Prosím o kontrolu Vyřešeno

[PECHY15]

Nějak mi laguje net...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:39, on 5.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS.0\Explorer.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\1st Security Agent\newlock.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\WINDOWS.0\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS.0\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS.0\system32\csrcs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS.0\system32\PnkBstrB.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6808 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[PECHY15]

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3352
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5.2.2010 23:22:13
mbam-log-2010-02-05 (23-22-08).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 349722
Uplynulý čas: 1 hour(s), 41 minute(s), 45 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Předtim jsem ještě projižděl Avirou

Avira AntiVir Personal
Report file date: 5. února 2010 15:33

Scanning for 1727978 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PECHAL-4D98CE7E

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 22.1.2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 8.12.2009 16:37:51
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 13:57:15
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 13:56:54
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 17:13:35
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.1.2010 17:09:00
VBASE004.VDF : 7.10.3.76 2048 Bytes 26.1.2010 17:09:00
VBASE005.VDF : 7.10.3.77 2048 Bytes 26.1.2010 17:09:00
VBASE006.VDF : 7.10.3.78 2048 Bytes 26.1.2010 17:09:01
VBASE007.VDF : 7.10.3.79 2048 Bytes 26.1.2010 17:09:01
VBASE008.VDF : 7.10.3.80 2048 Bytes 26.1.2010 17:09:01
VBASE009.VDF : 7.10.3.81 2048 Bytes 26.1.2010 17:09:02
VBASE010.VDF : 7.10.3.82 2048 Bytes 26.1.2010 17:09:02
VBASE011.VDF : 7.10.3.83 2048 Bytes 26.1.2010 17:09:03
VBASE012.VDF : 7.10.3.84 2048 Bytes 26.1.2010 17:09:03
VBASE013.VDF : 7.10.3.85 2048 Bytes 26.1.2010 17:09:29
VBASE014.VDF : 7.10.3.122 172544 Bytes 29.1.2010 16:38:56
VBASE015.VDF : 7.10.3.149 79872 Bytes 1.2.2010 16:39:03
VBASE016.VDF : 7.10.3.174 68608 Bytes 3.2.2010 16:39:19
VBASE017.VDF : 7.10.3.199 76800 Bytes 4.2.2010 16:39:07
VBASE018.VDF : 7.10.3.200 2048 Bytes 4.2.2010 16:39:07
VBASE019.VDF : 7.10.3.201 2048 Bytes 4.2.2010 16:39:07
VBASE020.VDF : 7.10.3.202 2048 Bytes 4.2.2010 16:39:07
VBASE021.VDF : 7.10.3.203 2048 Bytes 4.2.2010 16:39:07
VBASE022.VDF : 7.10.3.204 2048 Bytes 4.2.2010 16:39:07
VBASE023.VDF : 7.10.3.205 2048 Bytes 4.2.2010 16:39:07
VBASE024.VDF : 7.10.3.206 2048 Bytes 4.2.2010 16:39:07
VBASE025.VDF : 7.10.3.207 2048 Bytes 4.2.2010 16:39:08
VBASE026.VDF : 7.10.3.208 2048 Bytes 4.2.2010 16:39:08
VBASE027.VDF : 7.10.3.209 2048 Bytes 4.2.2010 16:39:08
VBASE028.VDF : 7.10.3.210 2048 Bytes 4.2.2010 16:39:08
VBASE029.VDF : 7.10.3.211 2048 Bytes 4.2.2010 16:39:08
VBASE030.VDF : 7.10.3.212 2048 Bytes 4.2.2010 16:39:08
VBASE031.VDF : 7.10.3.213 20992 Bytes 4.2.2010 16:39:08
Engineversion : 8.2.1.158
AEVDF.DLL : 8.1.1.3 106868 Bytes 23.1.2010 16:47:19
AESCRIPT.DLL : 8.1.3.13 823674 Bytes 2.2.2010 16:39:07
AESCN.DLL : 8.1.4.0 127348 Bytes 28.1.2010 17:08:09
AESBX.DLL : 8.1.1.1 246132 Bytes 19.11.2009 13:57:20
AERDL.DLL : 8.1.3.4 479605 Bytes 1.12.2009 16:37:02
AEPACK.DLL : 8.2.0.5 422262 Bytes 17.1.2010 19:34:01
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 21.10.2009 19:42:55
AEHEUR.DLL : 8.1.1.4 2326899 Bytes 3.2.2010 16:43:17
AEHELP.DLL : 8.1.10.0 237942 Bytes 17.1.2010 19:33:54
AEGEN.DLL : 8.1.1.86 369012 Bytes 2.2.2010 16:39:06
AEEMU.DLL : 8.1.1.0 393587 Bytes 21.10.2009 19:42:35
AECORE.DLL : 8.1.11.1 184694 Bytes 2.2.2010 16:39:05
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8.12.2009 16:37:51
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 8.12.2009 16:37:51

