Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Vallentino · Příspěvekod **Vallentino** » 20 dub 2009 18:46

kdyz zapnu pc, zacnou mi ve spravci naskakovat cmd.exe (desitky) dycky se mi je povede povypinat ale lepsi odstranit pricinu. A taky se mi tam potuluje Reader_s.exe, docet sem se ze je to peknej hajzl, zrejme taky pricina cetnejch problemu s pc, Prosim o kontrolu logu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:14, on 20.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\danik\reader_s.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\hhupd.exe,
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ZyXEL G-202.exe] "C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\danik\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - (no file)
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

--
End of file - 4315 bytes

Reklama

Příspěvekod **jaro3** » 20 dub 2009 20:49

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Vallentino · Příspěvekod **Vallentino** » 20 dub 2009 21:08

Log z Anti-Malware

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2014
Windows 5.1.2600 Service Pack 2

20.4.2009 21:07:21
mbam-log-2009-04-20 (21-07-18).txt

Typ skenu: Rychlý sken
Objektu skenováno: 102935
Uplynulý cas: 14 minute(s), 2 second(s)

Infikované procesy pameti: 7
Infikované pametové moduly: 1
Infikované klíce registru: 21
Infikované hodnoty registru: 7
Infikované položky dat registru: 4
Infikované složky: 2
Infikované soubory: 24

Infikované procesy pameti:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> No action taken.

Infikované pametové moduly:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\at1394 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdctxte (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdctxte (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcpsrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dhcpsrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\hhupd.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\hhupd.exe,) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> No action taken.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> No action taken.
C:\WINDOWS\system32\hhupd.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\at1394.sys (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Refpron) -> No action taken.
C:\WINDOWS\system32\Iasv32.dll (Dialer) -> No action taken.
C:\Documents and Settings\Danicek\reader_s.exe (Virus.Virut) -> No action taken.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> No action taken.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> No action taken.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> No action taken.
C:\Program Files\ThunMail\testabd.ex_ (Spyware.OnlineGamer) -> No action taken.
C:\Documents and Settings\Danielius\Plocha\Cheap Software.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Danielius\Plocha\MP3 Download.url (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> No action taken.

Příspěvekod **jaro3** » 20 dub 2009 21:12

No ani se nedivím, nemáš žádný antivir, po odvirování si něco pořiď..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Vallentino · Příspěvekod **Vallentino** » 20 dub 2009 23:37

Vyslednej Log z Anti-Malware

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2014
Windows 5.1.2600 Service Pack 2

20.4.2009 23:11:14
mbam-log-2009-04-20 (23-11-14).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 184370
Uplynulý cas: 1 hour(s), 13 minute(s), 19 second(s)

Infikované procesy pameti: 7
Infikované pametové moduly: 1
Infikované klíce registru: 21
Infikované hodnoty registru: 7
Infikované položky dat registru: 4
Infikované složky: 2
Infikované soubory: 31

Infikované procesy pameti:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Infikované pametové moduly:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\hhupd.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\hhupd.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.

Infikované soubory:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> Delete on reboot.
C:\Program Files\ThunMail\testabd.ex_ (Trojan.Agent2) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0002722.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003135.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003145.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danicek\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhupd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Refpron) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielius\Plocha\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielius\Plocha\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------------------------

