VIRUS ALERT PO DRUHE Vyřešeno

[acer3690]

ahoj, prosim o pomoc na hlavnim panulu vedle casu se mi objevil Virus alert!!! co stim prosim o jakoukoliv pomoc

tady je log z Hitjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:18, on 24.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WPMP150\miranda32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7704d1a4-bf74-a1b6-2b50-d3a28a36f072} - C:\WINDOWS\system32\tpjtnwllmyhba.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fpvcbnxkotfgw] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\tpjtnwllmyhba.dll" EntryPoint
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\WPMP150\miranda32.exe" "C:\Program Files\WPMP150\Profiles\MujProfil"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1490255031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7137160656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9492 bytes

[Reklama]

[jaro3]

Vítej na fóru PC-HELP!

Doufám , že máš OS 32bitovou verzi.
Postupuj následovně:
Vypni rezidentní štít u ESS.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[acer3690]

log z combofixu:

ComboFix 08-09-25.03 - Absender 2008-09-25 22:42:32.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1581 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Absender\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Absender\Oblˇben‚ polo§ky\Error Cleaner.url
C:\Documents and Settings\Absender\Oblˇben‚ polo§ky\Privacy Protector.url
C:\Documents and Settings\Absender\Oblˇben‚ polo§ky\Spyware&Malware Protection.url
C:\Documents and Settings\kačka\Cookies\kačka@ad.yieldmanager[1].txt
C:\Program Files\AntiMalwareGuard
C:\Program Files\AntiMalwareGuard\BL.dat
C:\Program Files\AntiMalwareGuard\WL.dat
C:\WINDOWS\arnta.dll
C:\WINDOWS\dfmlxbpkwxo.dll
C:\WINDOWS\eqxk.exe
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winitn.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-25 do 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-24 21:55 . 2008-09-24 21:55 71,814 --a------ C:\WINDOWS\system32\kiqhnisgnspant.exe
2008-09-24 21:27 . <DIR> C:\Documents and Settings\Absender\Data aplikací\TmpRecentIcons
2008-09-24 21:27 . 2008-09-24 17:45 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex
2008-09-24 00:45 . 2008-09-24 02:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 00:45 . 2008-09-24 00:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-23 18:30 . 2008-09-24 20:32 <DIR> d-------- C:\Program Files\Living Cell 3D Screensaver
2008-09-22 15:09 . 2008-09-22 15:09 167,936 --a------ C:\WINDOWS\system32\tpjtnwllmyhba.dll
2008-09-21 22:53 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Nero
2008-09-15 19:03 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Command & Conquer 3 Tiberium Wars
2008-09-15 18:56 . 2008-09-15 18:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-14 02:51 . 2008-09-14 02:51 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-09-14 02:49 . 2008-09-14 02:49 <DIR> d-------- C:\Program Files\Bonjour
2008-09-12 21:08 . 2008-09-12 21:08 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2008-09-12 21:08 . 2008-09-12 21:08 196,608 --a------ C:\WINDOWS\system32\maag.dll
2008-09-12 21:07 . 2008-09-12 21:20 <DIR> d-------- C:\Program Files\ALO Power Audio Converter
2008-09-07 03:11 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Real
2008-08-28 23:56 . 2008-08-28 23:56 <DIR> d-------- C:\e229fb66173e66e0aa96f2
2008-08-27 17:56 . 2008-08-27 17:56 <DIR> d-------- C:\Program Files\PowerISO
2008-08-27 17:41 . 2008-08-28 23:38 <DIR> d-------- C:\Program Files\Ford Street Racing
2008-08-26 13:49 . 2008-08-26 13:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 00:30 . 2008-09-02 22:56 <DIR> d-------- C:\Program Files\WPMP150

