PC-HELP.CZ

Zdravim

Jsem tady nový a tohle je moje první téma , ve foru se vůbec nevyznám tak doufám že to píšu do správné sekce.

Už jsem se tady dočet o člověku kteremu se to stalo taky , udělal jsem vše co mu tam lidi napsali ale u mně se problém nevyřešil.Takže k problému

Problém je takový že jednou jsem zapl Počítač a na ploše semi objevil "obrázek" : Warning spyware detected on your computer ... Warning!Win32/Adware.Virtumonde
Warning!Win32/PrivacyRemover.M64 Detected on your computer

Potom semi otvírá nějaký Antivirus XP 2008 který jsem v životě do Pc neinstaloval , ale najednou se při zapnutí otevře a najde mi 3,000 Infikovaných souborů.Když kliknu na vlastnosti a chci třeba změnit obrázek tak to prostě nejde ve vlastnostech mi zmizelo pár záložek , ale to může být příčina dalšího problému.Nakopíruju tu na konci HJT log.

A teď k tomu dalšímu problému , a to jsou viry.Chtěl bych aby mi tu někdo pomoh vymazat z počítače viry , bohužel nemam peníze na servis takže bych rad kdybyste mi pomohli.Měl jsem NOD32 ale ten nic nedělal ani nic nenašel protože to byla trial verze , potom ma spy sweeper který mně docela štve protože při zapnutí počítače strašně dlouho načítá.NOD32 jsem odinstaloval a stahnul jsem Avast.Nainstaloval jsem ho a zapl ochranu a najednou mi začalo vyskakovat plno virů , ale je jich hodně a avast strašně pomalu zkoumá složky potom mi občas vyzkočí tabulka ať ty viry zkoukám před zapnutím Počítače kdy viry ještě nefungujou , když restartnu počítač ještě nenajede plocha a začne antivir zkoumat.Když to našlo vir dal jsem odstranit vše takže všechny viry co našlo to smazalo.Bohužel při najetí na plochu obrázek zůstal stejný a avast začal hledat a našel zase spoustu virů.Dal jsem je do karanteny , bohužel když jsem zapl počítač podruhé naskočil avast a ukazal mi uplně ty same viry , již jsem dal SMAZAT , ale viry nesmazalo a ukazuje mi všechny dookola.Moc se v tom nevyznam , spíše vůbec ne.Jednou jsem měl problém s viry a zavolal jsem do servisu poslali mi jednoho pána který se hrabal v regeditu a v nějakem editoru v Total Comanderu.Pak si naučtoval 1,000 a odešel ,ale počítač mi jel zase v pohodě :).Určitě to tu někdo už na foru řešil jak se dělá v regeditoru a spol a jak se mažou viry , proto se všem omlouvám ale je toho tu strašně hodně a zatím se tu moc nevyznam.Takže doufám že mi pomůžete , Děkuji moc
Tady je slíbený HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:04, on 20.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\lphcew0j0e155.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [lphcew0j0e155] C:\WINDOWS\system32\lphcew0j0e155.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MobMapUpdater] "C:\Program Files\MobMapUpdater\MobMapUpdater.exe" --silent
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Prohledávání počítačů BrowserNtmsSvc (BrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Prohledávání počítačů BrowserNtmsSvc BrowserNtmsSvcaspnet_state (BrowserNtmsSvcaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Indexing Service CiSvcDcomLaunch (CiSvcDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR (clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Klient DHCP DhcpNtLmSsp (DhcpNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service gusvcPolicyAgent (gusvcPolicyAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pracovní stanice lanmanworkstationxmlprov (lanmanworkstationxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba DDE v síti NetDDEBrowserNtmsSvc (NetDDEBrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlMSDTC (PmlMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PnkBstrB PnkBstrBupnphost (PnkBstrBupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Chráněné úložiště ProtectedStorageSQLAgent$SONY_MEDIAMGR (ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Směrování a vzdálený přístup RemoteAccessrpcapd (RemoteAccessrpcapd) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Správce zabezpečení účtů SamSsUPS (SamSsUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Brána Firewall / Sdílení připojení k Internetu (ICS) SharedAccessCOMSysApp (SharedAccessCOMSysApp) - Unknown owner - C:\WINDOWS\
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Motivy ThemesHidServ (ThemesHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Hostitel zařízení UPnP upnphostPnkBstrA (upnphostPnkBstrA) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV (VSSSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV VSSSSDPSRVWmi (VSSSSDPSRVWmi) - Unknown owner - C:\WINDOWS\
O23 - Service: Systémový čas W32Time HotKey Poller (W32Time HotKey Poller) - Unknown owner - C:\WINDOWS\
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Spy Sweeper Engine WebrootSpySweeperService Service (WebrootSpySweeperService Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba WMI winmgmtEventlog (winmgmtEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser (WmdmPmSNBrowser) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser WmdmPmSNBrowserPnkBstrB (WmdmPmSNBrowserPnkBstrB) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatická konfigurace bezdrátových zařízení WZCSVCSENS (WZCSVCSENS) - Unknown owner - C:\WINDOWS\