a tady Log z Combo Fix

ComboFix 09-04-19.01 - danik 20.04.2009 23:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2047.1746 [GMT 2:00]
Spuštěný z: c:\documents and settings\danik\Dokumenty\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danielius\Data aplikací\BITS
c:\documents and settings\Danielius\Data aplikací\BITS\BITS.ini
c:\documents and settings\Danielius\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\Danielius\Data aplikací\BITS\ProxyList.ini
c:\windows\Install.txt
c:\windows\system32\bversion.dll
c:\windows\system32\IPHACTION.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\riphy.dll
.
---- Předchozí spuštění -------
.
c:\documents and settings\Danielius\Nabˇdka Start\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Nabˇdka Start\Search Online.url
c:\documents and settings\Danielius\Nabˇdka Start\SMS TRAP.url
c:\documents and settings\Danielius\Nabˇdka Start\VIP Casino.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\Search Online.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\SMS TRAP.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\VIP Casino.url
c:\documents and settings\Danielius\Plocha\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Plocha\Search Online.url
c:\documents and settings\Danielius\Plocha\SMS TRAP.url
c:\documents and settings\Danielius\Plocha\VIP Casino.url
c:\windows\ios.dat
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_PROTECT
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-20 do 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-20 21:23 . 2009-04-20 21:23 0 ------w c:\windows\system32\IpSvchostF.dll
2009-04-20 16:38 . 2009-04-20 16:38 -------- d-----w c:\program files\Trend Micro
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\danik\Data aplikací\Malwarebytes
2009-04-20 16:24 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 16:24 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-04-20 15:55 . 2009-04-20 15:55 -------- d--h--w C:\PEBakcup
2009-04-20 15:49 . 2009-04-20 16:00 -------- d-----w C:\PcwBak
2009-04-20 15:49 . 2009-04-20 16:04 -------- d-----w c:\program files\PC Washer
2009-04-20 14:17 . 2002-01-05 09:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-20 14:17 . 2002-01-05 03:40 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-20 14:17 . 2009-04-20 14:17 -------- d-----w c:\program files\AML Products
2009-04-20 14:17 . 2002-06-06 14:13 1077344 ----a-w c:\windows\system32\mscomctl.ocx
2009-04-20 14:17 . 2002-01-05 04:48 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-20 14:17 . 2000-05-22 14:58 608448 ----a-w c:\windows\system32\comctl32.ocx
2009-04-20 14:17 . 1998-12-24 18:23 40960 ----a-w c:\windows\system32\VBAME.DLL
2009-04-20 14:03 . 2009-04-20 14:05 46640 ----a-w c:\windows\system32\msln.exe
2009-04-20 14:00 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton
2009-04-20 13:46 . 2009-04-20 14:09 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Symantec
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\NortonInstaller
2009-04-19 14:36 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Identities
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\program files\ICQ6Toolbar
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\documents and settings\danik\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\program files\ICQ6.5
2009-04-18 04:23 . 2009-04-18 04:23 -------- d-----w c:\documents and settings\Danicek\Local Settings\Application Data\Opera
2009-04-17 12:29 . 2009-04-17 12:29 394 ----a-w c:\windows\system32\MRT.INI
2009-04-15 18:43 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-04-15 18:41 . 2009-04-15 18:41 -------- d-----w C:\NVIDIA
2009-04-15 17:53 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-15 13:18 . 2009-04-15 13:18 -------- d-----w c:\program files\7-Zip
2009-04-14 16:31 . 2003-02-21 11:42 348160 ----a-w c:\windows\system\msvcr71.dll
2009-04-13 14:55 . 2009-04-13 14:55 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Identities
2009-04-12 02:39 . 2009-04-12 02:39 -------- d-----w c:\program files\WinPcap
2009-04-12 02:18 . 2009-04-12 02:18 -------- d-----w c:\program files\LanqiEngine
2009-04-12 02:18 . 2009-04-12 02:18 735232 ----a-w c:\windows\system32\AdvOcr.dll
2009-04-11 22:20 . 2009-04-19 13:45 61440 ----a-w c:\windows\system32\tcpd.exe
2009-04-11 22:20 . 2009-04-11 22:20 982016 ----a-w c:\windows\system32\kernel32_check.dll
2009-04-11 22:20 . 2009-04-11 22:20 20480 ----a-w c:\windows\system32\AUTMGR.EXE
2009-04-11 22:19 . 2009-04-19 13:45 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-11 22:19 . 2009-04-11 22:19 172032 ----a-w c:\windows\system32\tcpcon.dll
2009-04-11 22:19 . 2009-04-11 22:19 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-11 22:19 . 2009-04-20 21:11 -------- d-----w c:\windows\dhcp
2009-04-11 22:18 . 2009-04-10 13:00 21704 ----a-w c:\windows\system32\kk.exe
2009-04-11 01:02 . 2008-06-20 10:44 138368 ----a-w c:\windows\system32\drivers\afd.sys
2009-04-11 01:02 . 2006-03-02 12:00 144896 ----a-w c:\windows\system32\schannel.dll
2009-04-11 01:02 . 2006-03-02 12:00 2150400 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-11 01:02 . 2006-03-02 12:00 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:01 . 2006-03-02 12:00 200064 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-11 01:01 . 2006-03-02 12:00 451456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 01:01 . 2006-03-02 12:00 336256 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-11 01:00 . 2006-03-02 12:00 1835904 ----a-w c:\windows\system32\win32k.sys
2009-04-11 01:00 . 2006-03-02 12:00 359040 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-11 01:00 . 2006-03-02 12:00 223616 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.003
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.003
2009-04-10 22:06 . 2009-04-10 22:06 -------- d-----w c:\documents and settings\Default User.WINDOWS.0\Local Settings\Application Data\Microsoft
2009-04-10 22:05 . 2009-04-10 22:05 -------- d-sh--w c:\documents and settings\All Users.WINDOWS.0\DRM
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Data aplikací\Ashampoo
2009-04-10 18:04 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Plocha
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\ashampoo
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ashampoo
2009-04-10 18:03 . 2009-04-10 18:03 -------- d-----w c:\program files\Ashampoo
2009-04-10 14:49 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS.0
2009-04-10 14:49 . 2009-04-10 22:05 -------- d-----w c:\documents and settings\All Users.WINDOWS.0
2009-04-10 14:42 . 2009-04-20 15:39 -------- d-----w C:\WINDOWS.0
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Opera
2009-04-10 05:27 . 2009-04-10 05:27 -------- d-----w c:\documents and settings\danik\Data aplikací\InstallShield
2009-04-10 05:24 . 2009-04-10 05:24 12328 ----a-w c:\documents and settings\danik\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-10 05:24 . 2009-04-10 05:24 -------- d-----w c:\documents and settings\danik\Data aplikací\vlc
2009-04-10 05:23 . 2009-04-13 21:53 -------- d-----w c:\documents and settings\danik\Data aplikací\dvdcss
2009-04-10 05:23 . 2009-04-10 14:38 -------- d-----r c:\documents and settings\All Users.WINDOWS\Dokumenty
2009-04-10 05:22 . 2009-04-10 05:22 940794 ----a-w c:\windows\system32\LoopyMusic.wav
2009-04-10 05:22 . 2009-04-10 05:22 146650 ----a-w c:\windows\system32\BuzzingBee.wav
2009-04-10 05:22 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací
2009-04-10 05:22 . 2009-04-10 05:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Šablony
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní tiskárny
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní síť
2009-04-10 05:21 . 2009-03-31 22:05 -------- d-----r c:\documents and settings\danik\Nabídka Start
2009-04-10 05:21 . 2009-03-31 20:12 -------- d--h--w c:\documents and settings\danik\Šablony
2009-04-10 05:21 . 2009-04-20 21:11 -------- d-----w c:\documents and settings\danik
2009-04-01 21:50 . 2009-04-20 21:23 208826 ----a-w c:\windows\system32\nvapps.xml
2009-04-01 21:50 . 2009-03-27 08:03 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-01 21:50 . 2009-03-27 08:03 19054 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-01 21:48 . 2004-08-17 13:49 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-01 21:47 . 2009-04-01 21:47 335872 ----a-w c:\windows\HideWin.exe
2009-04-01 21:47 . 2007-01-12 14:54 520192 ----a-w c:\windows\RtlExUpd.dll
2009-03-31 22:10 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-03-31 22:09 . 2004-08-17 15:43 58240 ----a-w c:\windows\system32\drivers\redbook.sys
2009-03-31 22:09 . 2004-08-03 22:31 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-03-31 22:09 . 2004-08-17 15:49 75264 ----a-w c:\windows\system32\usbui.dll
2009-03-31 22:04 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS
2009-03-31 22:03 . 2009-03-31 20:19 261 ----a-w c:\windows\system32\$winnt$.inf
2009-03-31 20:21 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:21 . 2009-04-14 16:43 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:21 . 2009-03-31 20:21 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.002
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.002
2009-03-31 20:18 . 2006-03-02 12:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
2009-03-31 20:17 . 2006-03-02 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20290.nls
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\WindowsLogon.manifest
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\cdplayer.exe.manifest
2009-03-31 20:15 . 2006-03-02 12:00 4399505 -c--a-w c:\windows\system32\dllcache\nls302en.lex
2009-03-31 20:13 . 2009-03-31 20:13 37 ----a-w c:\windows\vbaddin.ini
2009-03-31 20:13 . 2009-03-31 20:13 36 ----a-w c:\windows\vb.ini
2009-03-31 16:17 . 2009-03-31 16:17 -------- d-----w c:\program files\Alwil Software
2009-03-31 13:58 . 2009-03-31 16:10 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.001\Local Settings\Data aplikací\Microsoft
2009-03-31 13:58 . 2009-03-31 13:58 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.001
2009-03-31 13:58 . 2009-03-31 13:58 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.001\Data aplikací
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Data aplikací\Microsoft
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.001\Data aplikací
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.001
2009-03-30 20:08 . 2009-04-20 21:11 -------- d-----w c:\windows\system32\3361
2009-03-30 02:18 . 2009-03-30 20:07 -------- d-----w c:\program files\P2Pcontrol