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 18:55 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Skype
2008-09-24 22:09 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-24 21:45 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Skype
2008-09-24 21:16 --------- d-----w C:\Program Files\Trojan Remover
2008-09-24 20:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-24 20:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 21:20 --------- d-----w C:\Program Files\ICQ6
2008-09-19 20:29 --------- d-s---w C:\Documents and Settings\Absender\Data aplikací\Microsoft
2008-09-17 17:26 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Image Zone Express
2008-09-17 11:16 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\Skype
2008-09-14 01:06 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Adobe
2008-09-14 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 19:08 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-12 19:08 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-12 19:08 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-12 19:08 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-12 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 17:25 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-09-10 20:49 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-09-05 15:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-04 15:59 --------- d-s---w C:\Documents and Settings\LocalService\Data aplikací\Microsoft
2008-08-30 19:49 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Winamp
2008-08-30 16:29 --------- d-----w C:\Program Files\Winamp
2008-08-27 11:23 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\ICQ
2008-08-23 23:54 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-23 23:13 --------- d-----w C:\Program Files\Codemasters
2008-08-23 19:20 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\ICQ
2008-08-22 19:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-22 19:28 249,856 ------w C:\WINDOWS\Setup1.exe
2008-08-22 08:59 --------- d-s---w C:\Documents and Settings\oluška\Data aplikací\Microsoft
2008-08-21 16:55 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\ICQ
2008-08-20 12:42 --------- d-----w C:\Program Files\City Interactive
2008-08-20 10:11 --------- d-----w C:\Program Files\Playlogic
2008-08-19 20:44 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 20:43 --------- d-----w C:\Program Files\MSBuild
2008-08-19 20:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-19 20:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-19 11:44 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Stellarium
2008-08-19 09:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 11:22 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\DAEMON Tools
2008-08-17 09:23 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Google
2008-08-16 10:40 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-16 10:39 --------- d-----w C:\Program Files\Logitech
2008-08-10 12:46 --------- d-----w C:\Program Files\ICQ614_45_23
2008-08-03 09:01 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\Skype
2008-08-01 13:47 --------- d-----w C:\Program Files\Skype
2008-08-01 13:34 --------- d-----w C:\Program Files\ICQToolbar
2008-08-01 13:34 --------- d-----w C:\Program Files\ICQ615_33_41
2008-07-26 23:02 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Google
2008-07-26 23:01 --------- d-----w C:\Program Files\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 13:09 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-03-17 20:27 0 ----a-w C:\Program Files\AstonWriteTest.txt
2007-08-06 12:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-04 09:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-03 19:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7704d1a4-bf74-a1b6-2b50-d3a28a36f072}]
2008-09-22 15:09 167936 --a------ C:\WINDOWS\system32\tpjtnwllmyhba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"fpvcbnxkotfgw"="C:\WINDOWS\system32\tpjtnwllmyhba.dll" [2008-09-22 167936]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Absender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
--a------ 2007-09-18 22:26 3850240 C:\Program Files\qipinfium9000\infium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-14 08:52 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 11:22 7618560 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"ares"="C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechSetup"=D:\Setup\Setup.exe /restart /l:enu
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Absender\\qip8020\\qip.exe"=
"C:\\Program Files\\Strong DC++\\StrongDC.exe"=
"C:\\Program Files\\qip8020\\qip.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\qipinfium9000\\infium.exe"=
"C:\\totalcmd\\Totalcmd_.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 355584]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-AtiExtEvent - (no file)
MSConfigStartUp-SpyEmergency - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
MSConfigStartUp-BGEye Helper App [Safety Checker] - (no file)


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://mojebanka.cz/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xportovat do aplikace Microsoft Excel
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 22:46:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-09-25 22:46:55
ComboFix-quarantined-files.txt 2008-09-25 20:46:53
ComboFix2.txt 2007-07-14 17:50:23

Před spuštěním: Volněch bajt…: 154˙709˙360˙640
Po spuštění: Volněch bajt…: 155,684,298,752

289 --- E O F --- 2008-09-10 12:04:22

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\kiqhnisgnspant.exe
C:\WINDOWS\system32\tpjtnwllmyhba.dll
C:\WINDOWS\fbxrqtwn.exe

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7704d1a4-bf74-a1b6-2b50-d3a28a36f072}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť
Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto dej otestovat na Virus Total:
viewtopic.php?f=70&t=5121
C:\WINDOWS\system32\akll.dll
C:\WINDOWS\system32\bkll.dll
C:\WINDOWS\system32\ckll.dll
C:\WINDOWS\system32\maag.dll
vlož sem pak všechny nálezy.
toto zkontroluj:
C:\e229fb66173e66e0aa96f2
Pokud je to update service pack , je vše v pořádku.

[acer3690]