--
End of file - 11591 bytes

Ahoj, vítám tě tu na PC-Help.

Nejprve použij SDFix v nouzovém režimu.

Pak použij ComboFix:

fredik píše:Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ahoj
Díky něco to smazalo a obrázek už mi jde udělat a už to nepíše ani viry.Tady ti posílám ten ComboFix log a SD fix report

ComboFix 08-09-20.05 - XXL 2008-09-21 15:08:11.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.376 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\XXL\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\XXL\Local Settings\Temporary Internet Files\TRNCOM.INI
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OULTRAF
-------\Service_NPF
-------\Service_oUltraf


((((((((((((((((((((((((( Soubory vytvořené od 2008-08-21 do 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-21 14:37 . 2008-09-21 14:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-21 14:32 . 2008-09-21 15:00 <DIR> d-------- C:\SDFix
2008-09-20 16:46 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 16:45 . 2008-09-20 16:45 <DIR> d-------- C:\Program Files\Java
2008-09-20 16:45 . 2008-09-20 16:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-20 16:37 . 2008-09-20 16:37 199,168 --a------ C:\WINDOWS\system32\drivers\312.exe
2008-09-20 14:52 . 2008-09-20 14:52 199,168 --a------ C:\WINDOWS\system32\drivers\703.exe
2008-09-20 14:09 . 2008-09-20 14:09 199,168 --a------ C:\WINDOWS\system32\drivers\31.exe
2008-09-20 10:49 . 2008-09-20 14:14 199,168 --a------ C:\WINDOWS\system32\drivers\218.exe
2008-09-18 16:43 . 2008-09-18 16:43 <DIR> d-------- C:\Program Files\Bonjour
2008-09-18 16:26 . 2008-09-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-18 16:20 . 2008-09-18 16:23 <DIR> d-------- C:\Program Files\Photoshop
2008-09-16 13:51 . 2008-09-20 06:23 199,168 --a------ C:\WINDOWS\system32\drivers\531.exe
2008-09-15 16:47 . 2008-09-15 16:47 <DIR> d-------- C:\Program Files\Blender Foundation
2008-09-15 16:47 . <DIR> C:\Documents and Settings\XXL\Data aplikací\Blender Foundation
2008-09-15 16:13 . 2008-09-15 16:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-14 20:10 . 2008-09-14 20:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-09 19:16 . 2008-09-09 19:16 32 --a-s---- C:\WINDOWS\system32\3490514858.dat
2008-09-04 19:52 . 2008-09-04 19:52 <DIR> d-------- C:\Program Files\imaxel
2008-08-28 16:59 . 2008-08-28 16:59 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-08-28 16:59 . 2008-08-29 11:42 26,400 --a------ C:\WINDOWS\DIIUnin.dat
2008-08-28 16:59 . 2008-08-28 16:59 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-08-28 16:20 . 2008-08-28 16:22 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-28 15:58 . 2008-08-29 11:58 <DIR> d-------- C:\Program Files\Diablo II
2008-08-26 14:15 . 2008-08-26 14:15 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 12:47 --------- d-----w C:\Program Files\Valve
2008-09-19 16:00 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\uTorrent
2008-09-18 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 14:43 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Adobe
2008-09-15 14:36 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Mozilla
2008-09-14 17:06 --------- d-----w C:\Program Files\ESET
2008-09-09 17:15 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\AdobeUM
2008-09-07 15:00 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\HLSW
2008-09-05 18:16 --------- d-----w C:\Program Files\World of Warcraft
2008-09-05 11:55 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Skype
2008-08-29 09:04 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-08-29 09:04 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-08-29 09:04 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-08-27 17:10 --------- d-----w C:\Program Files\ICQ6
2008-07-24 17:12 --------- d-----w C:\Program Files\mIRC
2008-07-21 15:54 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Nokia Multimedia Player
2008-07-21 15:01 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\WinRAR
2007-11-15 19:51 22,328 ----a-w C:\Documents and Settings\XXL\Data aplikací\PnkBstrK.sys
.

------- Sigcheck -------

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-29 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbg47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqu72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintx14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintx82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-07-03 33952]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S0 Winbg47;Winbg47;C:\WINDOWS\system32\Drivers\Winbg47.sys [ ]
S0 Windh25;Windh25;C:\WINDOWS\system32\Drivers\Windh25.sys [ ]
S0 Windi60;Windi60;C:\WINDOWS\system32\Drivers\Windi60.sys [ ]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-13 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-13 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-13 83344]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-03-13 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-03-13 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-03-13 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-03-13 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-03-13 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{f592709f-ff4a-4862-b659-4afabda56312} - (no file)
HKCU-Run-MobMapUpdater - C:\Program Files\MobMapUpdater\MobMapUpdater.exe


.
------- Doplňkový sken -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O9 -: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL

O16 -: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
C:\WINDOWS\Downloaded Program Files\MVSGif.ocx

O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
C:\WINDOWS\Downloaded Program Files\SearchEngineQuery.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 15:16:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlerterMSIServer]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSlanmanworkstation]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvcaspnet_state]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcDcomLaunch]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpNtLmSsp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcPolicyAgent]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationxmlprov]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEBrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlMSDTC]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrBupnphost]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessrpcapd]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSsUPS]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessCOMSysApp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesHidServ]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostPnkBstrA]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRVWmi]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time HotKey Poller]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebrootSpySweeperService Service]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmtEventlog]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowser]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowserPnkBstrB]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCSENS]
"ImagePath"="đ%€|x\01\09 srv"
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Celkový čas: 2008-09-21 15:30:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-09-21 13:30:04

Před spuštěním: Volněch bajt…: 24˙317˙374˙464
Po spuštění: Volněch bajt…: 24,394,330,112

285


A tady je SDfix report

SDFix: Version 1.227
Run by XXL on ne 21.09.2008 at 14:42

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\WINOS03.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINOT47.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINUY26.sys - Rootkit Pandex/Cutwail - Runtime.sys

Name :
WINOS03
WINOT47
WINUY26

Path :
\??\C:\WINDOWS\System32\drivers\Winos03.sys
\??\C:\WINDOWS\System32\drivers\Winot47.sys
System32\Drivers\Winuy26.sys

WINOS03 - Deleted
WINOT47 - Deleted
WINUY26 - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting

Service WINUY26 - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lphcew0j0e155.exe - Deleted
C:\Program Files\rhcaw0j0e155\database.dat - Deleted
C:\Program Files\rhcaw0j0e155\license.txt - Deleted
C:\Program Files\rhcaw0j0e155\MFC71.dll - Deleted
C:\Program Files\rhcaw0j0e155\MFC71ENU.DLL - Deleted
C:\Program Files\rhcaw0j0e155\msvcp71.dll - Deleted
C:\Program Files\rhcaw0j0e155\msvcr71.dll - Deleted
C:\Program Files\rhcaw0j0e155\rhcaw0j0e155.exe.local - Deleted
C:\Program Files\rhcaw0j0e155\Uninstall.exe - Deleted
C:\WINDOWS\system32\phcew0j0e155.bmp - Deleted
C:\WINDOWS\system32\blphcew0j0e155.scr - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt10AD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt10C0.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1119.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt112F.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt11AE.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt11B5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt11B7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1238.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt125F.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1291.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt12A5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1304.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt131A.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt1323.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt133F.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt134B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt134D.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt27B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt47F.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt507.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt512.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt517.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt51A.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt51B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt528.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt52A.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt530.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt53A.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt53B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt552.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt56B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt575.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt595.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5B1.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5B2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5B5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5BD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5BF.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5C3.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5C5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5C7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5CA.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5D7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5DB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5DD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5E2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5F3.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5F9.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt620.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt627.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt629.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt684.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt686.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt688.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt698.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt75D.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt75E.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7AF.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7BB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7BC.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7BE.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7C0.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7C2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7E7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt806.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt80D.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt84C.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt881.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8A6.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8DC.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8E0.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8FA.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt93D.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttAB4.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttACC.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttB23.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttB7B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttC2B.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttC5C.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttCCE.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttCDB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD20.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD27.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD28.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD2A.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD2E.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD31.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD33.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD35.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD36.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD37.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttD88.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttDCB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttDCD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttE04.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttE88.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttE94.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttE97.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEA5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEAC.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEAF.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEB1.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEB3.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEB5.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEB7.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEBE.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEC0.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEC2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttEC4.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttF3E.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFAD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFAF.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFB1.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFB8.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFCD.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFCF.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFDB.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttFE2.tmp - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted
C:\DOCUME~1\XXL\LOCALS~1\Temp\.ttB.tmp.vbs - Deleted
C:\Documents and Settings\XXL\Data aplikacˇ\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\WINDOWS\system32\delself.bat - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\WINOS03.sys - Deleted
C:\WINDOWS\system32\drivers\WINOT47.sys - Deleted
C:\WINDOWS\system32\drivers\WINUY26.sys - Deleted



Folder C:\Program Files\rhcaw0j0e155 - Removed
Folder C:\Documents and Settings\XXL\Data aplikacˇ\rhcaw0j0e155 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 14:55:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,13,67,09,ef,3e,75,d1,33,bf,36,f0,40,8e,71,8e,2a,bc,..
"ljej40"=hex:02,b6,51,d5,00,6a,e6,34,9e,2d,99,5e,2f,80,b1,ed,ed,4b,7b,4b,82,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:Disabled:WinDVD"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"E:\\Program Strong DC++\\StrongDC.exe"="E:\\Program Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Games\\Valve\\hl.exe"="D:\\Games\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Games\\Quake III Arena\\quake3.exe"="D:\\Games\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"D:\\Games\\Warcraft III\\Warcraft III.exe"="D:\\Games\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Games\\Warcraft III\\War3.exe"="D:\\Games\\Warcraft III\\War3.exe:*:Disabled:Warcraft III"
"E:\\Half Life 2\\hl2.exe"="E:\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"D:\\Games\\MotoGP2\\motogp2.exe"="D:\\Games\\MotoGP2\\motogp2.exe:*:Enabled:motogp2"
"D:\\Games\\Half Life 2\\hl2.exe"="D:\\Games\\Half Life 2\\hl2.exe:*:Disabled:hl2"
"D:\\Games\\hl.exe"="D:\\Games\\hl.exe:*:Enabled:Half-Life Launcher"
"E:\\Quake III Arena\\quake3.exe"="E:\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"D:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\XXL\\Plocha\\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe"="C:\\Documents and Settings\\XXL\\Plocha\\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\XXL\\Plocha\\patche\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"="C:\\Documents and Settings\\XXL\\Plocha\\patche\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\XXL\\Plocha\\patche\\WoW-2.0.3-enGB-downloader.exe"="C:\\Documents and Settings\\XXL\\Plocha\\patche\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Games\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="D:\\Games\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Disabled:lh"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Disabled:Xfire"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Disabled:Yahoo! All-Seeing Eye"
"D:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\\World of Warcraft\\BackgroundDownloader.exe"="D:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\World of Warcraft\\WoW-2.1.2.6803-to-2.1.3.6898-enGB-downloader.exe"="D:\\World of Warcraft\\WoW-2.1.2.6803-to-2.1.3.6898-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\XXL\\Plocha\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\XXL\\Plocha\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Documents and Settings\\XXL\\Plocha\\mIRC\\mirc.exe"="C:\\Documents and Settings\\XXL\\Plocha\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 7 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

Použij v ComboFixu script:

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)



Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)



Pak sem dej log, který ti z něj vyleze.

Tady to je.

ComboFix 08-09-22.06 - XXL 2008-09-24 12:56:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.403 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\XXL\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\XXL\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\WINDOWS\system32\3490514858.dat
C:\WINDOWS\system32\drivers\218.exe
C:\WINDOWS\system32\drivers\31.exe
C:\WINDOWS\system32\drivers\312.exe
C:\WINDOWS\system32\drivers\531.exe
C:\WINDOWS\system32\drivers\703.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\XXL\Cookies\xxl@seznam[2].txt
C:\WINDOWS\system32\3490514858.dat
C:\WINDOWS\system32\drivers\218.exe
C:\WINDOWS\system32\drivers\31.exe
C:\WINDOWS\system32\drivers\312.exe
C:\WINDOWS\system32\drivers\531.exe
C:\WINDOWS\system32\drivers\703.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDH25
-------\Legacy_WINQU72
-------\Legacy_WINTX82
-------\Service_Winbg47
-------\Service_Windh25
-------\Service_Windi60


((((((((((((((((((((((((( Soubory vytvořené od 2008-08-24 do 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-21 14:37 . 2008-09-21 14:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-21 14:32 . 2008-09-21 15:00 <DIR> d-------- C:\SDFix
2008-09-20 16:46 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 16:45 . 2008-09-20 16:45 <DIR> d-------- C:\Program Files\Java
2008-09-20 16:45 . 2008-09-20 16:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-18 16:43 . 2008-09-18 16:43 <DIR> d-------- C:\Program Files\Bonjour
2008-09-18 16:26 . 2008-09-18 16:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-18 16:20 . 2008-09-18 16:23 <DIR> d-------- C:\Program Files\Photoshop
2008-09-15 16:47 . 2008-09-15 16:47 <DIR> d-------- C:\Program Files\Blender Foundation
2008-09-15 16:47 . <DIR> C:\Documents and Settings\XXL\Data aplikací\Blender Foundation
2008-09-15 16:13 . 2008-09-15 16:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-14 20:10 . 2008-09-14 20:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 19:52 . 2008-09-04 19:52 <DIR> d-------- C:\Program Files\imaxel
2008-08-28 16:59 . 2008-08-28 16:59 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-08-28 16:59 . 2008-08-29 11:42 26,400 --a------ C:\WINDOWS\DIIUnin.dat
2008-08-28 16:59 . 2008-08-28 16:59 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-08-28 16:20 . 2008-08-28 16:22 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-28 15:58 . 2008-08-29 11:58 <DIR> d-------- C:\Program Files\Diablo II
2008-08-26 14:15 . 2008-08-26 14:15 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 17:36 --------- d-----w C:\Program Files\Valve
2008-09-22 17:28 --------- d-----w C:\Program Files\ICQ6
2008-09-19 16:00 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\uTorrent
2008-09-18 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 14:43 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Adobe
2008-09-15 14:36 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Mozilla
2008-09-14 17:06 --------- d-----w C:\Program Files\ESET
2008-09-09 17:15 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\AdobeUM
2008-09-07 15:00 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\HLSW
2008-09-05 18:16 --------- d-----w C:\Program Files\World of Warcraft
2008-09-05 11:55 --------- d-----w C:\Documents and Settings\XXL\Data aplikací\Skype
2008-07-24 17:12 --------- d-----w C:\Program Files\mIRC
2007-11-15 19:51 22,328 ----a-w C:\Documents and Settings\XXL\Data aplikací\PnkBstrK.sys
.

------- Sigcheck -------

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-21_15.29.16.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-21 13:15:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat
+ 2008-09-24 11:02:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-07-03 33952]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-13 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-13 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-13 83344]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-03-13 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-03-13 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-03-13 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-03-13 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-03-13 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
.
Obsah adresáře 'Naplánované úlohy'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 13:03:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlerterMSIServer]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSlanmanworkstation]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvcaspnet_state]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcDcomLaunch]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpNtLmSsp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcPolicyAgent]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationxmlprov]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEBrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlMSDTC]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrBupnphost]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessrpcapd]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSsUPS]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessCOMSysApp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesHidServ]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostPnkBstrA]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRVWmi]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time HotKey Poller]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebrootSpySweeperService Service]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmtEventlog]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowser]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowserPnkBstrB]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCSENS]
"ImagePath"="đ%€|x\01\09 srv"
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Celkový čas: 2008-09-24 13:13:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-09-24 11:13:31
ComboFix2.txt 2008-09-21 13:35:28

Před spuštěním: Volněch bajt…: 36˙031˙901˙696
Po spuštění: Volněch bajt…: 36,029,181,952

249

Dobře.

Teď znovu log z HJT.

Také už můžeš odinstalovat ComboFix -> Start-Spustit a zadej ComboFix[mezera]/u a smazat SDFix (je ve složce C:\SDFix)