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 15:39 . 2007-04-26 12:45 -------- d-----w c:\program files\Avanquest update
2009-04-19 13:46 . 2006-03-02 12:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-17 12:28 . 2009-04-17 12:28 262 ----a-w C:\gadhq2g.log
2009-04-15 18:44 . 2009-01-31 21:24 -------- d-----w c:\program files\AGEIA Technologies
2009-04-10 22:19 . 2009-04-01 21:48 -------- d-----w c:\program files\Realtek
2009-04-10 05:27 . 2009-01-30 17:49 -------- d-----w c:\program files\ZyXEL
2009-04-01 21:49 . 2006-03-02 12:00 46196 ----a-w c:\windows\system32\perfc005.dat
2009-04-01 21:49 . 2006-03-02 12:00 309990 ----a-w c:\windows\system32\perfh005.dat
2009-03-31 21:49 . 2009-03-31 20:16 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 20:14 . 2009-03-31 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-31 16:06 . 2007-03-27 10:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 20:20 . 2007-03-10 23:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:28 . 2009-03-08 01:49 -------- d-----w c:\program files\Rockstar Games2
2009-03-27 20:46 . 2009-02-01 02:40 -------- d-----w c:\program files\Java
2009-03-27 06:14 . 2009-04-01 21:49 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-16 12:18 . 2009-04-15 17:54 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-15 17:54 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-12 16:28 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-12 16:27 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-03-09 13:27 . 2009-04-15 17:54 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-03 22:47 . 2007-03-12 22:06 -------- d-----w c:\program files\Opera
2009-03-03 15:39 . 2009-02-21 15:53 2908 ----a-w C:\aaw7boot.log
2009-03-01 00:10 . 2009-03-01 00:09 -------- d-----w c:\documents and settings\Danielius\Data aplikací\fretsonfire
2009-02-28 01:46 . 2009-02-28 01:46 -------- d-----w c:\documents and settings\Danielius\Data aplikací\InstallShield Installation Information
2009-02-28 01:24 . 2009-02-28 01:18 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Lite
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Pro
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools
2009-02-28 00:45 . 2009-02-28 00:45 1371185 ----a-w C:\wrar380cz.exe
2009-02-23 23:27 . 2009-02-11 14:22 -------- d-----w c:\documents and settings\Danielius\Data aplikací\dvdcss
2009-02-21 03:37 . 2009-02-20 18:47 62912 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-02-20 18:55 . 2009-01-31 23:26 13504 ----a-w c:\documents and settings\Danielius\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-20 18:47 . 2009-02-20 18:47 -------- d-----w c:\program files\MSBuild
2009-02-20 18:44 . 2009-02-20 18:44 -------- d-----w c:\program files\Reference Assemblies
2009-02-09 07:42 . 2009-02-09 07:42 2919117 ----a-r C:\ComboFix.exe
2009-02-01 10:33 . 2006-03-02 12:00 250576 --sha-r C:\ntldr
.

