Prosim o preventivni kontrolu logu Vyřešeno

[Radys26]

Mam v ruce notebook, kterej jakziv nebyl nicim vycisten, takze si nekdo zgustnete :) Diky moc
Posilam logy z HJT a MBAM:


log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:45:12, on 4.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Admin\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [SpybotDeletingD2419] cmd.exe /c del "C:\Program Files\BearShare\db\Hostiles-Chat.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1340] command.com /c del "C:\Program Files\BearShare\db\searches.ini"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13495 bytes
______________________________


log z MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5952

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4.3.2011 16:58:52
mbam-log-2011-03-04 (16-58-45).txt

Typ kontroly: Rychlý test
Testované objekty: 167993
Uplynulý čas: 6 minut, 50 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 24
Infikované hodnoty v registru: 6
Infikované datové položky v registru: 0
Infikované složky: 10
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{C28A0312-C403-417B-A425-A915BC0519CD} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\internet saving optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.6.3.4500 (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.6.3.4500\FF (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.6.3.4500\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.6.3.4500\FF\components (Adware.DoubleD) -> No action taken.
c:\program files\media access startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\FF\components (Adware.DoubleD) -> No action taken.

Infikované soubory:
c:\program files\internet saving optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.5.900\FF\components\hpffaddon.dll (Adware.DoubleD) -> No action taken.

[Reklama]

[memphisto]

Tak to vezmeme z gruntu. Rovnou odinstaluj AVG a ICQ a AVG Toolbar. Pokud se AVG nebude chtít, tak použij AVG Remover. Pak starý známý COmbofix

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Radys26]

Logy z MBAM a Comba:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5952

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4.3.2011 17:40:18
mbam-log-2011-03-04 (17-40-18).txt

Typ kontroly: Rychlý test
Testované objekty: 167617
Uplynulý čas: 4 minut, 8 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 24
Infikované hodnoty v registru: 6
Infikované datové položky v registru: 0
Infikované složky: 10
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C28A0312-C403-417B-A425-A915BC0519CD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.6.3.4500 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.6.3.4500\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.6.3.4500\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.6.3.4500\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
c:\program files\internet saving optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.5.900\FF\components\hpffaddon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.





ComboFix 11-03-03.04 - Admin 04.03.2011 17:50:01.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2590 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Local Settings\Data aplikací\DoubleD
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\config.md
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\ipdata.md
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090814-220505.610.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090814-220547.672.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090814-220627.282.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090814-225040.172.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090814-232008.813.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090815-012846.469.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090815-175142.093.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090816-185857.109.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090817-021230.625.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090817-094524.250.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090817-100323.296.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090817-100325.953.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090818-171546.203.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090818-171602.093.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090818-181707.265.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090820-200207.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090822-102333.218.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090823-000358.343.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-191745.500.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-193830.937.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-220331.765.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-220423.609.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-220434.890.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-220509.390.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090824-220513.906.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-152034.921.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-153231.750.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-153234.359.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-192741.656.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-192835.453.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-192908.687.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-193325.890.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-193611.125.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-193644.875.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-193645.500.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-193718.484.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-194720.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-194813.250.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-194818.656.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-195246.328.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-195349.875.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-201433.890.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-201519.296.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-201824.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-201947.078.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-202020.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-202328.859.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-202337.140.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-203725.718.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-203728.468.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-204239.640.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-204239.984.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205043.765.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205113.125.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205309.734.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205313.390.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205902.781.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-205905.390.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-210253.265.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-210446.500.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-211907.718.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-211914.531.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-213023.015.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-213130.046.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-213447.421.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-213507.421.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-214821.625.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\NP_20090825-215446.546.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Internet Saving Optimizer\3.6.3.4500\rstatus.md
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\config.md
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-220455.735.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-220505.532.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-220547.657.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-220627.266.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-225040.157.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090814-232008.797.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090815-012846.407.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090815-175141.343.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090816-185851.500.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090817-021230.609.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090817-094524.109.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090817-100323.234.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090817-100325.937.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090818-171545.171.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090818-171601.890.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090818-181706.203.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090820-200201.984.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090822-102331.562.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090823-000351.703.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-191742.234.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-193830.859.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-220331.625.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-220423.609.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-220434.875.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-220509.375.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090824-220513.890.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-152034.796.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-153231.531.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-153234.343.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-192736.546.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-192835.359.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-192908.671.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-193325.875.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-193611.109.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-193644.859.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-193645.484.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-193718.453.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-194720.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-194813.234.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-194818.640.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-195246.328.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-195349.859.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-201433.843.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-201519.265.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-201824.781.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-201947.031.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-202020.781.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-202328.828.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-202337.093.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-203725.671.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-203728.421.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-204239.593.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-204239.703.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205043.718.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205113.093.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205309.000.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205313.375.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205902.234.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-205905.359.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-210253.218.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-210446.468.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-211907.671.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-211914.484.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-213023.000.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-213130.031.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-213447.421.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-213507.406.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-214820.578.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\HJHP_20090825-215446.484.log
c:\documents and settings\Admin\Local Settings\Data aplikací\Media Access Startup\1.5.5.900\ipdata.md
C:\install.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc


((((((((((((((((((((((((( Soubory vytvořené od 2011-02-04 do 2011-03-04 )))))))))))))))))))))))))))))))
.

2011-03-04 16:39 . 2011-03-04 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-04 15:49 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 15:49 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 15:32 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-04 15:32 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-04 15:32 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-04 15:32 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-01 20:27 . 2011-03-01 20:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12
2011-02-19 11:09 . 2011-02-19 11:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-02-17 21:18 . 2011-03-02 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Temp
2011-02-17 21:18 . 2011-02-17 21:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-02-17 21:18 . 2011-02-17 21:20 -------- d-----w- c:\program files\Google
2011-02-14 21:11 . 2011-02-27 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-02-06 11:55 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 11:55 . 2010-11-12 17:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 18:19 . 2008-07-30 13:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-09-13 15:20 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-09-13 15:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-09-13 15:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-09-13 15:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-09-13 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-09-13 15:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-09-13 15:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-09-13 15:20 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-09-13 15:20 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-09-13 15:20 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 14:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-09-13 15:20 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-09-13 15:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 11:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 11:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
"nwiz"="nwiz.exe" [2008-03-04 1626112]
"NVHotkey"="nvHotkey.dll" [2008-03-04 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-03-04 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-9-19 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 11:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\Hry\\Heroes of Might and Magic III Complete\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.8.2010 20:25 691696]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [30.7.2008 13:47 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [30.7.2008 13:47 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [30.7.2008 13:47 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [30.7.2008 13:47 235200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2011 22:18 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'

2011-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 21:18]

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\tvzqebit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-avgrsstarter - avgrsstx.dll


.
**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 17:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'explorer.exe'(4064)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2011-03-04 17:59:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-04 16:59
.
Před spuštěním: Volných bajtů: 35 525 283 840
Po spuštění: Volných bajtů: 35 548 565 504

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EADEEA368013162C18D7C1A03AE75313

[memphisto]

Odinstaluj Spybot

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
SecCenter::
AV: AVG Anti-Virus *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Folder::
c:\documents and settings\All Users\Data aplikací\McAfee
c:\program files\SweetIM

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

File::
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\tvzqebit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Radys26]

ComboFix 11-03-04.06 - Admin 05.03.2011 13:45:56.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2555 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\McAfee
c:\documents and settings\All Users\Data aplikací\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-05 do 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-04 20:06 . 2011-03-04 20:06 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-04 15:49 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 15:49 . 2011-03-04 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 15:49 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 15:32 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-04 15:32 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-04 15:32 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-04 15:32 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-01 20:27 . 2011-03-01 20:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12
2011-02-19 11:09 . 2011-02-19 11:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-02-17 21:18 . 2011-03-02 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Temp
2011-02-17 21:18 . 2011-02-17 21:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-02-17 21:18 . 2011-02-17 21:20 -------- d-----w- c:\program files\Google
2011-02-14 21:11 . 2011-02-27 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-02-06 11:55 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 11:55 . 2010-11-12 17:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 18:19 . 2008-07-30 13:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-09-13 15:20 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-09-13 15:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-09-13 15:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-09-13 15:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-09-13 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-09-13 15:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-09-13 15:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-09-13 15:20 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-09-13 15:20 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-09-13 15:20 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 14:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-09-13 15:20 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-09-13 15:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 11:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 11:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
"nwiz"="nwiz.exe" [2008-03-04 1626112]
"NVHotkey"="nvHotkey.dll" [2008-03-04 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-03-04 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-9-19 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 11:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\Hry\\Heroes of Might and Magic III Complete\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.8.2010 20:25 691696]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [30.7.2008 13:47 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [30.7.2008 13:47 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [30.7.2008 13:47 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [30.7.2008 13:47 235200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2011 22:18 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
vvdsvc REG_MULTI_SZ vvdsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\tvzqebit.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 13:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll
.
- - - - - - - > 'explorer.exe'(784)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2011-03-05 13:56:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-05 12:56
ComboFix2.txt 2011-03-04 16:59
.
Před spuštěním: Volných bajtů: 35 654 930 432
Po spuštění: Volných bajtů: 35 629 502 464
.
- - End Of File - - 9275CF4725289DB7FE7C8C999805D60A

