Nejde instal antivirus Vyřešeno

[soviet]

ten BATak nejde spustit


C:\Documents and Settings\admin\Plocha>sc Wmiodserv start=disabled
*** Unrecognized Command ***
DESCRIPTION:
SC is a command line program used for communicating with the
NT Service Controller and services.
USAGE:
sc <server> [command] [service name] <option1> <option2>...

The option <server> has the form "\\ServerName"
Further help on commands can be obtained by typing: "sc [command]"
Commands:
query-----------Queries the status for a service, or
enumerates the status for types of services.
queryex---------Queries the extended status for a service, or
enumerates the status for types of services.
start-----------Starts a service.
pause-----------Sends a PAUSE control request to a service.
interrogate-----Sends an INTERROGATE control request to a service.
continue--------Sends a CONTINUE control request to a service.
stop------------Sends a STOP request to a service.
config----------Changes the configuration of a service (persistant).
description-----Changes the description of a service.
failure---------Changes the actions taken by a service upon failure.
qc--------------Queries the configuration information for a service.
qdescription----Queries the description for a service.
qfailure--------Queries the actions taken by a service upon failure.
delete----------Deletes a service (from the registry).
create----------Creates a service. (adds it to the registry).
control---------Sends a control to a service.
sdshow----------Displays a service's security descriptor.
sdset-----------Sets a service's security descriptor.
GetDisplayName--Gets the DisplayName for a service.
GetKeyName------Gets the ServiceKeyName for a service.
EnumDepend------Enumerates Service Dependencies.

The following commands don't require a service name:
sc <server> <command> <option>
boot------------(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock------------Locks the Service Database
QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

[Reklama]

[soviet]

ked pustim rucne takto, tak toto pise:

C:\Documents and Settings\admin>sc start wmiodserv disabled
[SC] StartService: OpenService FAILED 1060:

Zadaná slu


C:\Documents and Settings\admin>sc stop wmiodserv
[SC] OpenService FAILED 1060:

Zadaná slu

C:\Documents and Settings\admin>

[Damned]

Aha, moje chyba, zapoměl jsem mu říci co má dělat . Tak znovu a takto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad
a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config Wmiodserv start= disabled
sc stop Wmiodserv
sc delete Wmiodserv

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ
všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.

[soviet]

zatial logy z combo a HJT

ComboFix 09-06-04.04 - admin 04.06.2009 22:51.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.621 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32\AMERICANw.exe srv"
"c:\windows\system32\AMERICANw.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 19:58 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-04 19:58 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-04 19:58 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-04 19:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-04 19:58 . 2009-06-04 19:58 -------- d-----w- c:\program files\Avira
2009-06-04 17:51 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:51 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_14.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 19:58 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
- 2009-06-04 13:35 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.6.2009 21:58 108289]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S2 OMSCAN;OMSCAN;\Sysi --> \Sysi [?]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 22:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2009-06-04 23:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-04 21:04
ComboFix2.txt 2009-06-04 19:52
ComboFix3.txt 2009-06-04 18:45
ComboFix4.txt 2009-06-04 14:43

Před spuštěním: 6 311 723 008
Po spuštění: 6 298 787 840

158





HJT






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:15, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7201 bytes

[soviet]

no vykonany remove.bat, fix.reg
restartovany PC,
nanovo spusteny
COMBOFIX
ATF-Cleaner
T-Cleaner
HJT

a pripojene nove logy




COMBOFIX




ComboFix 09-06-04.04 - admin 04.06.2009 23:12.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.587 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 19:58 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-04 19:58 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-04 19:58 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-04 19:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-04 19:58 . 2009-06-04 19:58 -------- d-----w- c:\program files\Avira
2009-06-04 17:51 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:51 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_14.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 19:58 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
- 2009-06-04 13:35 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.6.2009 21:58 108289]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S2 OMSCAN;OMSCAN;\Sysg --> \Sysg [?]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 23:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1716)
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\ICQLite\ICQLiteShell.dll
.
Celkový čas: 2009-06-04 23:19
ComboFix-quarantined-files.txt 2009-06-04 21:18
ComboFix2.txt 2009-06-04 21:04
ComboFix3.txt 2009-06-04 19:52
ComboFix4.txt 2009-06-04 18:45
ComboFix5.txt 2009-06-04 21:11

Před spuštěním: 6 308 298 752
Po spuštění: 6 292 590 592

148





HJT




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:39, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7155 bytes

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:


Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[soviet]

je toto uz jedina chyba u mna ?
pretoze to som ja vypol notifikaciu aktualizacii, tak ci je potrebne vykonat este ten combofix ???

[soviet]

ale zakladny problem instalacie antivirusu sme odstranili.

tak teda diky moc za rady a spolupracu uz to vyzera fajn.

ak treba este ten combofix spustit, tak napis a hodim sem log, zatial to davam ako vyriesene.
Dik este raz

[Damned]

To by bylo vše, ten log už jen pro kontrolu.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

[soviet]

tak teda este logy pre kontrolu
combofix + HJT (ignoruj vypnutu notifikaciu aktualizacii win)

ak je to OK, tak odinstalujem CF a vycistim to s tymi cleanermi

este raz DIK MOC





COMBOFIX





ComboFix 09-06-04.04 - admin 05.06.2009 0:19.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.655 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 19:58 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-04 19:58 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-04 19:58 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-04 19:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-04 19:58 . 2009-06-04 19:58 -------- d-----w- c:\program files\Avira
2009-06-04 17:51 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:51 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.6.2009 21:58 108289]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 00:24
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-04 0:26
ComboFix-quarantined-files.txt 2009-06-04 22:26

Před spuštěním: 7 836 327 936
Po spuštění: 7 819 292 672

135






HJT





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:50, on 5.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\clean\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7103 bytes

[Damned]

Tak to je vše, už tam nic nevidím. Měj se

[soviet]

Dakujem, mate tu super podporu