------- Sigcheck -------

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\ndis.sys
[-] 2009-04-19 13:46 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-19 13:46 213376 0DF6D5181722BB65C6DE60C96884F60B c:\windows\system32\drivers\ndis.sys

[-] 2006-03-02 12:00 1051648 4D81BDC1590403D7F415DA4A37444A09 c:\windows\explorer.exe
[-] 2006-03-02 12:00 1051648 7B998E8DD902190D771530CEB5BCBBFD c:\windows\system32\dllcache\explorer.exe

[-] 2006-03-02 12:00 34304 45C54D8B7EF97F4934F8131294BF74E5 c:\windows\system32\ctfmon.exe
[-] 2006-03-02 12:00 34304 3801A980125DB083553ECE7147D51CDB c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 03:22 76800 4AE52A3ED124B3CE95BC863600939B14 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\spoolsv.exe
[-] 2006-03-02 12:00 76800 0FEC2AE8AD649040C2E696A87CEE035A c:\windows\system32\spoolsv.exe
[-] 2006-03-02 12:00 76800 3AD39738C38644AFE68CC270A475F04F c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 03:22 45056 D1191070416223C85701AAC081771F8D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\userinit.exe
[-] 2006-03-02 12:00 43520 B82298DA6C1E94200A917CA014099191 c:\windows\system32\userinit.exe
[-] 2006-03-02 12:00 43520 49EC6FB67B677F58D3E5D837878599B5 c:\windows\system32\dllcache\userinit.exe

[-] 2009-04-15 10:13 982016 601AECF6B4CBC99B1F30EA3355E7EFB2 c:\windows\system32\kernel32.dll
[7] 2006-03-02 12:00 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZyXEL G-202.exe"="c:\program files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe" [2007-04-04 10911744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 ghi5c6c;ghi5c6c; [x]
R1 qrt63e2;qrt63e2; [x]
R1 rta0e43;rta0e43; [x]
R3 restore;restore; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCNDIS5.SYS [2007-04-03 19072]
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2007-04-03 437760]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 23:30
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\tcpcon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\temp\BNC.tmp
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2009-04-20 23:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-20 21:33