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 5. února 2010 15:33

Starting search for hidden objects.
'64833' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ts3client_win32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\qtplugin.exe.vir
[DETECTION] Is the TR/Dldr.Piker.ajx Trojan
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\drivers\atapi.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP37\A0014240.exe
[DETECTION] Is the TR/Buzus.clad Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP42\A0014538.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP64\A0017197.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP66\A0017714.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP72\A0021236.exe
[DETECTION] Is the TR/Dldr.Piker.ZN Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP72\A0021424.exe
[DETECTION] Is the TR/Dldr.Piker.ajx Trojan
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP91\A0026212.exe
[DETECTION] Contains recognition pattern of the DR/Autoit.TC.431 dropper
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP91\A0026232.exe
[DETECTION] Contains recognition pattern of the DR/Autoit.TC.332 dropper
C:\WINDOWS.0\system32\soihna.exe
[DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\qtplugin.exe.vir
[DETECTION] Is the TR/Dldr.Piker.ajx Trojan
[NOTE] The file was moved to '4bdc5226.qua'!
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\drivers\atapi.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to '4bcd5226.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP37\A0014240.exe
[DETECTION] Is the TR/Buzus.clad Trojan
[NOTE] The file was moved to '4b9c51e2.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP42\A0014538.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '484f492b.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP64\A0017197.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4b9c51e3.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP66\A0017714.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48486034.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP72\A0021236.exe
[DETECTION] Is the TR/Dldr.Piker.ZN Trojan
[NOTE] The file was moved to '484913dc.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP72\A0021424.exe
[DETECTION] Is the TR/Dldr.Piker.ajx Trojan
[NOTE] The file was moved to '484a1be4.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP91\A0026212.exe
[DETECTION] Contains recognition pattern of the DR/Autoit.TC.431 dropper
[NOTE] The file was moved to '48440874.qua'!
C:\System Volume Information\_restore{F614E13E-D560-481B-9A37-3ACC613820FD}\RP91\A0026232.exe
[DETECTION] Contains recognition pattern of the DR/Autoit.TC.332 dropper
[NOTE] The file was moved to '484b002c.qua'!
C:\WINDOWS.0\system32\soihna.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bd55222.qua'!


End of the scan: 5. února 2010 18:13
Used time: 2:40:07 Hour(s)

The scan has been done completely.

13646 Scanned directories
556394 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
11 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
556381 Files not concerned
3661 Archives were scanned
2 Warnings
13 Notes
64833 Objects were scanned with rootkit scan
0 Hidden objects were found

[jaro3]

Příště musíš odinstalovat Combofix, rádce Ti to nedoporučil?

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Nebo

ComboFix se odinstaluje takto:

Start-Spustit a zadej ComboFix /Uninstall
Je to podle verze..

Vypni rez. ochranu u Aviry+deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zítra..

[PECHY15]

JJ, určitě doporučil... asi sem pospíchal nechal ho tam, nebo tak něco

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3352
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5.2.2010 23:40:44
mbam-log-2010-02-05 (23-40-44).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 349722
Uplynulý čas: 1 hour(s), 41 minute(s), 45 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Combofix dodam zitra... jinak chci ještě říct že ty problemy s netem ustaly po tom vyčištění avirou.

[jaro3]

Stejně Combofix aplikuj, třeba tam něco ještě je.

[PECHY15]

JJ combo ještě čistil... ja jen chtěl řict co z toho mi zpusobovalo problemy

ComboFix 10-02-05.02 - PECHY 05.02.2010 23:58:29.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1279.924 [GMT 1:00]
Spuštěný z: c:\documents and settings\PECHY\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *enabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS.0\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows.0\system32\AutoRun.inf
c:\windows.0\unins000.dat
c:\windows.0\unins000.exe

