(36).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(37).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(38).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(39).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(4).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(40).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(41).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(5).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(6).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(7).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(8).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics(9).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics.png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(1).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(10).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(11).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(12).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(13).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(14).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(15).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(16).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(17).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(18).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(19).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(2).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(20).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(21).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(22).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(23).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(24).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(25).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(26).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(27).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(28).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(29).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(3).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(30).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(31).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(32).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(33).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(34).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(35).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(36).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(37).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(38).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(39).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(4).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(40).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(41).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(5).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(6).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(7).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(8).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day(9).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Mp3_of_the_Day.png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(1).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(10).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(11).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(12).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(13).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(14).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(15).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(16).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(17).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(18).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(19).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(2).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(20).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(21).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(22).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(23).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(24).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(25).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(26).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(27).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(28).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(29).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(3).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(30).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(31).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(32).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(33).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(34).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(35).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(36).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(37).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(38).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(39).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(4).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(40).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(41).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(5).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(6).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(7).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(8).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1(9).png
c:\documents and settings\Bibi\Data aplikací\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1.png
c:\documents and settings\Bibi\Data aplikací\Winamp\studio.xnf
c:\documents and settings\Bibi\Data aplikací\Winamp\winamp.ini
c:\documents and settings\Bibi\Data aplikací\Winamp\Winamp.m3u
c:\documents and settings\Bibi\Data aplikací\Winamp\winamp.m3u8
c:\documents and settings\Bibi\Data aplikací\Winamp\Winamp.q1

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-22 20:13 . 2010-11-22 20:13 -------- d-----w- c:\windows\system32\LogFiles
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\documents and settings\Bibi\Data aplikací\Malwarebytes
2010-11-22 19:39 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 19:39 . 2010-11-22 19:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-22 19:39 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 19:35 . 2010-11-22 19:35 388096 ----a-r- c:\documents and settings\Bibi\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-22 19:35 . 2010-11-22 19:35 -------- d-----w- c:\program files\Trend Micro
2010-10-27 08:51 . 2004-05-17 14:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-10-27 08:51 . 2004-05-17 13:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2010-10-27 08:51 . 2004-05-10 08:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2010-10-27 08:51 . 2004-05-17 14:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-10-27 08:51 . 2004-05-17 14:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-10-27 08:51 . 2004-05-17 14:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2010-10-27 08:51 . 2004-05-17 13:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2010-10-27 08:51 . 2004-05-10 08:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2010-10-27 08:43 . 2010-10-27 08:43 -------- d-----w- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-11-22_20.27.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-23 13:20 . 2010-11-23 13:20 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\programy\OpwareSE4.exe" [2007-02-04 79400]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
S1 afab;afab;\??\c:\windows\system32\afab.sys --> c:\windows\system32\afab.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2010 13:17 135664]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [30.7.2010 12:42 611584]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 12:17]

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 12:17]

2010-11-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\Bibi\Data aplikací\Mozilla\Firefox\Profiles\ltkjreuh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 15:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x892A6EC5]<<
c:\docume~1\Bibi\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8850f872; SUB DWORD [EBP-0x4], 0x8850f12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x89685030]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000063[0x89686BA0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x896E4030]
[0x893546D8] -> IRP_MJ_CREATE -> 0x892A6EC5
error: Read Nesprávná funkce.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000061 -> \??\IDE#DiskST380011A_______________________________8.01____#4A3343565A4C4754202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="00034FA84C46BCF6"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-23 15:49:01
ComboFix-quarantined-files.txt 2010-11-23 14:48
ComboFix2.txt 2010-11-22 20:32

Před spuštěním: 4 618 829 824
Po spuštění: 4 607 086 592

- - End Of File - - ADCD2C57974A090FD44411D7FD47357C

[jaro3]

Stáhni Bootkit Remover

-ulož na plochu
-spusť
- pak klikni do černého okna a zkopíruj sem výsledek, případně dej screen
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\afab.sys

Driver::
afab

Firefox::
FF - ProfilePath - c:\documents and settings\Bibi\Data aplikací\Mozilla\Firefox\Profiles\ltkjreuh.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

MBR::


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[Fílek]

Po aplikování CF mi nejde myš ani klávesnice. Ani po restartu. Co s tím? Žádné USB nejde, i když tam dám flash!!!

[jaro3]

Zkus ještě 2x restart , potom:

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.