Před spuštěním: Volných bajtů: 10 152 538 112
Po spuštění: Volných bajtů: 12 911 058 944

298 --- E O F --- 2009-04-20 13:27

Příspěvekod **jaro3** » 21 dub 2009 07:57

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\msln.exe
c:\windows\system32\tcpd.exe
c:\windows\system32\kernel32_check.dll
c:\windows\system32\AUTMGR.EXE
c:\windows\system32\tcpcon.dll
c:\windows\system32\kk.exe
C:\gadhq2g.log

Driver::
ghi5c6c
qrt63e2
rta0e43
restore

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Vallentino · Příspěvekod **Vallentino** » 21 dub 2009 17:54

Combo Fix

ComboFix 09-04-19.01 - danik 21.04.2009 17:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2047.1573 [GMT 2:00]
Spuštěný z: c:\documents and settings\danik\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\danik\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090401-0] *On-access scanning enabled* (Updated)
AV: G DATA InternetSecurity 2009 *On-access scanning disabled* (Outdated)
FW: G DATA Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\gadhq2g.log
c:\windows\system32\AUTMGR.EXE
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\kernel32_check.dll
c:\windows\system32\kk.exe
c:\windows\system32\msln.exe
c:\windows\system32\tcpcon.dll
c:\windows\system32\tcpd.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\danik\reader_s.exe
C:\gadhq2g.log
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.exe
c:\windows\Install.txt
c:\windows\system32\6to4v32.dll
c:\windows\system32\afisicx.exe
c:\windows\system32\at1394.sys
c:\windows\system32\AUTMGR.EXE
c:\windows\system32\bversion.dll
c:\windows\system32\comsa32.sys
c:\windows\system32\dpcxool64.sys
c:\windows\system32\fhpatch.dll
c:\windows\system32\IPHACTION.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\kernel32_check.dll
c:\windows\system32\kk.exe
c:\windows\system32\msln.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tcpcon.dll
c:\windows\system32\tcpd.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\w.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_GHI5C6C
-------\Legacy_QRT63E2
-------\Legacy_RTA0E43
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_6to4
-------\Service_afisicx
-------\Service_at1394
-------\Service_ghi5c6c
-------\Service_qrt63e2
-------\Service_restore
-------\Service_rta0e43
-------\Service_sopidkc
-------\Service_tdctxte