Log z combofixu

ComboFix 08-09-25.05 - Absender 2008-09-26 12:42:25.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1542 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Absender\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Absender\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\kiqhnisgnspant.exe
C:\WINDOWS\system32\tpjtnwllmyhba.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kačka\Cookies\kačka@ad.yieldmanager[1].txt
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\kiqhnisgnspant.exe
C:\WINDOWS\system32\tpjtnwllmyhba.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-26 do 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-24 21:27 . <DIR> C:\Documents and Settings\Absender\Data aplikací\TmpRecentIcons
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex
2008-09-24 00:45 . 2008-09-25 23:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 00:45 . 2008-09-24 00:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-23 18:30 . 2008-09-24 20:32 <DIR> d-------- C:\Program Files\Living Cell 3D Screensaver
2008-09-21 22:53 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Nero
2008-09-15 19:03 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Command & Conquer 3 Tiberium Wars
2008-09-15 18:56 . 2008-09-15 18:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-14 02:51 . 2008-09-14 02:51 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-09-14 02:49 . 2008-09-14 02:49 <DIR> d-------- C:\Program Files\Bonjour
2008-09-12 21:08 . 2008-09-12 21:08 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2008-09-12 21:08 . 2008-09-12 21:08 196,608 --a------ C:\WINDOWS\system32\maag.dll
2008-09-12 21:07 . 2008-09-12 21:20 <DIR> d-------- C:\Program Files\ALO Power Audio Converter
2008-09-07 03:11 . <DIR> C:\Documents and Settings\Absender\Data aplikací\Real
2008-08-28 23:56 . 2008-08-28 23:56 <DIR> d-------- C:\e229fb66173e66e0aa96f2
2008-08-27 17:56 . 2008-08-27 17:56 <DIR> d-------- C:\Program Files\PowerISO
2008-08-27 17:41 . 2008-08-28 23:38 <DIR> d-------- C:\Program Files\Ford Street Racing
2008-08-26 13:49 . 2008-08-26 13:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 10:04 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Skype
2008-09-25 21:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-24 21:45 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Skype
2008-09-24 21:16 --------- d-----w C:\Program Files\Trojan Remover
2008-09-24 20:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-24 20:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 21:20 --------- d-----w C:\Program Files\ICQ6
2008-09-19 20:29 --------- d-s---w C:\Documents and Settings\Absender\Data aplikací\Microsoft
2008-09-17 17:26 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Image Zone Express
2008-09-17 11:16 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\Skype
2008-09-14 01:06 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Adobe
2008-09-14 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 19:08 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-12 19:08 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-12 19:08 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-12 19:08 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-12 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 17:25 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-09-10 20:49 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-09-05 15:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-04 15:59 --------- d-s---w C:\Documents and Settings\LocalService\Data aplikací\Microsoft
2008-09-02 20:56 --------- d-----w C:\Program Files\WPMP150
2008-08-30 19:49 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Winamp
2008-08-30 16:29 --------- d-----w C:\Program Files\Winamp
2008-08-27 11:23 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\ICQ
2008-08-23 23:54 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-23 23:13 --------- d-----w C:\Program Files\Codemasters
2008-08-23 19:20 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\ICQ
2008-08-22 19:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-22 19:28 249,856 ------w C:\WINDOWS\Setup1.exe
2008-08-22 08:59 --------- d-s---w C:\Documents and Settings\oluška\Data aplikací\Microsoft
2008-08-21 16:55 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\ICQ
2008-08-20 12:42 --------- d-----w C:\Program Files\City Interactive
2008-08-20 10:11 --------- d-----w C:\Program Files\Playlogic
2008-08-19 20:44 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 20:43 --------- d-----w C:\Program Files\MSBuild
2008-08-19 20:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-19 20:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-19 11:44 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Stellarium
2008-08-19 09:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 11:22 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\DAEMON Tools
2008-08-17 09:23 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Google
2008-08-16 10:40 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-16 10:39 --------- d-----w C:\Program Files\Logitech
2008-08-10 12:46 --------- d-----w C:\Program Files\ICQ614_45_23
2008-08-03 09:01 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\Skype
2008-08-01 13:47 --------- d-----w C:\Program Files\Skype
2008-08-01 13:34 --------- d-----w C:\Program Files\ICQToolbar
2008-08-01 13:34 --------- d-----w C:\Program Files\ICQ615_33_41
2008-07-26 23:02 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Google
2008-07-26 23:01 --------- d-----w C:\Program Files\Google
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 13:09 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-03-17 20:27 0 ----a-w C:\Program Files\AstonWriteTest.txt
2007-08-06 12:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-04 09:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-03 19:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Absender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
--a------ 2007-09-18 22:26 3850240 C:\Program Files\qipinfium9000\infium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-14 08:52 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 11:22 7618560 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"ares"="C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechSetup"=D:\Setup\Setup.exe /restart /l:enu
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Absender\\qip8020\\qip.exe"=
"C:\\Program Files\\Strong DC++\\StrongDC.exe"=
"C:\\Program Files\\qip8020\\qip.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\qipinfium9000\\infium.exe"=
"C:\\totalcmd\\Totalcmd_.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 355584]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{7704d1a4-bf74-a1b6-2b50-d3a28a36f072} - C:\WINDOWS\system32\tpjtnwllmyhba.dll
HKLM-Run-fpvcbnxkotfgw - C:\WINDOWS\system32\tpjtnwllmyhba.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 12:44:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-09-26 12:45:12
ComboFix-quarantined-files.txt 2008-09-26 10:45:09
ComboFix2.txt 2008-09-25 20:46:56
ComboFix3.txt 2007-07-14 17:50:23

Před spuštěním: Volněch bajt…: 155˙600˙662˙528
Po spuštění: Volněch bajt…: 155,600,769,024

265 --- E O F --- 2008-09-10 12:04:22

log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:07, on 26.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mojebanka.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1490255031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7137160656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8366 bytes

vysledky z virustotal:

Soubor akll.dll přijatý 2008.09.26 12:57:44 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/36 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 37 a 53 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.26 -
Authentium 5.1.0.4 2008.09.25 -
Avast 4.8.1195.0 2008.09.25 -
AVG 8.0.0.161 2008.09.26 -
BitDefender 7.2 2008.09.26 -
CAT-QuickHeal 9.50 2008.09.26 -
ClamAV 0.93.1 2008.09.26 -
DrWeb 4.44.0.09170 2008.09.26 -
eSafe 7.0.17.0 2008.09.25 -
eTrust-Vet 31.6.6108 2008.09.26 -
Ewido 4.0 2008.09.26 -
F-Prot 4.4.4.56 2008.09.25 -
F-Secure 8.0.14332.0 2008.09.26 -
Fortinet 3.113.0.0 2008.09.26 -
GData 19 2008.09.26 -
Ikarus T3.1.1.34.0 2008.09.26 -
K7AntiVirus 7.10.473 2008.09.25 -
Kaspersky 7.0.0.125 2008.09.26 -
McAfee 5392 2008.09.25 -
Microsoft 1.3903 2008.09.26 -
NOD32 3473 2008.09.26 -
Norman 5.80.02 2008.09.25 -
Panda 9.0.0.4 2008.09.25 -
PCTools 4.4.2.0 2008.09.25 -
Prevx1 V2 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
SecureWeb-Gateway 6.7.6 2008.09.26 -
Sophos 4.34.0 2008.09.26 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.26 -
TheHacker 6.3.0.9.094 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.26 -
ViRobot 2008.9.26.1393 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.25 -
Rozšiřující informace
File size: 1986560 bytes
MD5...: b8b7717842b61241d5a09ac86835eee5
SHA1..: e6f1d73499e59e1b6f92fed2abec910030193ba4
SHA256: e41a8bc7b148c5a5a8fe98b77146421d070a2675889a12e7a54994e819329755
SHA512: 927cf640921f784dfd4505ee920eb2bcc9cc0dc30772b250100559536ca870b3
aab13b42104f883614384f19181350154ebeee576b9b9340e63ebe5c4bfddb67
PEiD..: -
TrID..: File type identification
DirectShow filter (53.1%)
Windows OCX File (32.5%)
Win32 EXE PECompact compressed (generic) (10.9%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1008b283
timedatestamp.....: 0x421de576 (Thu Feb 24 14:32:22 2005)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x968fe 0x97000 6.54 64a9ad92cd8715319eb581622e6a301a
.rdata 0x98000 0x20dfa 0x21000 6.11 ea5e7168fe2929e965708ebdbc6a9524
.data 0xb9000 0xf2374 0xe9000 2.19 76c90585a8dac41188cdf39b45c785b5
.rsrc 0x1ac000 0x3af00 0x3b000 4.56 480e79f321fdd71d84b9467576bed7f2
.reloc 0x1e7000 0x7302 0x8000 5.35 67a4abfc11f3cbce001a68aa032875f7

( 10 imports )
> AVIFIL32.dll: AVIFileRelease, AVIStreamRelease, AVIFileExit, AVIStreamRead, AVIStreamReadFormat, AVIFileOpenA, AVIFileGetStream, AVIStreamInfoA
> MSACM32.dll: acmDriverClose, acmFormatDetailsA, acmFormatTagDetailsA, acmDriverOpen, acmFormatSuggest, acmMetrics, acmStreamClose, acmStreamConvert, acmDriverID, acmStreamOpen, acmFormatChooseA, acmStreamSize, acmStreamUnprepareHeader, acmStreamPrepareHeader
> WINMM.dll: mmioAscend, mmioWrite, mmioCreateChunk, mmioOpenA, mmioRead, mmioFlush, mmioGetInfo, mmioClose, mmioDescend, mmioSeek
> KERNEL32.dll: VirtualQuery, GetSystemInfo, VirtualProtect, HeapFree, HeapAlloc, GetProcessHeap, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, EnterCriticalSection, LeaveCriticalSection, GetLastError, FlushInstructionCache, GetCurrentProcess, GlobalAlloc, FindResourceA, GetCurrentThreadId, lstrlenA, lstrcpyA, SetLastError, MulDiv, GlobalUnlock, GlobalLock, lstrcmpA, GetModuleFileNameA, GlobalFree, GlobalHandle, LockResource, LoadResource, LocalAlloc, LocalFree, GetProcAddress, GetSystemDirectoryA, LoadLibraryA, FreeLibrary, SetEndOfFile, CreateFileA, ReadFile, SetFilePointer, GetFileSize, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiA, lstrcatA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, SizeofResource, LoadLibraryExA, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, SetUnhandledExceptionFilter, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, WriteFile, GetCommandLineA, TlsSetValue, TerminateProcess, GetModuleHandleA, ExitProcess, HeapReAlloc, RtlUnwind, RaiseException, LCMapStringA, LCMapStringW, SetStdHandle, FlushFileBuffers, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetSystemTimeAsFileTime, GetStringTypeW, IsBadWritePtr, TlsFree, TlsGetValue, TlsAlloc, GetOEMCP, GetCPInfo, HeapSize, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, CloseHandle
> USER32.dll: GetWindow, IsChild, GetFocus, SendMessageA, SetFocus, RedrawWindow, SetWindowPos, GetClassNameA, GetParent, CharNextA, BeginPaint, GetDlgItem, CallWindowProcA, GetDesktopWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, GetClientRect, FillRect, SetCapture, ReleaseCapture, GetSysColor, DestroyWindow, EndDialog, CharUpperBuffA, DefWindowProcA, DestroyAcceleratorTable, LoadStringA, GetWindowLongA, SetWindowLongA, GetActiveWindow, CreateAcceleratorTableA, CreateWindowExA, RegisterClassExA, wsprintfA, LoadCursorA, GetClassInfoExA, SetWindowTextA, GetWindowTextA, GetWindowTextLengthA, RegisterWindowMessageA, DialogBoxIndirectParamA, SetWindowContextHelpId, MapDialogRect, EndPaint, IsWindow, UnregisterClassA
> GDI32.dll: CreateSolidBrush, GetStockObject, GetObjectA, SelectObject, DeleteDC, CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, DeleteObject, GetDeviceCaps
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey
> ole32.dll: StringFromGUID2, CoTaskMemFree, CoTaskMemAlloc, OleLockRunning, CreateStreamOnHGlobal, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, CoCreateInstance, OleInitialize, OleUninitialize, CoTaskMemRealloc, ProgIDFromCLSID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFindExtensionA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

2. vysledek z VirusTotal:

Soubor bkll.dll přijatý 2008.09.26 13:01:27 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/36 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.26 -
Authentium 5.1.0.4 2008.09.25 -
Avast 4.8.1195.0 2008.09.25 -
AVG 8.0.0.161 2008.09.26 -
BitDefender 7.2 2008.09.26 -
CAT-QuickHeal 9.50 2008.09.26 -
ClamAV 0.93.1 2008.09.26 -
DrWeb 4.44.0.09170 2008.09.26 -
eSafe 7.0.17.0 2008.09.25 -
eTrust-Vet 31.6.6108 2008.09.26 -
Ewido 4.0 2008.09.26 -
F-Prot 4.4.4.56 2008.09.25 -
F-Secure 8.0.14332.0 2008.09.26 -
Fortinet 3.113.0.0 2008.09.26 -
GData 19 2008.09.26 -
Ikarus T3.1.1.34.0 2008.09.26 -
K7AntiVirus 7.10.473 2008.09.25 -
Kaspersky 7.0.0.125 2008.09.26 -
McAfee 5392 2008.09.25 -
Microsoft 1.3903 2008.09.26 -
NOD32 3473 2008.09.26 -
Norman 5.80.02 2008.09.25 -
Panda 9.0.0.4 2008.09.25 -
PCTools 4.4.2.0 2008.09.25 -
Prevx1 V2 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
SecureWeb-Gateway 6.7.6 2008.09.26 -
Sophos 4.34.0 2008.09.26 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.26 -
TheHacker 6.3.0.9.094 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.26 -
ViRobot 2008.9.26.1393 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.25 -
Rozšiřující informace
File size: 1245184 bytes
MD5...: 8f9f125120d204ae2457eb91276e355e
SHA1..: 8b5955f4b62c40dc9a181aa7133d3b14e64e2ce7
SHA256: 81cc74eeed119048281526a25a257061e81bd58fbdb194a4cb4cdbafa8d761c8
SHA512: 19f8152d5dafc04627b6ffcd66c5db3bedac6bbf7682d0b99a36ae44dad7e562
5b8f7a1bb6f0488e9f10b3daa4b1a8dc607f64667b9e1a1073f3c5e23f408001
PEiD..: -
TrID..: File type identification
DirectShow filter (53.7%)
Windows OCX File (32.9%)
Win32 Executable MS Visual C++ (generic) (10.0%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100d3473
timedatestamp.....: 0x420a0300 (Wed Feb 09 12:33:04 2005)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd30e4 0xd4000 6.69 73d36fc780101636ca9b9c419aa49bce
.stabss 0xd5000 0xbdb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xe1000 0x3a3e6 0x3b000 6.27 f095c64a385be32c5c81bff6b7f7734f
.data 0x11c000 0x43c 0x1000 1.26 d955878893302eba0fd5f148f6489cdd
.stadat 0x11d000 0x11d4c 0x12000 4.16 11df1b8df4d3bf47bdc724457ab861dd
.rsrc 0x12f000 0x28f0 0x3000 4.24 4d6ddecb5b2cf6d944ce4596a75dcc35
.reloc 0x132000 0x979a 0xa000 6.00 832baa3fe77ca1a1761c28e36cbdd7a0