Tady je ten HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:33, on 25.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Výstrahy AlerterMSIServer (AlerterMSIServer) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Prohledávání počítačů BrowserNtmsSvc (BrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Prohledávání počítačů BrowserNtmsSvc BrowserNtmsSvcaspnet_state (BrowserNtmsSvcaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Indexing Service CiSvcDcomLaunch (CiSvcDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR (clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Klient DHCP DhcpNtLmSsp (DhcpNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service gusvcPolicyAgent (gusvcPolicyAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pracovní stanice lanmanworkstationxmlprov (lanmanworkstationxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba DDE v síti NetDDEBrowserNtmsSvc (NetDDEBrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlMSDTC (PmlMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PnkBstrB PnkBstrBupnphost (PnkBstrBupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Chráněné úložiště ProtectedStorageSQLAgent$SONY_MEDIAMGR (ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Směrování a vzdálený přístup RemoteAccessrpcapd (RemoteAccessrpcapd) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Správce zabezpečení účtů SamSsUPS (SamSsUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Brána Firewall / Sdílení připojení k Internetu (ICS) SharedAccessCOMSysApp (SharedAccessCOMSysApp) - Unknown owner - C:\WINDOWS\
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Motivy ThemesHidServ (ThemesHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Hostitel zařízení UPnP upnphostPnkBstrA (upnphostPnkBstrA) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV (VSSSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV VSSSSDPSRVWmi (VSSSSDPSRVWmi) - Unknown owner - C:\WINDOWS\
O23 - Service: Systémový čas W32Time HotKey Poller (W32Time HotKey Poller) - Unknown owner - C:\WINDOWS\
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Spy Sweeper Engine WebrootSpySweeperService Service (WebrootSpySweeperService Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba WMI winmgmtEventlog (winmgmtEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser (WmdmPmSNBrowser) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser WmdmPmSNBrowserPnkBstrB (WmdmPmSNBrowserPnkBstrB) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatická konfigurace bezdrátových zařízení WZCSVCSENS (WZCSVCSENS) - Unknown owner - C:\WINDOWS\

--
End of file - 10896 bytes

Fixni:

Dobrý den, mám podobný problém jako uživatel přede mnou-tj. zobrazování obrázku s viry virtumonde a privacy.removerM64. Zkoušel jsem aplikovat combofix, ale po spuštění se mi objevuje, že combofix nejde přejmenovat, zkuste jiný název složený z alfanumerických znaků. Přikládám vytvořený bug a hjt log soubor. Prosím o pomoc.

Děkuji Tomáš
BUG


PUSHD "C:\32788R22FWJFW\"

IF NOT EXIST C:\Windows\system32\cmd.exe GOTO Not_NT

VER 1>VER00

C:\Windows\system32\FIND.exe "Microsoft Windows [Version 5.2.3790]" VER00

---------- VER00

IF NOT ERRORLEVEL 1 GOTO Not_NT

C:\Windows\system32\FIND.exe "Windows XP" VER00

---------- VER00

C:\Windows\system32\FIND.exe "Windows 2000" VER00

---------- VER00

HANDLE 1>temp01

SED -r "/<Non-existant Process> pid: ([0-9]*) .*/!d; s//@Nircmd KillProcess \/\1/" temp01 1>temp00.bat

CALL temp00.bat

PV -o"%i\t%l" 1>temp02

SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" temp02 1>temp01.bat

CALL temp01.bat

DEL /Q temp0?.bat temp0?

=============================================

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tomáš Konvička\AppData\Roaming
CFLDR=32788R22FWJFW
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOMÁŠKONVIČK-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tomáš Konvička
KMD=CF31814.exe
LOCALAPPDATA=C:\Users\Tomáš Konvička\AppData\Local
LOGONSERVER=\\TOMÁŠKONVIČK-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
sfxcmd="C:\Users\Tomáš Konvička\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKPD5TMN\ComboFix[1].exe"
sfxname=C:\Users\Tomáš Konvička\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKPD5TMN\ComboFix[1].exe
SYSTEM=C:\Windows\system32
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\TOMKON~1\AppData\Local\Temp
TMP=C:\Users\TOMKON~1\AppData\Local\Temp
USERDOMAIN=TomášKonvičk-PC
USERNAME=Tomáš Konvička
USERPROFILE=C:\Users\Tomáš Konvička
windir=C:\Windows

=============================================


IF NOT DEFINED sfxname GOTO END

COPY SWREG.exe SWREG.cfexe
Systém nemůže nalézt text zprávy číslo 0x2336 v souboru zpráv pro Application.

CALL sfx.cmd

IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort

IF EXIST "C:\Users\TOMKON~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\Users\TOMKON~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log"
Systém nemůže nalézt text zprávy číslo 0x2336 v souboru zpráv pro Application.
Systém nemůže nalézt text zprávy číslo 0x2336 v souboru zpráv pro Application.