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 15:27 . 2009-04-21 15:27 -------- d-----w c:\documents and settings\Administrator
2009-04-21 01:02 . 2009-04-21 01:17 1374 ----a-w c:\windows\imsins.BAK
2009-04-20 23:04 . 2008-06-14 18:00 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-20 23:04 . 2008-06-14 18:00 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-20 23:00 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-20 22:51 . 2009-04-20 22:51 68296 ----a-w c:\windows\system32\drivers\GRD.sys
2009-04-20 22:26 . 2009-04-20 17:24 40960 ----a-w c:\windows\system32\xz.exe
2009-04-20 22:21 . 2009-04-20 22:21 50888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-04-20 22:21 . 2009-04-20 22:21 22272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys
2009-04-20 22:21 . 2009-04-20 22:21 50888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys
2009-04-20 22:21 . 2009-04-20 22:21 32200 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-04-20 22:19 . 2009-04-20 22:28 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\G DATA
2009-04-20 22:19 . 2009-04-20 22:20 -------- d-----w c:\program files\Common Files\G DATA
2009-04-20 22:19 . 2009-04-20 22:19 -------- d-----w c:\program files\G DATA
2009-04-20 21:48 . 2009-04-20 21:48 -------- d-----w c:\program files\The Professional Developer
2009-04-20 21:45 . 2009-04-20 21:45 -------- d-----w c:\documents and settings\danik\Data aplikací\Hermetic Systems
2009-04-20 21:42 . 2009-04-20 21:42 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Downloaded Installations
2009-04-20 21:38 . 2009-04-20 21:39 94208 ----a-w c:\windows\system32\TRSOCR.dll
2009-04-20 21:38 . 2009-04-20 21:38 1308 ----a-w c:\windows\system32\TRSOCR.ini
2009-04-20 21:38 . 2009-04-20 21:38 1308 ----a-w c:\windows\system32\TRSOCR.dat
2009-04-20 21:38 . 2009-04-20 21:38 10240 ----a-w c:\windows\system32\pack.dll
2009-04-20 21:34 . 2009-04-20 21:34 17376 ----a-w c:\windows\system32\drivers\lno0cc2.sys
2009-04-20 16:38 . 2009-04-20 16:38 -------- d-----w c:\program files\Trend Micro
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\danik\Data aplikací\Malwarebytes
2009-04-20 16:24 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 16:24 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-04-20 15:55 . 2009-04-20 15:55 -------- d--h--w C:\PEBakcup
2009-04-20 15:49 . 2009-04-20 16:00 -------- d-----w C:\PcwBak
2009-04-20 15:49 . 2009-04-20 16:04 -------- d-----w c:\program files\PC Washer
2009-04-20 14:17 . 2002-01-05 09:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-20 14:17 . 2002-01-05 03:40 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-20 14:17 . 2009-04-20 14:17 -------- d-----w c:\program files\AML Products
2009-04-20 14:17 . 2002-06-06 14:13 1077344 ----a-w c:\windows\system32\mscomctl.ocx
2009-04-20 14:17 . 2002-01-05 04:48 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-20 14:17 . 2000-05-22 14:58 608448 ----a-w c:\windows\system32\comctl32.ocx
2009-04-20 14:17 . 1998-12-24 18:23 40960 ----a-w c:\windows\system32\VBAME.DLL
2009-04-20 14:00 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton
2009-04-20 13:46 . 2009-04-20 14:09 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Symantec
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\NortonInstaller
2009-04-19 14:36 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Identities
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\program files\ICQ6Toolbar
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\documents and settings\danik\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\program files\ICQ6.5
2009-04-18 04:23 . 2009-04-18 04:23 -------- d-----w c:\documents and settings\Danicek\Local Settings\Application Data\Opera
2009-04-17 12:29 . 2009-04-17 12:29 394 ----a-w c:\windows\system32\MRT.INI
2009-04-15 18:43 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-04-15 18:41 . 2009-04-15 18:41 -------- d-----w C:\NVIDIA
2009-04-15 17:53 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-15 13:18 . 2009-04-15 13:18 -------- d-----w c:\program files\7-Zip
2009-04-14 16:31 . 2003-02-21 11:42 348160 ----a-w c:\windows\system\msvcr71.dll
2009-04-13 14:55 . 2009-04-13 14:55 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Identities
2009-04-12 02:39 . 2009-04-12 02:39 -------- d-----w c:\program files\WinPcap
2009-04-12 02:18 . 2009-04-12 02:18 -------- d-----w c:\program files\LanqiEngine
2009-04-12 02:18 . 2009-04-20 21:39 735232 ----a-w c:\windows\system32\AdvOcr.dll
2009-04-11 22:19 . 2009-04-19 13:45 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-11 22:19 . 2009-04-11 22:19 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-11 22:19 . 2009-04-20 21:11 -------- d-----w c:\windows\dhcp
2009-04-11 01:02 . 2008-08-14 09:51 138368 ----a-w c:\windows\system32\drivers\afd.sys
2009-04-11 01:02 . 2008-12-05 07:13 144896 ----a-w c:\windows\system32\schannel.dll
2009-04-11 01:02 . 2006-03-02 12:00 2150400 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-11 01:02 . 2006-03-02 12:00 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:01 . 2008-05-08 12:28 202752 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-11 01:01 . 2008-10-24 11:10 453632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 01:01 . 2008-12-11 11:57 333184 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-11 01:00 . 2009-02-09 14:19 1846272 ----a-w c:\windows\system32\win32k.sys
2009-04-11 01:00 . 2008-06-20 10:45 360320 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-11 01:00 . 2008-06-20 09:52 225920 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.003
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.003
2009-04-10 22:06 . 2009-04-10 22:06 -------- d-----w c:\documents and settings\Default User.WINDOWS.0\Local Settings\Application Data\Microsoft
2009-04-10 22:05 . 2009-04-10 22:05 -------- d-sh--w c:\documents and settings\All Users.WINDOWS.0\DRM
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Data aplikací\Ashampoo
2009-04-10 18:04 . 2009-04-20 22:21 -------- d-----w c:\documents and settings\All Users.WINDOWS\Plocha
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\ashampoo
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ashampoo
2009-04-10 18:03 . 2009-04-10 18:03 -------- d-----w c:\program files\Ashampoo
2009-04-10 14:49 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS.0
2009-04-10 14:49 . 2009-04-10 22:05 -------- d-----w c:\documents and settings\All Users.WINDOWS.0
2009-04-10 14:42 . 2009-04-20 15:39 -------- d-----w C:\WINDOWS.0
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Opera
2009-04-10 05:27 . 2009-04-10 05:27 -------- d-----w c:\documents and settings\danik\Data aplikací\InstallShield
2009-04-10 05:24 . 2009-04-10 05:24 12328 ----a-w c:\documents and settings\danik\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-10 05:24 . 2009-04-10 05:24 -------- d-----w c:\documents and settings\danik\Data aplikací\vlc
2009-04-10 05:23 . 2009-04-13 21:53 -------- d-----w c:\documents and settings\danik\Data aplikací\dvdcss
2009-04-10 05:23 . 2009-04-10 14:38 -------- d-----r c:\documents and settings\All Users.WINDOWS\Dokumenty
2009-04-10 05:22 . 2009-04-10 05:22 940794 ----a-w c:\windows\system32\LoopyMusic.wav
2009-04-10 05:22 . 2009-04-10 05:22 146650 ----a-w c:\windows\system32\BuzzingBee.wav
2009-04-10 05:22 . 2009-04-20 22:19 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací
2009-04-10 05:22 . 2009-04-10 05:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Šablony
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní tiskárny
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní síť
2009-04-10 05:21 . 2009-03-31 22:05 -------- d-----r c:\documents and settings\danik\Nabídka Start
2009-04-10 05:21 . 2009-03-31 20:12 -------- d--h--w c:\documents and settings\danik\Šablony
2009-04-10 05:21 . 2009-04-21 15:40 -------- d-----w c:\documents and settings\danik
2009-04-01 21:50 . 2009-04-21 15:45 208826 ----a-w c:\windows\system32\nvapps.xml
2009-04-01 21:50 . 2009-03-27 08:03 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-01 21:50 . 2009-03-27 08:03 19054 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-01 21:48 . 2004-08-17 13:49 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-01 21:47 . 2009-04-01 21:47 335872 ----a-w c:\windows\HideWin.exe
2009-04-01 21:47 . 2007-01-12 14:54 520192 ----a-w c:\windows\RtlExUpd.dll
2009-03-31 22:10 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-03-31 22:09 . 2004-08-17 15:43 58240 ----a-w c:\windows\system32\drivers\redbook.sys
2009-03-31 22:09 . 2004-08-03 22:31 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-03-31 22:09 . 2004-08-17 15:49 75264 ----a-w c:\windows\system32\usbui.dll
2009-03-31 22:04 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS
2009-03-31 22:03 . 2009-03-31 20:19 261 ----a-w c:\windows\system32\$winnt$.inf
2009-03-31 20:21 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:21 . 2009-04-14 16:43 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:21 . 2009-03-31 20:21 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.002
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.002
2009-03-31 20:18 . 2006-03-02 12:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
2009-03-31 20:17 . 2006-03-02 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20290.nls
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\WindowsLogon.manifest
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\sapi.cpl.manifest