( 9 imports )
> WINMM.dll: timeGetTime
> WS2_32.dll: -
> KERNEL32.dll: lstrcmpiA, lstrcpyA, lstrcatA, GetModuleFileNameA, lstrcpynA, IsDBCSLeadByte, InterlockedIncrement, InterlockedDecrement, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap, lstrlenA, WriteFile, CloseHandle, ReadFile, CreateFileA, GetProcAddress, LoadLibraryA, Sleep, GetCurrentDirectoryA, TerminateThread, CreateThread, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, lstrlenW, WideCharToMultiByte, GetVersionExA, MultiByteToWideChar, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, MulDiv, GetTickCount, QueryPerformanceCounter, ExitProcess, SetFilePointer, DeleteFileA, LocalFree
> USER32.dll: CharNextA, LoadStringA
> ADVAPI32.dll: RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, RegQueryValueExA
> ole32.dll: CoTaskMemFree, StringFromGUID2, CLSIDFromString, ProgIDFromCLSID, CoTaskMemAlloc, OleRun, CoCreateInstance, CoTaskMemRealloc, CLSIDFromProgID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFindExtensionA
> MSVCR70.dll: _open, _write, _close, _itoa, _stricmp, _swab, _strdup, _read, _fstat, _lseek, _CxxThrowException, _adjust_fdiv, _initterm, _terminate@@YAXXZ, _onexit, __dllonexit, __security_error_handler, __1type_info@@UAE@XZ, memset, vfprintf, toupper, _assert, strpbrk, putchar, _ftime, _except_handler3, malloc, free, __3@YAXPAX@Z, ___V@YAXPAX@Z, __CxxFrameHandler, realloc, ___U@YAPAXI@Z, memmove, sprintf, _purecall, wcslen, strncmp, _wcsicmp, _splitpath, __2@YAPAXI@Z, iswdigit, floor, ceil, getenv, exit, strrchr, fwrite, fopen, printf, fclose, fseek, strchr, strtoul, isalnum, isspace, fgets, atoi, strerror, _errno, fprintf, sscanf, calloc, _vsnprintf, strtol, strtod, _CIpow, strncpy, strtok, _snprintf, strstr, isprint, _iob, perror, localtime, time, rand, srand, atof, signal, abort, ctime, mktime

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

3. vysledek z virus total:

Soubor ckll.dll přijatý 2008.09.26 13:05:25 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/36 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.26 -
Authentium 5.1.0.4 2008.09.25 -
Avast 4.8.1195.0 2008.09.25 -
AVG 8.0.0.161 2008.09.26 -
BitDefender 7.2 2008.09.26 -
CAT-QuickHeal 9.50 2008.09.26 -
ClamAV 0.93.1 2008.09.26 -
DrWeb 4.44.0.09170 2008.09.26 -
eSafe 7.0.17.0 2008.09.25 -
eTrust-Vet 31.6.6108 2008.09.26 -
Ewido 4.0 2008.09.26 -
F-Prot 4.4.4.56 2008.09.25 -
F-Secure 8.0.14332.0 2008.09.26 -
Fortinet 3.113.0.0 2008.09.26 -
GData 19 2008.09.26 -
Ikarus T3.1.1.34.0 2008.09.26 -
K7AntiVirus 7.10.473 2008.09.25 -
Kaspersky 7.0.0.125 2008.09.26 -
McAfee 5392 2008.09.25 -
Microsoft 1.3903 2008.09.26 -
NOD32 3473 2008.09.26 -
Norman 5.80.02 2008.09.25 -
Panda 9.0.0.4 2008.09.25 -
PCTools 4.4.2.0 2008.09.25 -
Prevx1 V2 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
SecureWeb-Gateway 6.7.6 2008.09.26 -
Sophos 4.34.0 2008.09.26 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.26 -
TheHacker 6.3.0.9.094 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.26 -
ViRobot 2008.9.26.1393 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.25 -
Rozšiřující informace
File size: 1212416 bytes
MD5...: d872d2f8f9065e34e8f286e81ef38bb6
SHA1..: 1400700707a1da14947b41719a5f9740f0c099ab
SHA256: 9843ae6eeafc9b9d8afd8f29a4b447449528280141ad2a26df085ae081523a1f
SHA512: 14470f0f8eb68b595a9609966597b4bc0704c9cebe21be3958039a8457723293
d40f1989b3ab35d726cf1b5dd3451e4b464fa660a6731f88249d3ec74a4ef8a0
PEiD..: -
TrID..: File type identification
DirectShow filter (53.7%)
Windows OCX File (32.9%)
Win32 Executable MS Visual C++ (generic) (10.0%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1004940e
timedatestamp.....: 0x421d9a2b (Thu Feb 24 09:11:07 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x69f59 0x6a000 5.81 a7dacc62b6f95a9be831eeeb2585e447
.rdata 0x6b000 0x66634 0x67000 0.99 5eae8d4ef51bbdfa77e3c6530222d92d
.data 0xd2000 0xd71c 0xb000 3.62 7603fd509576dfe07e832fb733f91110
.idata 0xe0000 0x1edf 0x2000 4.61 99e452e2065e589700aa5fbe70206cd4
.rsrc 0xe2000 0x43a53 0x44000 4.23 5bac85a141f97ef98e413290d262a399
.reloc 0x126000 0x4c9e 0x5000 5.68 e917e605cebcb80ced5c0912817d60ad

( 10 imports )
> WINMM.dll: mmioClose, mmioOpenA, mmioAscend, mmioRead, mmioWrite, mmioCreateChunk, mmioStringToFOURCCA, mmioDescend
> MSACM32.dll: acmDriverClose, acmFormatTagDetailsA, acmDriverOpen, acmStreamClose, acmDriverID, acmStreamSize, acmStreamOpen, acmFormatSuggest, acmMetrics, acmFormatDetailsA
> AVIFIL32.dll: AVIStreamReadFormat, AVIFileOpenA, AVIFileGetStream, AVIFileRelease, AVIStreamRelease, AVIFileExit, AVIStreamInfoA
> KERNEL32.dll: InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, MultiByteToWideChar, lstrlenW, EnterCriticalSection, LeaveCriticalSection, GetLastError, FlushInstructionCache, GetCurrentProcess, HeapFree, GetProcessHeap, HeapAlloc, WideCharToMultiByte, GlobalAlloc, FindResourceA, MulDiv, GetCurrentThreadId, lstrlenA, lstrcpyA, SetLastError, GlobalUnlock, GlobalLock, lstrcmpA, GetModuleFileNameA, GlobalFree, GlobalHandle, LockResource, LoadResource, SetFileAttributesA, GetFileAttributesA, CloseHandle, CreateFileA, ReadFile, SetFilePointer, GetFileSize, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiA, lstrcatA, DisableThreadLibraryCalls, GetSystemInfo, InterlockedDecrement, GetCPInfo, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadLibraryExA, GetOEMCP, SetStdHandle, GetStartupInfoA, GetStdHandle, SetHandleCount, TlsAlloc, GetCurrentThread, TlsGetValue, TlsFree, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, SetUnhandledExceptionFilter, FatalAppExitA, GetCommandLineA, TlsSetValue, SetEndOfFile, TerminateProcess, GetModuleHandleA, GetProcAddress, ExitProcess, HeapReAlloc, DeleteFileA, MoveFileA, GetFileType, RtlUnwind, RaiseException, GetSystemTimeAsFileTime, IsBadReadPtr, IsBadCodePtr, GetTickCount, UnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, LoadLibraryA, VirtualProtect, VirtualQuery, SetConsoleCtrlHandler, GetTimeZoneInformation, GetLocaleInfoW, WriteFile, FlushFileBuffers, HeapSize, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, LCMapStringA, LCMapStringW, lstrcpynA, QueryPerformanceCounter, CompareStringA, CompareStringW, SetEnvironmentVariableA, InterlockedIncrement, GetCurrentProcessId
> USER32.dll: GetClassNameA, GetParent, CreateAcceleratorTableA, CreateWindowExA, RegisterClassExA, wsprintfA, SetWindowPos, LoadCursorA, IsWindow, GetDlgItem, SendMessageA, GetFocus, IsChild, GetWindow, SetFocus, BeginPaint, EndPaint, CallWindowProcA, GetDesktopWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, GetClientRect, FillRect, SetCapture, ReleaseCapture, GetSysColor, DestroyWindow, EndDialog, CharUpperBuffA, DefWindowProcA, DestroyAcceleratorTable, LoadStringA, GetWindowLongA, SetWindowLongA, GetClassInfoExA, SetWindowTextA, GetWindowTextA, GetWindowTextLengthA, RegisterWindowMessageA, DialogBoxIndirectParamA, UnregisterClassA, SetWindowContextHelpId, MapDialogRect, RedrawWindow, CharNextA, GetActiveWindow
> GDI32.dll: SelectObject, DeleteDC, CreateSolidBrush, CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, GetDeviceCaps, GetObjectA, GetStockObject, DeleteObject
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA
> ole32.dll: CoTaskMemAlloc, StringFromGUID2, OleLockRunning, CoTaskMemFree, CoCreateInstance, CreateStreamOnHGlobal, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, OleInitialize, OleUninitialize, CoTaskMemRealloc, ProgIDFromCLSID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFindExtensionA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

4.vysledek z virus total:

Soubor maag.dll přijatý 2008.09.26 13:08:58 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/36 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 37 a 53 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.26 -
Authentium 5.1.0.4 2008.09.25 -
Avast 4.8.1195.0 2008.09.25 -
AVG 8.0.0.161 2008.09.26 -
BitDefender 7.2 2008.09.26 -
CAT-QuickHeal 9.50 2008.09.26 -
ClamAV 0.93.1 2008.09.26 -
DrWeb 4.44.0.09170 2008.09.26 -
eSafe 7.0.17.0 2008.09.25 -
eTrust-Vet 31.6.6108 2008.09.26 -
Ewido 4.0 2008.09.26 -
F-Prot 4.4.4.56 2008.09.25 -
F-Secure 8.0.14332.0 2008.09.26 -
Fortinet 3.113.0.0 2008.09.26 -
GData 19 2008.09.26 -
Ikarus T3.1.1.34.0 2008.09.26 -
K7AntiVirus 7.10.473 2008.09.25 -
Kaspersky 7.0.0.125 2008.09.26 -
McAfee 5392 2008.09.25 -
Microsoft 1.3903 2008.09.26 -
NOD32 3473 2008.09.26 -
Norman 5.80.02 2008.09.25 -
Panda 9.0.0.4 2008.09.25 -
PCTools 4.4.2.0 2008.09.25 -
Prevx1 V2 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
SecureWeb-Gateway 6.7.6 2008.09.26 -
Sophos 4.34.0 2008.09.26 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.26 -
TheHacker 6.3.0.9.094 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.26 -
ViRobot 2008.9.26.1393 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.25 -
Rozšiřující informace
File size: 196608 bytes
MD5...: fbd2c562b4cd14c0107804433acf7fe2
SHA1..: fd46d3d9f3714c9daaf9d3417219c429be403687
SHA256: 7d84297b23b38ba5511462dcf8ca81bf98b7e029587bb9508e4719ab053f53bf
SHA512: df37900a774443bfb1e5d2e6d54433ce61636515fd502b0079f1baf6ef302abb
b6fb3bd61ab0a40a62f23ca88b28918142cb764439f7f7b9cc67cd28fbb90d26
PEiD..: -
TrID..: File type identification
DirectShow filter (53.7%)
Windows OCX File (32.9%)
Win32 Executable MS Visual C++ (generic) (10.0%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10011ea6
timedatestamp.....: 0x40ac9555 (Thu May 20 11:24:05 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11d8e 0x12000 6.32 d6464e25e1d83141fceaa2db82f660f2
.rdata 0x13000 0x3f58 0x4000 4.89 74c8fca54411b794e8953670afb06a88
.data 0x17000 0x4b8 0x1000 1.14 bcb81e49fcf01b6a61ea6ee3b54cff56
.rsrc 0x18000 0x15db8 0x16000 2.83 1b5df5076e44a5f5c779cd65b1830481
.reloc 0x2e000 0x1932 0x2000 4.85 bb964f5a7af5fbe3bf71336f6c001f73

( 9 imports )
> WMVCore.DLL: WMCreateSyncReader, WMCreateProfileManager, WMCreateEditor, WMCreateWriter
> MSVCR70.dll: _adjust_fdiv, _initterm, _CxxThrowException, _except_handler3, malloc, free, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, ___V@YAXPAX@Z, realloc, ___U@YAPAXI@Z, swprintf, swscanf, wcsncmp, exit, wcscmp, _wcslwr, __1type_info@@UAE@XZ, _terminate@@YAXXZ, __dllonexit, _onexit, memset, __security_error_handler
> KERNEL32.dll: GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, ExitProcess, LocalFree, LockResource, GlobalHandle, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetLastError, lstrlenA, lstrcmpiA, lstrcpyA, lstrcatA, GetModuleFileNameA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, FlushInstructionCache, GetCurrentProcess, HeapFree, GetProcessHeap, HeapAlloc, GlobalAlloc, GetCurrentThreadId, SetLastError, MulDiv, GlobalUnlock, GlobalLock, lstrcmpA, GetWindowsDirectoryA, GlobalFree
> USER32.dll: SetWindowContextHelpId, GetActiveWindow, DialogBoxIndirectParamA, RegisterWindowMessageA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, GetClassInfoExA, LoadCursorA, wsprintfA, RegisterClassExA, CreateWindowExA, MapDialogRect, GetParent, GetClassNameA, SetWindowPos, RedrawWindow, IsWindow, GetDlgItem, SendMessageA, GetFocus, IsChild, GetWindow, SetFocus, BeginPaint, CreateAcceleratorTableA, EndPaint, CallWindowProcA, GetDesktopWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, GetClientRect, SetCapture, ReleaseCapture, GetSysColor, DestroyWindow, EndDialog, CharUpperBuffA, DefWindowProcA, DestroyAcceleratorTable, LoadStringA, GetWindowLongA, SetWindowLongA, CharNextA, UnregisterClassA, FillRect
> GDI32.dll: GetDeviceCaps, GetStockObject, CreateSolidBrush, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, DeleteDC, SelectObject, GetObjectA, DeleteObject
> ADVAPI32.dll: RegOpenKeyExA, RegCreateKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA
> ole32.dll: CoGetClassObject, CreateStreamOnHGlobal, OleLockRunning, ProgIDFromCLSID, CLSIDFromProgID, StringFromGUID2, CoCreateInstance, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, OleInitialize, OleUninitialize, OleRun
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFindExtensionA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

[jaro3]

Odinstaluj Yahoo Toolbar.
Poté fixni v HJT toto:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)    
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} –

Napiš jak vypadá comp.Log neposílej.

[acer3690]

fixunul jsem vse co jsi chtel, ale nevim co ti mam k tomu napsat no jo jsem blbej

ale vazne dik pokud to je vse a bude to v pohode tak vazne dik hodne jsi mi pomohl

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

[acer3690]

dik hotovo a odinstalovano

jeste jednou moc dik

[CZechBoY]

označ za vyřešený, až si ti to nebude opakovat, testuj pak když se ti to zas napíše tak sem napiš

[acer3690]

vyreseno

neboj napisu

[jaro3]

Není zač, dej fajfku vyřešeno..