PC-HELP.CZ

Dobrý den!

Jsem naprosty lajik kdyz jde o antivir a potreboval bych pomoct s timhle virem.kamaradka mi to poslala na ICQ a ja to naivne stahl.Obevi se bila obrazovka a chce to po mne nejaky kod,ale musim odeslat SMS.Co bych mel udelat?Pocitac jsem spustil v nouzovem rezimu a co ted?Doufam ze mi poradite:)

Projel jsem to MbAM,vylezlo mi todle

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2615
Windows 5.1.2600 Service Pack 2 (Safe Mode)

13.8.2009 11:29:51
mbam-log-2009-08-13 (11-29-43).txt

Typ skenu: Rychlý sken
Objektu skenováno: 87208
Uplynulý cas: 2 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 3
Infikované položky dat registru: 4
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\antivirus2008y (Rogue.AntiVirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\antivirus2008y (Rogue.AntiVirus2008) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\portmap.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus2008y (Rogue.AntiVirus2008) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Agent) -> Data: c:\windows\system32\portmap.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Agent) -> Data: system32\portmap.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\Quick Office.lnk (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\portmap.exe (Trojan.Agent) -> No action taken.

Projeď to ešte HJT http://www.pc-help.cz/viewtopic.php?f=70&t=5119 a počkej až ti někdo poradí :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:33, on 13.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Antivirus2008y] C:\Program Files\Antivirus2008y\antvrs.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Startup: Registration Assassin's Creed.LNK = D:\Games\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10244 bytes

No zo je paseka. Zkus odinstalovat: free-downloads.net Toolbar, Megaupload Toolbar , myBabylon_English Toolbar, ICQ6Toolbar a Logitech Desktop Messenger.
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
*****************************************************************************************************************************************
Potom spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Vsechno jsem udelal,soubory odstranil avsak po odstraneni souboru to po me chtelo restart PC,coz jsem udelal.Po nacteni PC bezi normalne(neni treba nouzovy rezim).Nenalezl jsem vsak log po smazani,i kdyz mi MbAM psal ze ho ulozil.Je to problem?Momentalne stahuji ComboFix

mboFix 09-08-10.06 - admin 13.08.2009 13:12.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1609 [GMT 2:00]
Spuštěný z: c:\program files\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\admin\LOCALS~1\Temp\pinch.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 11:09 . 2009-08-13 11:09 3124187 ----a-r- c:\program files\ComboFix.exe
2009-08-13 09:39 . 2009-08-13 09:39 -------- d-----w- c:\program files\Trend Micro
2009-08-13 09:39 . 2009-08-13 09:39 812344 ----a-w- c:\program files\HJTInstall.exe
2009-08-13 09:23 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 09:23 . 2009-08-13 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 09:23 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 09:23 . 2009-08-13 09:23 3942048 ----a-w- c:\program files\mbam-setup.exe
2009-08-02 12:57 . 2009-08-02 12:57 -------- d-----w- c:\program files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 10:56 . 2008-08-31 09:45 -------- d-----w- c:\program files\free-downloads.net
2009-08-13 10:45 . 2007-12-16 14:01 -------- d-----w- c:\program files\Logitech
2009-08-02 12:58 . 2007-12-16 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 11:12 . 2009-03-19 14:25 -------- d-----w- c:\program files\Metin2_TESTER
2009-06-30 06:00 . 2008-12-09 16:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-22 18:59 . 2008-11-21 18:25 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-22 18:59 . 2008-11-21 18:25 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-05-08 12:09 . 2009-05-08 12:09 1878888 ----a-w- c:\program files\install_flash_player.exe
.

------- Sigcheck -------

[7] 2007-10-11 06:10 667136 20DBD2AA8E1BC32BC8CAA03BD44F8D4E c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-11 06:14 805376 AB6525DB8A79B0C4EDB42DD43ACFEE0E c:\windows\system32\wininet.dll
[-] 2007-10-11 06:14 805376 AB6525DB8A79B0C4EDB42DD43ACFEE0E c:\windows\system32\dllcache\wininet.dll
[7] 2007-10-11 06:14 660480 11CAE3F562451FEDA69FEFE453657D2E c:\windows\VistaMizer\old\wininet.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\system32\winlogon.exe
[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\VistaMizer\old\winlogon.exe