(
SET "FileName=ComboFix[1]"
SET "FilePath=C:\Users\Tomáš Konvička\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKPD5TMN\"
)

SET FileName 1>FileName

GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || (
CALL NIRCMD infobox "ComboFix nemůžete přejmenovat na ~n~nProsím zvolte jiný název, složený nejlépe z alfanumerických znaků." ""
GOTO END
)

IF EXIST "C:\Windows\system32\cmd.execf" MOVE /Y "C:\Windows\system32\cmd.execf" "C:\Users\TOMKON~1\AppData\Local\Temp"
Systém nemůže nalézt text zprávy číslo 0x236e v souboru zpráv pro Application.

CD ..

IF DEFINED cfldr RD /S/Q "32788R22FWJFW"


HJT soubor

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:31, on 5.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\lphc9ojj0ecan.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: XBTBPos00 - {D17173CB-19A8-4708-AD3E-405A2CD6FAB2} - C:\PROGRA~1\STARTA~1\startaid.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fscp] "C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphc9ojj0ecan] C:\Windows\system32\lphc9ojj0ecan.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [lphc9ojj0ecan] C:\Windows\system32\lphc9ojj0ecan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O9 - Extra 'Tools' menuitem: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12856 bytes

Dobrý den podařílo se mi spustit Combofix. Obrázek s info o spyware zmizel. Prosím o informování, zda už je nyní vše v pořádku. Přikládám Combofix a HJT file