[memphisto]

Psal jsem, že máš odinstalovat Spybota. Zároveň moc nedoporučuji používat Firefox Beta verzi, protože je s ní spousta problémů jako nefungující Flash, velké využívání paměti, pády, apod.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

[Radys26]

Spybot jsem vymazal, v pc uz by nemel byt.

pc se chova normalne, smazala se chyba pri nacitani win, kdy naskocil error kvuli SweetIM.exe, ted uz ok


log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:38, on 5.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9910 bytes

[memphisto]

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.vexcast.com/download/vexcast.cab


Nainstaluj antivir. Z free variant doporučím nový AVAST 6, AVIRU, AVG, apod.

[Radys26]

nainstaloval jsem ten novej avast.

Jestli je to vsechno, tak diky moc!

[memphisto]

Z mé strany ano. Pokud nemáš další dotazy, tak to můžeš uzavřít

[Radys26]

Tak prece jeste jen, mam v ruce jeden starsi typ PC sestavy, zkousel jsem to projet nejdriv CCleanerem, potom v MBAM, naslo to pres 343 inf souboru, nejaky z nich nesly smazat.

Tak radsi jeste posilam logy z HJT a ComboFixu...at je to v pohode

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:05, on 5.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Nástroje SMART Board.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://78.156.135.27/plugin/h263ctrl.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8489 bytes




ComboFix 11-03-04.06 - user 05.03.2011 17:17:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.642 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-05 do 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 15:10 . 2011-03-05 15:10 -------- d-----w- c:\program files\CCleaner
2011-03-05 15:08 . 2011-03-05 15:08 -------- d-----w- c:\documents and settings\user\Data aplikací\Malwarebytes
2011-03-05 15:08 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 15:08 . 2011-03-05 15:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-05 15:08 . 2011-03-05 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 15:08 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 08:27 . 2011-03-01 08:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-02-17 13:47 . 2011-02-17 13:47 1409 ----a-w- c:\windows\QTFont.for
2011-02-15 19:11 . 2011-02-15 19:11 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\AVG Security Toolbar
2011-02-15 19:07 . 2011-02-15 19:07 -------- d-----w- c:\documents and settings\user\Data aplikací\AVG10
2011-02-15 19:06 . 2011-02-15 19:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-02-15 19:06 . 2011-03-05 16:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar
2011-02-15 19:01 . 2011-02-15 19:01 -------- d-----w- C:\$AVG
2011-02-15 18:49 . 2011-02-15 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-02-15 18:49 . 2011-02-15 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Temp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-07-02 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2007-07-19 18:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-18 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2004-08-18 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:25 . 2004-08-18 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-18 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25414696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-06-23 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-5-27 161160]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
N stroje SMART Board.lnk - c:\program files\SMART Board Software\SMARTBoardTools.exe [2006-5-10 3248128]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-3-26 44176]
RAMASST.lnk - c:\windows\system32\RAMAsst.exe [2007-12-3 167936]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\ozfegx3x.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-03-05 17:22:53
ComboFix-quarantined-files.txt 2011-03-05 16:22
.
Před spuštěním: Volných bajtů: 156 380 172 288
Po spuštění: Volných bajtů: 161 416 724 480
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A69592E1D8BE9E7ED3BFD80E0319E6F

[memphisto]

Dodej sem i ty logy z Mbam. Najdeš je pod záložkou Protokoly

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\documents and settings\All Users\Data aplikací\McAfee
c:\documents and settings\user\Local Settings\Data aplikací\AVG Security Toolbar
c:\documents and settings\user\Data aplikací\AVG10
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar
C:\$AVG
c:\Program Files\BearShare

File::
c:\windows\Tasks\AppleSoftwareUpdate.job

DDS::
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Firefox::
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\ozfegx3x.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu