prosím kontrola logu + Vyřešeno

[memphisto]

Udělej, co psal Damned nademnou a dál:

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[petrjur]

ComboFix 09-05-16.04 - Freedom 17.05.2009 0:14.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2038.1144 [GMT 2:00]
Spuštěný z: c:\users\Freedom\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-1000\$IZ465FQ.doc
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$IH9WBXU.doc
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$ICH1ODR.pdf
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$IOB69V5.pdf
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$RH9WBXU.doc
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$RCH1ODR.pdf
c:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-501\$ROB69V5.pdf
c:\windows\system32\drivers\UACfesknpmbudqmdif.sys
c:\windows\system32\UACeamurunpplxepvs.dll
c:\windows\system32\UACfhkuegnprkomigi.log
c:\windows\system32\UACgswqylitkyrjlkx.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjnnjinpkowxxbpe.dll
c:\windows\system32\UACktqvaomvaxvecdl.log
c:\windows\system32\UACpkluiignerwtvbi.dll
c:\windows\system32\UACpopfnxnpmgjjbmn.db
c:\windows\system32\UACscotwvstiyckcrs.dat
c:\windows\system32\UACtrckqpsdyreehql.dll
c:\windows\system32\UACxdyojjpftnvxrqf.dll
c:\windows\system32\UACyovplrtntnpvkgx.log
c:\windows\system32\x64
e:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-1000\$I12U8SY.mp3
e:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-1000\$ICMKUT6.html
e:\$recycle.bin\S-1-5-21-2770929342-1451638913-3497623690-1000\$III85QP.mp3

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Soubory vytvořené od 2009-04-16 do 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 21:04 . 2009-05-16 21:04 -------- d-----w c:\users\Freedom\AppData\Roaming\Malwarebytes
2009-05-16 20:58 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 20:58 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 20:58 . 2009-05-16 20:58 -------- d-----w c:\programdata\Malwarebytes
2009-05-16 20:58 . 2009-05-16 20:58 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-16 20:58 . 2009-05-16 21:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 20:25 . 2009-05-16 20:25 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-16 19:56 . 2009-05-16 19:56 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-16 19:56 . 2009-05-16 19:56 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-16 19:56 . 2009-05-16 19:56 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\program files\Common Files\MicroWorld
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\programdata\MicroWorld
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\users\All Users\MicroWorld
2009-05-11 20:24 . 2008-01-15 09:44 91264 ----a-w c:\windows\system32\drivers\zebrsce.sys
2009-05-11 20:23 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrcm.sys
2009-05-11 20:23 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrcmnt.sys
2009-05-11 20:23 . 2008-01-15 09:44 109568 ----a-w c:\windows\system32\drivers\zebrmdmc.sys
2009-05-11 20:23 . 2008-01-15 09:44 14848 ----a-w c:\windows\system32\drivers\zebrmdfl.sys
2009-05-11 20:23 . 2008-01-15 09:44 109568 ----a-w c:\windows\system32\drivers\zebrmdm.sys
2009-05-11 20:22 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrwh.sys
2009-05-11 20:22 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrwhnt.sys
2009-05-11 20:22 . 2008-01-15 09:44 63360 ----a-w c:\windows\system32\drivers\zebrceb.sys
2009-05-11 20:21 . 2008-01-15 09:44 83200 ----a-w c:\windows\system32\drivers\zebrbus.sys
2009-05-11 20:21 . 2009-05-11 20:21 -------- d-----w c:\program files\Intuwave
2009-05-11 20:21 . 2009-05-11 20:21 -------- d-----w c:\program files\Symbian
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\programdata\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\users\All Users\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-05-11 20:20 . 2009-05-11 20:21 -------- d-----w c:\program files\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\programdata\Teleca
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\users\All Users\Teleca
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w c:\program files\Common Files\Skype
2009-05-06 21:09 . 2009-05-06 21:10 -------- d-----w c:\program files\MP3Gain
2009-05-01 18:56 . 2009-05-01 19:05 -------- d-----w c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 22:22 . 2008-08-01 12:15 -------- d-----w c:\program files\Outpost Firewall Pro
2009-05-16 22:16 . 2007-01-08 21:12 607150 ----a-w c:\windows\system32\perfh005.dat
2009-05-16 22:16 . 2007-01-08 21:12 119604 ----a-w c:\windows\system32\perfc005.dat
2009-05-16 19:28 . 2008-08-15 18:46 1356 ----a-w c:\users\Freedom\AppData\Local\d3d9caps.dat
2009-05-16 19:19 . 2008-08-03 09:20 -------- d-----w c:\program files\NetSnippets
2009-05-15 08:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-14 15:07 . 2008-08-01 13:01 -------- d-----w c:\program files\EurotelSMS
2009-05-13 20:25 . 2008-08-11 17:13 2241 ----a-w c:\windows\panose.bin
2009-05-11 20:20 . 2008-08-02 13:43 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-05-10 18:29 . 2008-08-18 20:34 -------- d-----r c:\program files\Skype
2009-05-10 18:22 . 2008-03-07 15:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-10 18:21 . 2008-11-01 17:42 146 ----a-w c:\windows\DelMR.bat
2009-04-30 19:10 . 2008-08-16 09:50 274200 ----a-w c:\windows\FotoFusionV4 Uninstaller.exe
2009-04-20 18:07 . 2009-03-12 23:07 -------- d-----w c:\program files\Conference
2009-03-27 14:29 . 2009-03-27 14:05 -------- d-----w c:\program files\Save Flash
2009-03-22 13:49 . 2009-03-22 13:49 163120 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-22 08:28 . 2009-03-22 08:28 163120 ----a-w c:\users\Guest\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-27 21:09 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-27 21:09 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-15 08:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-15 08:33 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-15 08:33 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-15 08:33 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-15 08:33 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-15 08:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-15 08:33 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-15 08:33 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-15 08:33 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-15 08:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-15 08:33 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-15 08:33 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-15 08:33 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-15 08:33 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-15 08:33 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-15 08:33 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-15 08:33 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-15 08:33 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-27 21:09 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-27 21:09 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-27 21:09 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-27 21:09 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-27 21:09 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-27 21:09 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-27 21:09 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-27 21:09 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-27 21:09 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-27 21:09 17408 ----a-w c:\windows\system32\iashost.exe
2008-10-12 09:38 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOD32 Control Center GUI"="c:\program files\ESET\nod32kui.exe" [2008-08-17 949376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="c:\progra~1\OUTPOS~1\op_mon.exe" [2008-07-04 1159496]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\Freedom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-2 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-9-3 25214]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\OUTPOS~1\wl_hook.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=TOSCDSPD.EXE
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Magic Notes"="c:\program files\Magic Notes\Sticky32.exe"
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe"
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe"
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe"
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
"NDSTray.exe"=NDSTray.exe
"HPUsageTracking"=c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe "c:\program files\Hewlett-Packard\HP UT\"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP OrderReminder Cleaner"=c:\windows\hporclnr.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0AEE5AA6-7DA8-44E6-8479-E7C52947F4C8}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{C5B850CE-4A31-4A03-AC18-EA50AACCC6A9}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{D7614F62-00F8-40CE-B7F2-F637371DE4B8}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\freedom\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{85085C7B-807E-49E1-AE78-2CB85CF66E79}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\freedom\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"{DF380508-DB82-481E-A527-5497AC7B357F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{08B03190-76BC-428A-950B-37DC8D61C324}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B7DEA3B4-11FA-4FC6-B280-6ECF57702EE7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A604055F-4589-40C2-8129-401364AC9D2D}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\maxthon.exe"= UDP:c:\users\freedom\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"UDP Query User{3C32F640-9328-4D44-99C6-F7676D52ABD4}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\maxthon.exe"= TCP:c:\users\freedom\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"TCP Query User{4A78212B-B2EB-44CB-AEBA-21751701917C}c:\\program files\\magic notes\\sticky32.exe"= UDP:c:\program files\magic notes\sticky32.exe:Magic Notes for Windows 9x/ME/NT/2000/XP
"UDP Query User{7E3176FD-5CF6-4EC0-A682-FB95C3166EFB}c:\\program files\\magic notes\\sticky32.exe"= TCP:c:\program files\magic notes\sticky32.exe:Magic Notes for Windows 9x/ME/NT/2000/XP
"TCP Query User{3402E68D-621D-44B6-A59E-73406EFC9D55}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{5B8DD63F-1556-4D2C-9E70-919A4C2CFA5F}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{E1BA3357-6D52-47FC-9DF1-A298A34025B0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE:SMLMProxy Module - HP1005MC.EXE
"{938F3BC7-9AD0-4EA0-ABE4-729F709F38E4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE:SMLMProxy Module - HP1005MC.EXE
"{74055665-5326-4C95-BF50-784FC6556964}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43F669FC-33CB-41F4-9198-8722E46892E1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B3E37C62-3A45-42AF-A83E-5406685BD9A8}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx0\\hl.exe"= UDP:c:\users\freedom\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"UDP Query User{7D532B5D-2036-48B1-B87C-88C6C82F5DBF}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx0\\hl.exe"= TCP:c:\users\freedom\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"TCP Query User{BBF6D3AB-44FC-4356-8DA3-7CADAA6C17F9}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx1\\hl.exe"= UDP:c:\users\freedom\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"UDP Query User{DFD5FEB9-628D-4C15-A07C-D66EDC2E78D5}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx1\\hl.exe"= TCP:c:\users\freedom\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"TCP Query User{54EC02E1-9F06-4DB7-B2B2-B66B442DC11C}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{26844D6E-0431-4073-94BF-3A657C6C017E}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"TCP Query User{89D86AD9-76B9-484E-8239-5BF7B6AC8DD8}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{2F59DE6F-7391-4EF6-B185-C3215990E050}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{CF4A6792-6440-4BFC-B5C8-90696ACA6931}e:\\data - work\\download\\torrents\\[pc] battlefield vietnam [dopeman]\\bv\\battlefield vietnam\\bfvietnam.exe"= UDP:e:\data - work\download\torrents\[pc] battlefield vietnam [dopeman]\bv\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{D48CA87E-6CEF-4B3E-8213-843BEC64C8D9}e:\\data - work\\download\\torrents\\[pc] battlefield vietnam [dopeman]\\bv\\battlefield vietnam\\bfvietnam.exe"= TCP:e:\data - work\download\torrents\[pc] battlefield vietnam [dopeman]\bv\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{B8D1D12A-FD2D-4062-A9D7-F3ECC32AD16B}c:\\users\\freedom\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\freedom\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{31703C32-11A4-47EA-8278-166EB91357ED}c:\\users\\freedom\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\freedom\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"{4BEDAD5C-C0B6-4453-AF8A-E4E66E44D942}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{96D8220B-7C70-491E-9EF0-F38A116634D9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D258A4B4-8BA3-443D-9363-A743666D06A4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{597165FE-81D2-4A50-965B-725142DCC6C2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{4C82A510-8BFF-4926-ACBE-F5F47D34FD25}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{3FDA22D1-B3CB-4ED1-B1A7-744C5B51AC9A}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"TCP Query User{8FA339DA-6D36-4A93-9376-5C5F1E003ACC}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{799F0381-8285-4DB9-A2DF-90E2DB54120C}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{A7F67AD7-60A0-4245-88B3-A5F220224A38}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35B497C8-1D34-445C-B64A-272C4C918BC2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [30.7.2008 20:32 43440]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [11.1.2008 23:05 28280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [4.9.2007 10:30 13336]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [1.8.2008 14:15 28688]
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [17.8.2008 19:22 15424]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [10.12.2008 19:35 72192]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [1.8.2008 14:15 672896]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\OUTPOS~1\acs.exe [1.8.2008 14:15 1238344]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [30.7.2008 20:32 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25.12.2007 14:07 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [3.12.2007 17:03 126976]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [1.8.2008 14:17 242704]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 16:40 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15.1.2008 11:34 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [9.4.2007 17:13 8192]
S1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\System32\drivers\cxavsaud_IBV32.sys [2.11.2006 12:32 10368]
S3 ASWFilt;ASWFilt;c:\windows\System32\Filt\ASWFilt.dll [1.8.2008 14:15 33408]
S3 gupdate1c99699749e600;Google Update Service (gupdate1c99699749e600);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2009 18:00 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer =

IE: Add to Net Snippets - c:\progra~1\NETSNI~1\Res\Clipper.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {{7130DF06-BBC1-4e16-83D4-1F875E65B695} - {F9C00EF7-B192-4609-B2B8-D705ACE341FF} - c:\progra~1\NETSNI~1\NetSnip.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 00:20
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2770929342-1451638913-3497623690-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2D74850-07AE-576C-BD7E-BC4E192758C2}*]
"lahjfjiaanajihlhdnblplli"=hex:61,61,00,00
"nahjfjiagmahcihlaebimojehaod"=hex:61,61,00,00
"iaoiioblgoinplkidg"=hex:61,61,00,00
"laoigflojchlaoodoibdfkdb"=hex:61,61,00,00
"oajfnallnggbplegmnbdfpanppkefg"=hex:61,61,00,00
"oajfnallnggbplegmnbdfaiolcchof"=hex:61,61,00,00
"bbjfnallnggbplegmnbdpanahdmacooglink"=hex:61,61,00,00
"paoimfpdcdgafbamkalbmekmnmapgann"=hex:61,61,00,00
"oaoimfpdcdgafbjkmfgollfafpghkm"=hex:61,61,00,00
"dboimfpdcdgafbhklhnaicpdebhfmcnkeigdfgbj"=hex:61,61,00,00
"jaoiiobbaclbceojicbh"=hex:61,61,00,00
"kaoiiobbobjblkccjjagle"=hex:61,61,00,00
"maoiiobbecpcohhcbiipofjndm"=hex:61,61,00,00
"oaoiiobbbcebciomldniebndecogke"=hex:61,61,00,00
"haoiiobbicmnnnml"=hex:61,61,00,00
"nahjoiklhhkmmgpgpbgklcecdinb"=hex:61,61,00,00
"mahjfjiaknngojampdgbldkkmn"=hex:61,61,00,00
"kbjfhaafnbakpokaineibmkhffkmlgmeikblegacjnljnnnogfmnbi"=hex:61,61,00,00
"iaaheoocfibadldbec"=hex:61,61,00,00
"haodkpdbpdbcgfng"=hex:61,61,00,00
"jajfjagabfapafckhoph"=hex:61,61,00,00
"jadhlnbbgjadfoacnldk"=hex:61,61,00,00
"baeg"=hex:61,61,00,00
"bahg"=hex:61,61,00,00
"cajgce"=hex:61,61,00,00
"cajghe"=hex:61,61,00,00
"iajhogjdldjdfcahac"=hex:61,61,00,00
"iajhogjdldjdfcahnb"=hex:61,61,00,00
"gboiioblgoinmncdjcffhfkppleafdeapcpnjphdbmpnli"=hex:61,61,00,00
"kbpgdncpmebmfiidgeifackgbmknopehamnifgpnffnejebfnmgeib"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-05-16 0:24
ComboFix-quarantined-files.txt 2009-05-16 22:24

Před spuštěním: Volných bajtů: 60 287 291 392
Po spuštění: Volných bajtů: 60 379 971 584

337 --- E O F --- 2009-05-15 08:34

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\system32\runouce.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[petrjur]

LOG COMBO

ComboFix 09-05-16.04 - Freedom 17.05.2009 8:47.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2038.1214 [GMT 2:00]
Spuštěný z: c:\users\Freedom\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Freedom\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-16 21:04 . 2009-05-16 21:04 -------- d-----w c:\users\Freedom\AppData\Roaming\Malwarebytes
2009-05-16 20:58 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 20:58 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 20:58 . 2009-05-16 20:58 -------- d-----w c:\programdata\Malwarebytes
2009-05-16 20:58 . 2009-05-16 20:58 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-16 20:58 . 2009-05-16 21:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 19:56 . 2009-05-16 19:56 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-16 19:56 . 2009-05-16 19:56 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-16 19:56 . 2009-05-16 19:56 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\program files\Common Files\MicroWorld
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\programdata\MicroWorld
2009-05-16 19:56 . 2009-05-16 19:56 -------- d-----w c:\users\All Users\MicroWorld
2009-05-11 20:24 . 2008-01-15 09:44 91264 ----a-w c:\windows\system32\drivers\zebrsce.sys
2009-05-11 20:23 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrcm.sys
2009-05-11 20:23 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrcmnt.sys
2009-05-11 20:23 . 2008-01-15 09:44 109568 ----a-w c:\windows\system32\drivers\zebrmdmc.sys
2009-05-11 20:23 . 2008-01-15 09:44 14848 ----a-w c:\windows\system32\drivers\zebrmdfl.sys
2009-05-11 20:23 . 2008-01-15 09:44 109568 ----a-w c:\windows\system32\drivers\zebrmdm.sys
2009-05-11 20:22 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrwh.sys
2009-05-11 20:22 . 2008-01-15 09:44 12160 ----a-w c:\windows\system32\drivers\zebrwhnt.sys
2009-05-11 20:22 . 2008-01-15 09:44 63360 ----a-w c:\windows\system32\drivers\zebrceb.sys
2009-05-11 20:21 . 2008-01-15 09:44 83200 ----a-w c:\windows\system32\drivers\zebrbus.sys
2009-05-11 20:21 . 2009-05-11 20:21 -------- d-----w c:\program files\Intuwave
2009-05-11 20:21 . 2009-05-11 20:21 -------- d-----w c:\program files\Symbian
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\programdata\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\users\All Users\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-05-11 20:20 . 2009-05-11 20:21 -------- d-----w c:\program files\Sony Ericsson
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\programdata\Teleca
2009-05-11 20:20 . 2009-05-11 20:20 -------- d-----w c:\users\All Users\Teleca
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w c:\program files\Common Files\Skype
2009-05-06 21:09 . 2009-05-06 21:10 -------- d-----w c:\program files\MP3Gain
2009-05-01 18:56 . 2009-05-01 19:05 -------- d-----w c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 06:44 . 2008-08-01 12:15 -------- d-----w c:\program files\Outpost Firewall Pro
2009-05-16 22:16 . 2007-01-08 21:12 607150 ----a-w c:\windows\system32\perfh005.dat
2009-05-16 22:16 . 2007-01-08 21:12 119604 ----a-w c:\windows\system32\perfc005.dat
2009-05-16 19:28 . 2008-08-15 18:46 1356 ----a-w c:\users\Freedom\AppData\Local\d3d9caps.dat
2009-05-16 19:19 . 2008-08-03 09:20 -------- d-----w c:\program files\NetSnippets
2009-05-15 08:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-14 15:07 . 2008-08-01 13:01 -------- d-----w c:\program files\EurotelSMS
2009-05-13 20:25 . 2008-08-11 17:13 2241 ----a-w c:\windows\panose.bin
2009-05-11 20:20 . 2008-08-02 13:43 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-05-10 18:29 . 2008-08-18 20:34 -------- d-----r c:\program files\Skype
2009-05-10 18:22 . 2008-03-07 15:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-10 18:21 . 2008-11-01 17:42 146 ----a-w c:\windows\DelMR.bat
2009-04-30 19:10 . 2008-08-16 09:50 274200 ----a-w c:\windows\FotoFusionV4 Uninstaller.exe
2009-04-20 18:07 . 2009-03-12 23:07 -------- d-----w c:\program files\Conference
2009-03-27 14:29 . 2009-03-27 14:05 -------- d-----w c:\program files\Save Flash
2009-03-22 13:49 . 2009-03-22 13:49 163120 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-22 08:28 . 2009-03-22 08:28 163120 ----a-w c:\users\Guest\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-27 21:09 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-27 21:09 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-15 08:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-15 08:33 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-15 08:33 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-15 08:33 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-15 08:33 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-15 08:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-15 08:33 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-15 08:33 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-15 08:33 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-15 08:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-15 08:33 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-15 08:33 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-15 08:33 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-15 08:33 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-15 08:33 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-15 08:33 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-15 08:33 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-15 08:33 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-27 21:09 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-27 21:09 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-27 21:09 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-27 21:09 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-27 21:09 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-27 21:09 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-27 21:09 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-27 21:09 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-27 21:09 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-27 21:09 17408 ----a-w c:\windows\system32\iashost.exe
2008-10-12 09:38 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-16_22.22.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-13 06:12 . 2009-05-17 06:10 342554 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOD32 Control Center GUI"="c:\program files\ESET\nod32kui.exe" [2008-08-17 949376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="c:\progra~1\OUTPOS~1\op_mon.exe" [2008-07-04 1159496]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\Freedom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-2 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-9-3 25214]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\OUTPOS~1\wl_hook.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=TOSCDSPD.EXE
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Magic Notes"="c:\program files\Magic Notes\Sticky32.exe"
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe"
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe"
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe"
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
"NDSTray.exe"=NDSTray.exe
"HPUsageTracking"=c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe "c:\program files\Hewlett-Packard\HP UT\"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP OrderReminder Cleaner"=c:\windows\hporclnr.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0AEE5AA6-7DA8-44E6-8479-E7C52947F4C8}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{C5B850CE-4A31-4A03-AC18-EA50AACCC6A9}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{D7614F62-00F8-40CE-B7F2-F637371DE4B8}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\freedom\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{85085C7B-807E-49E1-AE78-2CB85CF66E79}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\freedom\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"{DF380508-DB82-481E-A527-5497AC7B357F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{08B03190-76BC-428A-950B-37DC8D61C324}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B7DEA3B4-11FA-4FC6-B280-6ECF57702EE7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A604055F-4589-40C2-8129-401364AC9D2D}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\maxthon.exe"= UDP:c:\users\freedom\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"UDP Query User{3C32F640-9328-4D44-99C6-F7676D52ABD4}c:\\users\\freedom\\appdata\\roaming\\maxthon2\\maxthon.exe"= TCP:c:\users\freedom\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"TCP Query User{4A78212B-B2EB-44CB-AEBA-21751701917C}c:\\program files\\magic notes\\sticky32.exe"= UDP:c:\program files\magic notes\sticky32.exe:Magic Notes for Windows 9x/ME/NT/2000/XP
"UDP Query User{7E3176FD-5CF6-4EC0-A682-FB95C3166EFB}c:\\program files\\magic notes\\sticky32.exe"= TCP:c:\program files\magic notes\sticky32.exe:Magic Notes for Windows 9x/ME/NT/2000/XP
"TCP Query User{3402E68D-621D-44B6-A59E-73406EFC9D55}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{5B8DD63F-1556-4D2C-9E70-919A4C2CFA5F}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{E1BA3357-6D52-47FC-9DF1-A298A34025B0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE:SMLMProxy Module - HP1005MC.EXE
"{938F3BC7-9AD0-4EA0-ABE4-729F709F38E4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE:SMLMProxy Module - HP1005MC.EXE
"{74055665-5326-4C95-BF50-784FC6556964}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43F669FC-33CB-41F4-9198-8722E46892E1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B3E37C62-3A45-42AF-A83E-5406685BD9A8}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx0\\hl.exe"= UDP:c:\users\freedom\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"UDP Query User{7D532B5D-2036-48B1-B87C-88C6C82F5DBF}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx0\\hl.exe"= TCP:c:\users\freedom\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"TCP Query User{BBF6D3AB-44FC-4356-8DA3-7CADAA6C17F9}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx1\\hl.exe"= UDP:c:\users\freedom\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"UDP Query User{DFD5FEB9-628D-4C15-A07C-D66EDC2E78D5}c:\\users\\freedom\\appdata\\local\\temp\\rarsfx1\\hl.exe"= TCP:c:\users\freedom\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"TCP Query User{54EC02E1-9F06-4DB7-B2B2-B66B442DC11C}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{26844D6E-0431-4073-94BF-3A657C6C017E}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"TCP Query User{89D86AD9-76B9-484E-8239-5BF7B6AC8DD8}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{2F59DE6F-7391-4EF6-B185-C3215990E050}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{CF4A6792-6440-4BFC-B5C8-90696ACA6931}e:\\data - work\\download\\torrents\\[pc] battlefield vietnam [dopeman]\\bv\\battlefield vietnam\\bfvietnam.exe"= UDP:e:\data - work\download\torrents\[pc] battlefield vietnam [dopeman]\bv\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{D48CA87E-6CEF-4B3E-8213-843BEC64C8D9}e:\\data - work\\download\\torrents\\[pc] battlefield vietnam [dopeman]\\bv\\battlefield vietnam\\bfvietnam.exe"= TCP:e:\data - work\download\torrents\[pc] battlefield vietnam [dopeman]\bv\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{B8D1D12A-FD2D-4062-A9D7-F3ECC32AD16B}c:\\users\\freedom\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\freedom\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{31703C32-11A4-47EA-8278-166EB91357ED}c:\\users\\freedom\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\freedom\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"{4BEDAD5C-C0B6-4453-AF8A-E4E66E44D942}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{96D8220B-7C70-491E-9EF0-F38A116634D9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D258A4B4-8BA3-443D-9363-A743666D06A4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{597165FE-81D2-4A50-965B-725142DCC6C2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{4C82A510-8BFF-4926-ACBE-F5F47D34FD25}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{3FDA22D1-B3CB-4ED1-B1A7-744C5B51AC9A}c:\\program files\\java\\jre1.6.0_03\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"TCP Query User{8FA339DA-6D36-4A93-9376-5C5F1E003ACC}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{799F0381-8285-4DB9-A2DF-90E2DB54120C}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{A7F67AD7-60A0-4245-88B3-A5F220224A38}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35B497C8-1D34-445C-B64A-272C4C918BC2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [30.7.2008 20:32 43440]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [11.1.2008 23:05 28280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [4.9.2007 10:30 13336]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [1.8.2008 14:15 28688]
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [17.8.2008 19:22 15424]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [10.12.2008 19:35 72192]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [1.8.2008 14:15 672896]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [30.7.2008 20:32 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25.12.2007 14:07 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [3.12.2007 17:03 126976]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [1.8.2008 14:17 242704]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 16:40 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15.1.2008 11:34 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [9.4.2007 17:13 8192]
S1 CXAVSAUD;Conexant 2388x Audio Capture;c:\windows\System32\drivers\cxavsaud_IBV32.sys [2.11.2006 12:32 10368]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\OUTPOS~1\acs.exe [1.8.2008 14:15 1238344]
S3 ASWFilt;ASWFilt;c:\windows\System32\Filt\ASWFilt.dll [1.8.2008 14:15 33408]
S3 gupdate1c99699749e600;Google Update Service (gupdate1c99699749e600);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2009 18:00 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer =

IE: Add to Net Snippets - c:\progra~1\NETSNI~1\Res\Clipper.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {{7130DF06-BBC1-4e16-83D4-1F875E65B695} - {F9C00EF7-B192-4609-B2B8-D705ACE341FF} - c:\progra~1\NETSNI~1\NetSnip.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 08:51
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2770929342-1451638913-3497623690-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2D74850-07AE-576C-BD7E-BC4E192758C2}*]
"lahjfjiaanajihlhdnblplli"=hex:61,61,00,00
"nahjfjiagmahcihlaebimojehaod"=hex:61,61,00,00
"iaoiioblgoinplkidg"=hex:61,61,00,00
"laoigflojchlaoodoibdfkdb"=hex:61,61,00,00
"oajfnallnggbplegmnbdfpanppkefg"=hex:61,61,00,00
"oajfnallnggbplegmnbdfaiolcchof"=hex:61,61,00,00
"bbjfnallnggbplegmnbdpanahdmacooglink"=hex:61,61,00,00
"paoimfpdcdgafbamkalbmekmnmapgann"=hex:61,61,00,00
"oaoimfpdcdgafbjkmfgollfafpghkm"=hex:61,61,00,00
"dboimfpdcdgafbhklhnaicpdebhfmcnkeigdfgbj"=hex:61,61,00,00
"jaoiiobbaclbceojicbh"=hex:61,61,00,00
"kaoiiobbobjblkccjjagle"=hex:61,61,00,00
"maoiiobbecpcohhcbiipofjndm"=hex:61,61,00,00
"oaoiiobbbcebciomldniebndecogke"=hex:61,61,00,00
"haoiiobbicmnnnml"=hex:61,61,00,00
"nahjoiklhhkmmgpgpbgklcecdinb"=hex:61,61,00,00
"mahjfjiaknngojampdgbldkkmn"=hex:61,61,00,00
"kbjfhaafnbakpokaineibmkhffkmlgmeikblegacjnljnnnogfmnbi"=hex:61,61,00,00
"iaaheoocfibadldbec"=hex:61,61,00,00
"haodkpdbpdbcgfng"=hex:61,61,00,00
"jajfjagabfapafckhoph"=hex:61,61,00,00
"jadhlnbbgjadfoacnldk"=hex:61,61,00,00
"baeg"=hex:61,61,00,00
"bahg"=hex:61,61,00,00
"cajgce"=hex:61,61,00,00
"cajghe"=hex:61,61,00,00
"iajhogjdldjdfcahac"=hex:61,61,00,00
"iajhogjdldjdfcahnb"=hex:61,61,00,00
"gboiioblgoinmncdjcffhfkppleafdeapcpnjphdbmpnli"=hex:61,61,00,00
"kbpgdncpmebmfiidgeifackgbmknopehamnifgpnffnejebfnmgeib"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3996)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
Celkový čas: 2009-05-17 8:54
ComboFix-quarantined-files.txt 2009-05-17 06:53
ComboFix2.txt 2009-05-16 22:24

Před spuštěním: Volných bajtů: 60 359 913 472
Po spuštění: Volných bajtů: 60 372 123 648

320 --- E O F --- 2009-05-15 08:34

[petrjur]

LOG HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:05, on 17.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\Freedom\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Install\System stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 PRO\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [NOD32 Control Center GUI] C:\Program Files\ESET\nod32kui.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ikona RoboForm na liště úloh - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Lišta úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: Ikona RoboForm na liště úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\OUTPOS~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c99699749e600) (gupdate1c99699749e600) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7537 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O13 - Gopher Prefix:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

UACd.sys je odstraněn ,takže pokud nejsou problémy , je to vše.

[petrjur]

vše provedeno, vypadá to že je vše ok. Děkuju za pomoc.
Posílám malý příspěvek na provoz fóra. Kontaktoval jsem admin pro info.

Ještě jednou díky.

[jaro3]

Není zač , děkujeme za podporu fóra!!