PC-HELP.CZ

Zdravim,
antivirusovy program pouzivam Free Avira Antivirus.
vcera mi ale vyhodil chybu na obrazku:
http://img197.imageshack.us/img197/742/avira.jpg
a od vtedy nejde spustit proces antivirusu. skusil som ho preinstalovat ale vyskakovala ta ista chyba. tak som skusil nainstalovat iny antivirus konkretne ESET smart security TEST, ale ten uz konci pri instalacii s chybovou hlaskou ze nie je mozne spustit ekrn.exe. Potom som skusal opet nainstalovat Aviru, ale ta sa momentalne len nainstaluje ale nejde spustit jej hlavny proces, cize nieco mi blokuje spustenie antivirusu. PC som vycistil pomocou ATF a CCleaner.

momentalne mam teda stav:
ESET nejde nainstalovat lebo sa neda spustit hlavny proces.
AVIRA sa nainstaluje, ale nejde spustit hlavny proces.
HJT mi uz momentalne tiez nejde spustit, ale prikladam log z poobedia ked este isiel

prikladam log z HJT a Combofix

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:44, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: TurboUpload Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rozšíření ovladače WMI Wmiodserv (Wmiodserv) - Qncjvuu Manhycjkqyc - C:\WINDOWS\system32\AMERICANw.exe

--
End of file - 7569 bytes

COMBOFIX

ComboFix 09-06-03.04 - admin 04.06.2009 16:37.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.592 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\1doc2pdf.dll
c:\windows\system32\Picclp32.dll
c:\windows\WINPROD.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-06-04 13:35 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-04 13:35 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-04 13:35 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\Avira
2009-06-04 13:30 . 2009-06-04 13:35 -------- d-----w- c:\windows\LastGood
2009-06-02 17:07 . 2009-06-03 13:01 32 --s-a-w- c:\windows\system32\2015827296.dat
2009-06-02 17:07 . 2009-06-02 17:07 51712 --sh--r- c:\windows\system32\AMERICANw.exe
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-21 22:48 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-06-04 09:23 . 2009-01-26 18:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 21:46 . 2007-01-12 14:44 -------- d-----w- c:\program files\ESET
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF93A29-A296-4AB0-9011-D85A559203B3}]
2007-10-09 14:33 2265088 ----a-w- c:\program files\TurboUpload\TurboUpload Toolbar\turboupload.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^rncsys32.exe]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\rncsys32.exe
backup=c:\windows\pss\rncsys32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.6.2009 15:35 108289]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S2 Wmiodserv;Rozšíření ovladače WMI Wmiodserv;c:\windows\system32\AMERICANw.exe srv --> c:\windows\system32\AMERICANw.exe srv [?]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - SSMDRV
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 16:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-04 16:43
ComboFix-quarantined-files.txt 2009-06-04 14:43

Před spuštěním: 6 626 025 472
Po spuštění: 6 607 810 560

150

pridavam este jeden log.

Malwarebytes' Anti-Malware 1.37
Verzia databázy: 2229
Windows 5.1.2600 Service Pack 2

4.6.2009 19:57:17
mbam-log-2009-06-04 (19-57-13).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 103411
Uplynutý cas: 2 minute(s), 54 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 97
Infikovaných registracných hodnôt: 3
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 3

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\TypeLib\{80d6fb4c-cb64-4d15-8d2e-60eaa27e6a8c} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90bb679a-397b-4e5b-82b7-15b3b82ee9ea} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{db5c32ae-46b0-4bc3-ba3f-bac10848437d} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3af93a29-a296-4ab0-9011-d85a559203b3} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3af93a29-a296-4ab0-9011-d85a559203b3} (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3af93a29-a296-4ab0-9011-d85a559203b3} (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (Adware.SoftMate) -> No action taken.
c:\WINDOWS\system32\AMERICANw.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\admin\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Potom odinstaluj jeden antivir.

Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes' Anti-Malware 1.37
Verzia databázy: 2229
Windows 5.1.2600 Service Pack 2

4.6.2009 20:27:03
mbam-log-2009-06-04 (20-27-03).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 103611
Uplynutý cas: 2 minute(s), 59 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 89
Infikovaných registracných hodnôt: 2
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 2

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
c:\WINDOWS\system32\AMERICANw.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\admin\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Po restartovani

Malwarebytes' Anti-Malware 1.37
Verzia databázy: 2229
Windows 5.1.2600 Service Pack 2

4.6.2009 20:35:46
mbam-log-2009-06-04 (20-35-46).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 103621
Uplynutý cas: 2 minute(s), 52 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

COMBOFIX

ComboFix 09-06-03.04 - admin 04.06.2009 20:38.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.644 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 17:51 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:51 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-06-02 17:07 . 2009-06-03 13:01 32 --s-a-w- c:\windows\system32\2015827296.dat
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-21 22:48 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-06-04 09:23 . 2009-01-26 18:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-03 21:46 . 2007-01-12 14:44 -------- d-----w- c:\program files\ESET
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^rncsys32.exe]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\rncsys32.exe
backup=c:\windows\pss\rncsys32.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S2 Wmiodserv;Rozšíření ovladače WMI Wmiodserv;c:\windows\system32\AMERICANw.exe srv --> c:\windows\system32\AMERICANw.exe srv [?]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 20:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-04 20:45
ComboFix-quarantined-files.txt 2009-06-04 18:44
ComboFix2.txt 2009-06-04 14:43

Před spuštěním: 6 603 993 088
Po spuštění: 6 589 767 680

133

Skusim este dat uplnu kontrolu toho mbAM a ak mi nieco najde, tak to mam tiez dat zmazat ??
a mam teraz po prebehnuti COMBOFIXu pouzit T-Cleaner.exe ??
potom skusim nainstalovat ten antivirus ci uz pojde.

Ještě log z HJT.

Odinstaluj jeden (nebo klidně) oba AV a vyčisti PC, registry a pak nainstaluj čistý AV. Čisti: CCleanerem, FCleanerem nebo si stáhni ATF Cleaner
(Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.(

Registry čistím já Wise Registry Cleanerem ↓ (je aj v slovenčine).

Po instalaci AV se podíváme na zbytky.

AV nemam momentalne ziadny, pretoze mi to nedovolilo nainstalovat nic. Sys som cistil poobede s tym ATF a CCleanerom. ale skusim este raz teraz, a stiahnem ten WGC.

tu je aktualny HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:47, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Plocha\putty.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rozšíření ovladače WMI Wmiodserv (Wmiodserv) - Unknown owner - C:\WINDOWS\system32\AMERICANw.exe (file missing)

--
End of file - 6976 bytes

Červený soubor zkontroluj na Virustotalu a dej sem odkaz na výsledek.

C:\Program Files\stickies\stickies.exe

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\2015827296.dat
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\d3d9caps.dat
c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\rncsys32.exe
c:\windows\pss\rncsys32.exeStartup
c:\windows\system32\AMERICANw.exe srv
c:\windows\system32\AMERICANw.exe
e:\NTGLM7X.sys

Folder::
c:\program files\ESET

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^rncsys32.exe]

Driver::
avgntflt
Wmiodserv;Rozšíření ovladače WMI Wmiodserv;
SetupNTGLM7X

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Pak nainstaluj nějaký antivir, nech ho udělat kontrolu při spuštění a napiš zda něco hlásil.
Já zatím zkontroluji nové logy co sem dáš.

Ten subor stickies.exe poznam, to je taky poznamkovy program, ktory pouzivam, tu je vypis z virustotalu:

http://www.virustotal.com/analisis/3b85 ... 1227100462

COMBOFIX

ComboFix 09-06-03.04 - admin 04.06.2009 21:39.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.599 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\Instal\Antivir\clean\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\rncsys32.exe"
"c:\windows\pss\rncsys32.exeStartup"
"c:\windows\system32\2015827296.dat"
"c:\windows\system32\AMERICANw.exe srv"
"c:\windows\system32\AMERICANw.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\drivers\avgntflt.sys"
"e:\NTGLM7X.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ESET
c:\program files\ESET\cache(3)\CACHE.NDB
c:\program files\ESET\cache(3)\FND0.NFI
c:\program files\ESET\cache(3)\FND1.NFI
c:\program files\ESET\cache(3)\FND2.NFI
c:\program files\ESET\cache(4)\CACHE.NDB
c:\program files\ESET\cache(4)\FND0.NFI
c:\program files\ESET\cache(4)\FND1.NFI
c:\program files\ESET\cache(4)\FND2.NFI
c:\program files\ESET\cache(4)\FND3.NFI
c:\program files\ESET\cache(4)\FND4.NFI
c:\program files\ESET\cache(4)\FND5.NFI
c:\program files\ESET\ESET Smart Security\em000_32.dat
c:\program files\ESET\ESET Smart Security\em001_32.dat
c:\program files\ESET\ESET Smart Security\em002_32.dat
c:\program files\ESET\ESET Smart Security\em003_32.dat
c:\program files\ESET\ESET Smart Security\em004_32.dat
c:\program files\ESET\ESET Smart Security\em005_32.dat
c:\program files\ESET\ESET Smart Security\em006_32.dat
c:\program files\ESET\ESET Smart Security\em008_32.dat
c:\program files\ESET\ESET Smart Security\em009_32.dat
c:\program files\ESET\ESET Smart Security\em010_32.dat
c:\program files\ESET\ESET Smart Security\em013_32.dat
c:\program files\ESET\Install\advheur.nup
c:\program files\ESET\Install\archs.nup
c:\program files\ESET\Install\engine.nup
c:\program files\ESET\Install\charon.nup
c:\program files\ESET\Install\main.dll
c:\program files\ESET\Install\mfc42.dll
c:\program files\ESET\Install\mfc42u.dll
c:\program files\ESET\Install\msvcrt.dll
c:\program files\ESET\Install\ntbaseen.nup
c:\program files\ESET\Install\ntineten.nup
c:\program files\ESET\Install\ntstden.nup
c:\program files\ESET\Install\pwscan.nup
c:\program files\ESET\Install\readme.txt
c:\program files\ESET\Install\setup.exe
c:\program files\ESET\Install\setup.xml
c:\program files\ESET\Install\utilmod.nup
c:\program files\ESET\logs(3)\virlog.dat
c:\program files\ESET\logs(3)\warnlog.dat
c:\program files\ESET\logs(4)\virlog.dat
c:\program files\ESET\logs(4)\warnlog.dat
c:\windows\pss\rncsys32.exeStartup
c:\windows\system32\2015827296.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\avgntflt.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 17:51 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:51 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 13:54 . 2009-06-04 13:54 -------- d-----w- c:\program files\CCleaner
2009-05-21 22:48 . 2009-05-21 22:48 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-18 20:54 . 2009-05-18 20:54 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:03 . 2008-10-13 20:26 -------- d-----w- c:\program files\VPHoldem
2009-05-22 07:49 . 2001-10-25 14:00 91812 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 07:49 . 2001-10-25 14:00 447588 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Classic Menu for Office
2009-04-21 12:58 . 2007-01-15 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-12 23:12 . 2009-03-12 23:12 1024 ----a-w- c:\windows\system32\pdfpg.dat
2008-01-31 16:12 . 2008-01-31 16:12 16496 --sha-w- c:\windows\system32\config\systemprofile\Data aplikací\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\stickies\stickies.exe [2006-3-29 348160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Software\\Games\\warcraft3\\w3\\Frozen Throne.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"d:\\qweto\\Games\\Quake III\\Quake\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\qweto\\DP\\HW\\Serial\\Terminal\\Terminal.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23210:TCP"= 23210:TCP:ares

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [16.1.2004 11:04 77312]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [3.8.2000 14:25 23296]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [25.11.2007 18:17 17072]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2.10.1998 10:20 5200]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [4.10.2008 19:33 510992]
S2 Wmiodserv;Rozšíření ovladače WMI Wmiodserv;c:\windows\system32\AMERICANw.exe srv --> c:\windows\system32\AMERICANw.exe srv [?]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [31.8.2003 16:27 53248]
S3 1394dcam;ActiveDcam Camera Driver;c:\windows\system32\DRIVERS\1394dcam.sys --> c:\windows\system32\DRIVERS\1394dcam.sys [?]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [18.9.2007 19:27 302848]
S3 bcam;Basler 1394 BCAM Camera Driver;c:\windows\system32\drivers\bcam.sys [6.7.2006 12:57 48640]
S3 DCamSony;Sony 1394 Camera(Feb 8 '05);c:\windows\system32\drivers\sonyfcam.sys [12.1.2007 18:20 84608]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [9.8.2008 15:32 4134]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11.1.2007 17:48 1014016]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [25.5.2005 0:23 7632]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [25.5.2005 0:26 18432]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);c:\windows\system32\drivers\SkyNetBDA.sys [4.10.2008 19:33 554128]
S3 sonydcam;Obecná kamera na rozhraní 1394;c:\windows\system32\drivers\sonydcam.sys [4.8.2004 1:09 25472]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
TCP: {6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1} = 213.81.223.241,213.151.236.66
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\3wo19z2a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32neur.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 21:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2200)
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-04 21:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-04 19:52
ComboFix2.txt 2009-06-04 18:45
ComboFix3.txt 2009-06-04 14:43

Před spuštěním: 6 612 094 976
Po spuštění: 6 468 243 456

201

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:00, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Plocha\Instal\Antivir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: - Download &this page with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addsellinks.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download selected images with WebCloner - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\addselimgs.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\Program Files\ProductsFoundry\WebCloner Standard 2.6\webcloner.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.2.2/PlayerPT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E1FB5CA-9945-4B6C-AB7F-FAB18A3E33D1}: NameServer = 213.81.223.241,213.151.236.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rozšíření ovladače WMI Wmiodserv (Wmiodserv) - Unknown owner - C:\WINDOWS\system32\AMERICANw.exe (file missing)

--
End of file - 6826 bytes

otazka k tomuto riadku HJT logu:
O23 - Service: Rozšíření ovladače WMI Wmiodserv (Wmiodserv) - Unknown owner - C:\WINDOWS\system32\AMERICANw.exe (file missing)

som pozeral ten subor a vobec neexistuje na PC.

antivirus som uz teraz uspesne nainstaloval
AVIRA free

prebieha scan disku, zatial bez nalezu viru.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc Wmiodserv start= disabled
sc stop Wmiodserv
sc delete Wmiodserv

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad
a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMSCAN]

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
File::
c:\windows\system32\AMERICANw.exe srv
c:\windows\system32\AMERICANw.exe

Driver::
Wmiodserv
Wmiodserv;Rozšíření ovladače WMI Wmiodserv
AMERICANw
AMERICANw.exe srv

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

PC-HELP.CZ

Nejde instal antivirus

Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus

Re: Nejde instal antivirus