[7] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:05 2059776 C80BCA19AA7D4DC37857E9F8250756DA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 16:04 2275328 892A3E52256DDF5727DD3E6E1CD265E7 c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 16:04 2275328 892A3E52256DDF5727DD3E6E1CD265E7 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\VistaMizer\old\ntkrnlpa.exe

[7] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:05 2182528 C09CA7FAFFC40BBFACEEB9F0F429F673 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 16:04 2395648 698E57EB4D72D85EE4C7B91729256096 c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 16:04 2395648 698E57EB4D72D85EE4C7B91729256096 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\explorer.exe
[7] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\VistaMizer\old\ctfmon.exe

[7] 2007-10-30 09:58 3086848 F78A71834C592859A55513D7CD22C6E1 c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 10:19 3472384 6F5E46E259DC11D0B958EAEEAB901921 c:\windows\system32\mshtml.dll
[-] 2007-10-30 10:19 3472384 6F5E46E259DC11D0B958EAEEAB901921 c:\windows\system32\dllcache\mshtml.dll
[7] 2007-10-30 10:19 3079680 72A740DB336912F140C4C0F3C6E73EF9 c:\windows\VistaMizer\old\mshtml.dll

[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\system32\comres.dll
[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\system32\dllcache\comres.dll
[7] 2004-08-17 13:49 806912 B44F68274AB7B8A54E9AD74AFF0EFAAC c:\windows\VistaMizer\old\comres.dll

[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 15:51 617472 E26B26189B786E6B092F002041D5A1E2 c:\windows\VistaMizer\old\comctl32.dll
[7] 2001-09-20 13:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-17 13:48 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1825792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-22 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 25088]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-1 625952]
Registration Assassin's Creed.LNK - d:\games\Register\RegistrationReminder.exe [2009-8-2 967304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-17 784912]
Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2008-11-9 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Bulanci\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\admin\\Dokumenty\\Downloads\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Games\\spel\\CS1.6\\hl.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"d:\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"d:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\AssassinsCreed_Dx9.exe"=
"d:\\Games\\AssassinsCreed_Dx10.exe"=
"d:\\Games\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64875:TCP"= 64875:TCP:BitTorrent

R0 Stlth317;Stlth317;c:\windows\system32\drivers\stlth317.sys [7.8.2002 17:00 83360]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 22:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 22:30 20560]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21.11.2008 20:25 13224]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [4.12.2008 17:16 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [4.12.2008 17:17 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [4.12.2008 17:17 97088]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [4.12.2008 17:17 86432]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)

.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\el3veq2z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 13:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1336601894-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-08-13 13:16
ComboFix-quarantined-files.txt 2009-08-13 11:16

Před spuštěním: 4 346 101 760
Po spuštění: 4 395 024 384

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

221 --- E O F --- 2007-12-25 20:03

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \portmap.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\free-downloads.net
c:\program files\ICQ6Toolbar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování PC

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5014-22C2.

Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\free-downloads.net
c:\program files\free-downloads.net\INSTALL.LOG
c:\program files\free-downloads.net\toolbar.cfg
c:\program files\free-downloads.net\UNWISE.EXE
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 11:09 . 2009-08-13 11:09 3124187 ----a-r- c:\program files\ComboFix.exe
2009-08-13 09:39 . 2009-08-13 09:39 -------- d-----w- c:\program files\Trend Micro
2009-08-13 09:39 . 2009-08-13 09:39 812344 ----a-w- c:\program files\HJTInstall.exe
2009-08-13 09:23 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 09:23 . 2009-08-13 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 09:23 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 09:23 . 2009-08-13 09:23 3942048 ----a-w- c:\program files\mbam-setup.exe
2009-08-02 12:57 . 2009-08-02 12:57 -------- d-----w- c:\program files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 10:45 . 2007-12-16 14:01 -------- d-----w- c:\program files\Logitech
2009-08-02 12:58 . 2007-12-16 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 11:12 . 2009-03-19 14:25 -------- d-----w- c:\program files\Metin2_TESTER
2009-06-22 18:59 . 2008-11-21 18:25 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-22 18:59 . 2008-11-21 18:25 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-05-08 12:09 . 2009-05-08 12:09 1878888 ----a-w- c:\program files\install_flash_player.exe
.