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 22:36 . 2007-03-12 22:06 -------- d-----w c:\program files\Opera
2009-04-20 21:53 . 2006-03-02 12:00 68916 ----a-w c:\windows\system32\perfc005.dat
2009-04-20 21:53 . 2006-03-02 12:00 389938 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 15:39 . 2007-04-26 12:45 -------- d-----w c:\program files\Avanquest update
2009-04-19 13:46 . 2006-03-02 12:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-15 18:44 . 2009-01-31 21:24 -------- d-----w c:\program files\AGEIA Technologies
2009-04-10 22:19 . 2009-04-01 21:48 -------- d-----w c:\program files\Realtek
2009-04-10 05:27 . 2009-01-30 17:49 -------- d-----w c:\program files\ZyXEL
2009-03-31 21:49 . 2009-03-31 20:16 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 20:14 . 2009-03-31 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-31 16:06 . 2007-03-27 10:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 20:20 . 2007-03-10 23:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:28 . 2009-03-08 01:49 -------- d-----w c:\program files\Rockstar Games2
2009-03-27 20:46 . 2009-02-01 02:40 -------- d-----w c:\program files\Java
2009-03-27 06:14 . 2009-04-01 21:49 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-16 12:18 . 2009-04-15 17:54 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-15 17:54 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-12 16:28 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-12 16:27 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-03-09 13:27 . 2009-04-15 17:54 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-03 15:39 . 2009-02-21 15:53 2908 ----a-w C:\aaw7boot.log
2009-03-01 00:10 . 2009-03-01 00:09 -------- d-----w c:\documents and settings\Danielius\Data aplikací\fretsonfire
2009-02-28 01:46 . 2009-02-28 01:46 -------- d-----w c:\documents and settings\Danielius\Data aplikací\InstallShield Installation Information
2009-02-28 01:24 . 2009-02-28 01:18 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Lite
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Pro
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools
2009-02-28 00:45 . 2009-02-28 00:45 1371185 ----a-w C:\wrar380cz.exe
2009-02-23 23:27 . 2009-02-11 14:22 -------- d-----w c:\documents and settings\Danielius\Data aplikací\dvdcss
2009-02-21 03:37 . 2009-02-20 18:47 62912 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-02-20 18:55 . 2009-01-31 23:26 13504 ----a-w c:\documents and settings\Danielius\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-20 18:47 . 2009-02-20 18:47 -------- d-----w c:\program files\MSBuild
2009-02-20 18:44 . 2009-02-20 18:44 -------- d-----w c:\program files\Reference Assemblies
2009-02-20 08:32 . 2006-03-02 12:00 660480 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:32 . 2006-03-02 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 07:42 . 2009-02-09 07:42 2919117 ----a-r C:\ComboFix.exe
2009-02-03 20:11 . 2006-03-02 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 10:33 . 2006-03-02 12:00 250576 --sha-r C:\ntldr
.

------- Sigcheck -------

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\ndis.sys
[-] 2009-04-19 13:46 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-19 13:46 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\drivers\ndis.sys

[-] 2006-03-02 12:00 1051648 4D81BDC1590403D7F415DA4A37444A09 c:\windows\explorer.exe
[-] 2006-03-02 12:00 1051648 7B998E8DD902190D771530CEB5BCBBFD c:\windows\system32\dllcache\explorer.exe

[-] 2006-03-02 12:00 34304 45C54D8B7EF97F4934F8131294BF74E5 c:\windows\system32\ctfmon.exe
[-] 2006-03-02 12:00 34304 3801A980125DB083553ECE7147D51CDB c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 03:22 76800 4AE52A3ED124B3CE95BC863600939B14 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\spoolsv.exe
[-] 2006-03-02 12:00 76800 0FEC2AE8AD649040C2E696A87CEE035A c:\windows\system32\spoolsv.exe
[-] 2006-03-02 12:00 76800 3AD39738C38644AFE68CC270A475F04F c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 03:22 45056 D1191070416223C85701AAC081771F8D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\userinit.exe
[-] 2006-03-02 12:00 43520 B82298DA6C1E94200A917CA014099191 c:\windows\system32\userinit.exe
[-] 2006-03-02 12:00 43520 49EC6FB67B677F58D3E5D837878599B5 c:\windows\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZyXEL G-202.exe"="c:\program files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe" [2007-04-04 10911744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-22 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-22 993352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-04-20 22272]
R1 lno0cc2;lno0cc2;c:\windows\System32\drivers\lno0cc2.sys [2009-04-20 17376]
S1 aswSP;avast! Self Protection; [x]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-04-20 68296]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-22 650824]
S2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-22 386120]
S2 AVKWCtl;AntiVirus Monitor;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-04-20 50888]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-04-20 50888]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-04-20 32200]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCNDIS5.SYS [2007-04-03 19072]
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2007-04-03 437760]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ZDCNDIS5
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-reader_s - c:\documents and settings\danik\reader_s.exe
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 17:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6to4]
"ServiceDll"="c:\windows\system32\6to4v32.dll"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\afisicx]
"ImagePath"="c:\windows\system32\afisicx.exe"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\at1394]
"ImagePath"="\??\c:\windows\system32\at1394.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ghi5c6c]
"ImagePath"="\SystemRoot\System32\drivers\ghi5c6c.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qrt63e2]
"ImagePath"="\SystemRoot\System32\drivers\qrt63e2.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\restore]

--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rta0e43]
"ImagePath"="\SystemRoot\System32\drivers\rta0e43.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sopidkc]
"ImagePath"="c:\windows\system32\sopidkc.exe"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdctxte]
"ImagePath"="c:\windows\system32\tdctxte.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(976)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-04-21 17:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-21 15:48
ComboFix2.txt 2009-04-20 21:33

Před spuštěním: Volných bajtů: 10 096 275 456
Po spuštění: Volných bajtů: 10 180 550 656

358 --- E O F --- 2009-04-21 01:18

__________________________________________________________________________________________________
-----------------------------------------------------------------------------------------------------------------------------------------
Hi JackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:37, on 21.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ZyXEL G-202.exe] "C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - (no file)
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4239 bytes

Příspěvekod **jaro3** » 21 dub 2009 21:25

Pána boha zase jsi toho dost chytil, nechoď na pochybné stránky , nevkládej žádnou flešku...
Znova proveď sken MbAM, odstraň vše , co bude nalezeno a potom znovu ComboFix...

Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Re: Reader_s.exe a cmd.exe (Prosim o kontrolu LOGU)

Kdo je online