Děkuji

Tomáš Konvička

COMbo fix

ComboFix 08-10-05.01 - Tomáš Konvička 2008-10-05 22:55:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1202 [GMT 2:00]
Spuštěný z: C:\Users\Tomáš Konvička\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Tomáš Konvička\AppData\Roaming\inst.exe
C:\Users\Tomáš Konvička\AppData\Roaming\rhccojj0ecan
C:\Windows\system32\lphc9ojj0ecan.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-05 do 2008-10-05 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:58 2,359,296 --sha-w C:\Users\Tomáš Konvička\NTUSER.DAT
2008-10-05 20:58 2,359,296 --sha-w C:\Users\Tomáš Konvička\NTUSER.DAT
2008-10-05 20:58 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\Skype
2008-10-05 20:53 2,939,700 ----a-r C:\Users\Tomáš Konvička\ComboFix.exe
2008-10-05 20:53 2,939,700 ----a-r C:\Users\Tomáš Konvička\ComboFix.exe
2008-10-05 20:46 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\OpenOffice.org2
2008-10-05 20:45 13,448 ----a-w C:\Users\Tomáš Konvička\AppData\Roaming\nvModes.dat
2008-10-05 18:12 --------- d-----w C:\Program Files\Trend Micro
2008-10-04 19:27 --------- d-----w C:\Program Files\VideoLAN
2008-10-03 14:51 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\uTorrent
2008-10-01 16:19 25,958 ----a-w C:\Users\Tomáš Konvička\kung.fu.panda.(2008).cze.1cd.(3334541).zip
2008-10-01 16:19 25,958 ----a-w C:\Users\Tomáš Konvička\kung.fu.panda.(2008).cze.1cd.(3334541).zip
2008-10-01 15:17 --------- d-----w C:\Program Files\Applications
2008-10-01 14:47 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-28 20:00 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-09-28 20:00 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-09-28 20:00 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-09-28 20:00 --------- d-----w C:\Program Files\Symantec
2008-09-28 20:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-28 19:52 --------- d-----w C:\Program Files\AskTBar
2008-09-28 19:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-28 19:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 16:17 --------- d-----w C:\ProgramData\Lavasoft
2008-09-28 16:16 --------- d-----w C:\Program Files\Lavasoft
2008-09-28 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 15:56 15,083,520 ----a-w C:\Users\Tomáš Konvička\spybotsd160.exe
2008-09-28 15:56 15,083,520 ----a-w C:\Users\Tomáš Konvička\spybotsd160.exe
2008-09-27 08:25 --------- d-----w C:\ProgramData\NVIDIA
2008-09-27 07:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-27 04:56 --------- d-----w C:\Program Files\ICQToolbar
2008-09-25 16:09 --------- d-----w C:\ProgramData\Apple Computer
2008-09-25 16:05 --------- d-----w C:\Program Files\O2
2008-09-23 19:43 --------- d-----w C:\Program Files\ICQ6
2008-09-18 21:32 --------- d-----w C:\Program Files\Alwil Software
2008-09-17 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-09-14 11:51 --------- d-----w C:\Program Files\Picasa2
2008-09-10 15:07 --------- d-----w C:\Program Files\Webteh
2008-09-09 18:37 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\vlc
2008-08-15 01:03 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 17:08 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\Apple Computer
2008-08-12 17:07 --------- d-----w C:\Program Files\QuickTime
2008-08-12 17:07 --------- d-----w C:\Program Files\Bonjour
2008-08-12 17:05 --------- d-----w C:\Program Files\Apple Software Update
2008-08-12 17:04 --------- d-----w C:\ProgramData\Apple
2008-08-12 17:04 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-12 15:00 --------- d-----w C:\Users\Tomáš Konvička\AppData\Roaming\CTVoD
2008-08-11 16:06 --------- d-s---w C:\Users\Tomáš Konvička\AppData\Roaming\Microsoft
2008-08-11 15:42 --------- d-----w C:\Program Files\VisualConnection
2008-08-05 15:32 --------- d-----w C:\ProgramData\Symantec
2008-08-05 15:32 --------- d-----w C:\Program Files\Room Arranger
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 21:53 174 --sha-w C:\Program Files\desktop.ini
2008-06-08 14:40 19,153,264 ----a-w C:\Users\Tomáš Konvička\aaw2008.exe
2008-06-08 14:40 19,153,264 ----a-w C:\Users\Tomáš Konvička\aaw2008.exe
2007-11-29 15:50 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-29 15:50 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-27 18:08 16 ----a-w C:\Users\Tomáš Konvička\pSLX01.dll
2007-11-27 18:08 16 ----a-w C:\Users\Tomáš Konvička\pSLX01.dll
2007-11-22 17:51 47,360 ----a-w C:\Users\Tomáš Konvička\AppData\Roaming\pcouffin.sys
2000-11-15 07:21 178,688 ----a-w C:\Users\Tomáš Konvička\hjsplit.exe
2000-11-15 07:21 178,688 ----a-w C:\Users\Tomáš Konvička\hjsplit.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-28 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-01 139264]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 81920]
"fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-11-11 1006592]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2006-11-06 26112]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\Users\Tom ç Konviźka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2BF7332-7E67-42FF-B861-F23EBF186B68}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{74F192D8-037C-4BF5-A8A0-93958FB05D18}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DE75D8F2-E066-4EC6-94C9-9A9FDEEDE7E6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{90FF7E1E-B260-467C-9DDF-8EA01AFF4100}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{76188452-4365-412E-82CC-88B66656F902}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E9A6D9D5-4E33-4B53-9A20-030741EE65AE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{C156D26C-2061-489C-8986-6755299B4324}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{81499216-B5A7-4B7A-9D20-869219910480}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{E829FF5A-B00F-446A-AC32-F8288E003F9A}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{0F18F3F0-B718-460C-8BA9-73FE065354A5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{965A1081-398F-4364-B0B1-B1FDD742FB63}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE5059B6-66DC-4821-8B48-F2BEFC0EA936}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CE07DFF4-73F0-4890-BC89-682B0A71A561}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CADC28E-C12B-45E0-8A56-577B6076A550}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{AE974409-B03C-4EBC-9EC3-9B415D4F5CD1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{15A327E8-7274-4D94-B141-A0B1DDCB0674}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080221.003\IDSvix86.sys [2008-02-14 261680]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-11-29 70144]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe [2006-11-10 522752]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 204800]
R3 fspad_wlh32;AVC Finger-sensing Pad Driver for Windows 2000/XP/Vista_wlh32;C:\Windows\system32\DRIVERS\fspad_wlh32.sys [2006-11-10 22528]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 37936]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Obsah adresáře 'Naplánované úlohy'

2008-09-26 C:\Windows\Tasks\Norton Internet Security - Prověřit tento počítač - Tomáš Konvička.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 19:48]

2008-10-05 C:\Windows\Tasks\User_Feed_Synchronization-{46FDF2E0-3ABA-4772-BB96-E08BF8842F9C}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D17173CB-19A8-4708-AD3E-405A2CD6FAB2} - C:\PROGRA~1\STARTA~1\startaid.dll
Toolbar-{A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll
WebBrowser-{A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll
HKCU-Run-lphc9ojj0ecan - C:\Windows\system32\lphc9ojj0ecan.exe
HKLM-Run-lphc9ojj0ecan - C:\Windows\system32\lphc9ojj0ecan.exe


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.seznam.cz/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 -: {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 22:58:41
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-05 23:00:42
ComboFix-quarantined-files.txt 2008-10-05 21:00:33

Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 27,978,235,904

218 --- E O F --- 2008-09-17 01:21:51


HJT file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:44, on 5.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fscp] "C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10964 bytes