------- Sigcheck -------

[7] 2007-10-11 06:10 667136 20DBD2AA8E1BC32BC8CAA03BD44F8D4E c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-11 06:14 805376 AB6525DB8A79B0C4EDB42DD43ACFEE0E c:\windows\system32\wininet.dll
[-] 2007-10-11 06:14 805376 AB6525DB8A79B0C4EDB42DD43ACFEE0E c:\windows\system32\dllcache\wininet.dll
[7] 2007-10-11 06:14 660480 11CAE3F562451FEDA69FEFE453657D2E c:\windows\VistaMizer\old\wininet.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\system32\winlogon.exe
[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\VistaMizer\old\winlogon.exe

[7] 2005-03-02 18:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:05 2059776 C80BCA19AA7D4DC37857E9F8250756DA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 16:04 2275328 892A3E52256DDF5727DD3E6E1CD265E7 c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 16:04 2275328 892A3E52256DDF5727DD3E6E1CD265E7 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2007-02-28 16:04 2017792 93E37139768C04883A21E3DF05508043 c:\windows\VistaMizer\old\ntkrnlpa.exe

[7] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:05 2182528 C09CA7FAFFC40BBFACEEB9F0F429F673 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 16:04 2395648 698E57EB4D72D85EE4C7B91729256096 c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 16:04 2395648 698E57EB4D72D85EE4C7B91729256096 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-02-28 16:04 2138112 9D657D9DF25593A930D29E6922354C75 c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\explorer.exe
[7] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 13:23 1033728 ED7B460B142A32097B8A8F6ECC941815 c:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\VistaMizer\old\ctfmon.exe

[7] 2007-10-30 09:58 3086848 F78A71834C592859A55513D7CD22C6E1 c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 10:19 3472384 6F5E46E259DC11D0B958EAEEAB901921 c:\windows\system32\mshtml.dll
[-] 2007-10-30 10:19 3472384 6F5E46E259DC11D0B958EAEEAB901921 c:\windows\system32\dllcache\mshtml.dll
[7] 2007-10-30 10:19 3079680 72A740DB336912F140C4C0F3C6E73EF9 c:\windows\VistaMizer\old\mshtml.dll

[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\system32\comres.dll
[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\system32\dllcache\comres.dll
[7] 2004-08-17 13:49 806912 B44F68274AB7B8A54E9AD74AFF0EFAAC c:\windows\VistaMizer\old\comres.dll

[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 15:51 617472 E26B26189B786E6B092F002041D5A1E2 c:\windows\VistaMizer\old\comctl32.dll
[7] 2001-09-20 13:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-17 13:48 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1825792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-22 73728]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 25088]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-1 625952]
Registration Assassin's Creed.LNK - d:\games\Register\RegistrationReminder.exe [2009-8-2 967304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-17 784912]
Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2008-11-9 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Bulanci\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\admin\\Dokumenty\\Downloads\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Games\\spel\\CS1.6\\hl.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"d:\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"d:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\AssassinsCreed_Dx9.exe"=
"d:\\Games\\AssassinsCreed_Dx10.exe"=
"d:\\Games\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64875:TCP"= 64875:TCP:BitTorrent

R0 Stlth317;Stlth317;c:\windows\system32\drivers\stlth317.sys [7.8.2002 17:00 83360]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 22:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 22:30 20560]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21.11.2008 20:25 13224]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [4.12.2008 17:16 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [4.12.2008 17:17 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [4.12.2008 17:17 97088]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [4.12.2008 17:17 86432]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\el3veq2z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 13:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1336601894-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-08-13 13:35
ComboFix-quarantined-files.txt 2009-08-13 11:35
ComboFix2.txt 2009-08-13 11:16

Před spuštěním: 4 411 633 664
Po spuštění: 4 394 135 552

224 --- E O F --- 2007-12-25 20:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:10, on 13.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Registration Assassin's Creed.LNK = D:\Games\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7745 bytes

pocitac je asi v poradku,zkusil jsem filmy,hry,hudbu,...vsechno ok akorat nejede AIMP 2 Player.Spravce uloh,Office vsechno jede:)

PC-HELP.CZ

prosím o pomoc vir trojan-spy.Win32.zbot.ikh

prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh

Re: prosím o pomoc vir trojan-spy.Win32.zbot.ikh