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-05 do 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-01-31 08:54 . 2010-01-31 08:54 -------- d-----w- C:\searchplugins
2010-01-31 08:54 . 2010-01-31 08:59 -------- d-----w- c:\program files\Ask.com
2010-01-31 08:54 . 2010-01-31 08:54 -------- d-----w- C:\FIND_MOZ_EXT
2010-01-30 08:54 . 2004-05-03 23:53 1645320 ----a-w- c:\windows.0\system32\gdiplus.dll
2010-01-30 08:54 . 2009-10-23 11:00 4236288 ----a-w- c:\windows.0\system32\PDFCreatorPilot.dll
2010-01-26 09:07 . 2010-01-30 09:17 -------- d-----w- C:\UCTO2010
2010-01-18 22:43 . 2010-01-18 22:43 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY\Oblíbené položky
2010-01-07 17:06 . 2010-02-02 19:45 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 19:07 . 2009-12-19 19:14 137464 ----a-w- c:\windows.0\system32\drivers\PnkBstrK.sys
2010-02-05 19:06 . 2009-12-19 19:14 214520 ----a-w- c:\windows.0\system32\PnkBstrB.exe
2010-02-05 14:26 . 2010-02-05 14:25 235 ----a-w- c:\documents and settings\PECHY\saskda.tmp
2010-02-05 14:24 . 2009-11-18 20:24 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2010-02-05 09:33 . 2006-12-16 10:11 -------- d-----w- c:\program files\RegVac Registry Cleaner
2010-01-26 13:17 . 2004-12-21 17:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-03 18:57 . 2009-02-27 18:07 -------- d-----w- c:\program files\Steam
2009-12-29 09:36 . 2009-10-18 13:36 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 19:49 . 2009-12-28 19:48 -------- d-----w- c:\program files\GIMP-2.0
2009-12-28 19:12 . 2005-09-30 12:39 -------- d-----w- c:\program files\IrfanView
2009-12-28 19:07 . 2009-12-28 19:02 -------- d-----w- c:\program files\GIMPshop
2009-12-26 10:30 . 2005-11-03 11:47 -------- d-----w- c:\program files\Babylon
2009-12-23 16:21 . 2007-10-17 19:32 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-23 10:05 . 2009-02-27 17:45 -------- d-----w- c:\program files\Valve
2009-12-21 20:02 . 2009-12-21 20:02 413696 ----a-w- c:\windows.0\system32\wrap_oal.dll
2009-12-21 20:02 . 2009-12-21 20:02 110592 ----a-w- c:\windows.0\system32\OpenAL32.dll
2009-12-21 20:02 . 2009-12-21 20:02 -------- d-----w- c:\program files\OpenAL
2009-12-21 20:01 . 2009-12-21 20:01 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-19 19:14 . 2009-12-19 19:14 75064 ----a-w- c:\windows.0\system32\PnkBstrA.exe
2009-12-19 19:08 . 2009-12-19 19:08 -------- d-----w- c:\program files\GamePark
2009-12-19 14:51 . 2009-12-19 14:51 -------- d-----w- c:\program files\Hamachi
2009-12-19 14:51 . 2009-12-19 14:51 17480 ----a-w- c:\windows.0\system32\drivers\hamachi.sys
2009-12-17 15:51 . 2009-12-17 15:51 -------- d-----w- c:\program files\THQ
2009-12-13 14:58 . 2009-12-13 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 13:47 . 2006-07-18 08:13 -------- d-----w- c:\program files\iTunes
2009-12-13 13:46 . 2006-07-18 08:13 -------- d-----w- c:\program files\iPod
2009-12-13 13:46 . 2009-10-16 21:57 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 13:42 . 2007-09-16 10:35 -------- d-----w- c:\program files\QuickTime
2009-12-12 14:48 . 2007-10-16 22:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-10 16:28 . 2009-10-18 11:45 -------- d-----w- c:\program files\Java
2009-12-08 16:37 . 2009-08-04 13:02 56816 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
2009-12-03 15:14 . 2009-12-13 14:58 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-13 14:58 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2008-09-22 18:11 . 2008-09-22 18:11 914305 ----a-w- c:\program files\PVD15.rar
2007-01-01 18:26 . 2007-01-01 18:25 40006376 ----a-w- c:\program files\ec_602pcsuite41.exe
2005-09-22 15:53 . 2006-11-18 12:40 718336 ----a-w- c:\program files\ABBYY FineReader 8.0 Professional Edition.msi
2003-04-21 13:09 . 2006-11-18 12:39 245408 ----a-w- c:\program files\unicows.dll
2002-03-11 10:06 . 2006-11-18 12:40 1822520 ----a-w- c:\program files\instmsiW.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Taśulda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RegVac.lnk - c:\program files\RegVac Registry Cleaner\regvac.exe [2006-12-16 2633216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\i_am_pechy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R1 SbFw;SbFw;c:\windows.0\system32\drivers\SbFw.sys [18.10.2009 20:39 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows.0\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.8.2009 14:02 108289]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows.0\system32\drivers\SbFwIm.sys [18.10.2009 20:39 65576]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-30 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-05 c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://portal.ozp.cz/obj/Signer.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Doplněk pro vytváření PDF dokumentů z Účta_is1 - c:\windows.0\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 00:11
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-02-06 00:16:04
ComboFix-quarantined-files.txt 2010-02-05 23:15
ComboFix2.txt 2009-12-23 16:16

Před spuštěním: 8 018 018 304
Po spuštění: 8 356 519 936

- - End Of File - - A8010ECD250126C5493EA9B63A346B05

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\documents and settings\PECHY\saskda.tmp
c:\program files\ec_602pcsuite41.exe
c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job
c:\program files\Ask.com\UpdateTask.exe
c:\windows.0\system32\d3d9caps.dat

Folder::
c:\program files\Ask.com

DirLook::
C:\FIND_MOZ_EXT

DDS:
uInternet Settings,ProxyOverride = *.local


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tuto stránku znáš?
hxxps://portal.ozp.cz/obj/

[PECHY15]

ComboFix 10-02-06.03 - PECHY 07.02.2010 11:52:42.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1279.877 [GMT 1:00]
Spuštěný z: c:\documents and settings\PECHY\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PECHY\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *enabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}

FILE ::
"c:\documents and settings\PECHY\Plocha\PECHY.exe"
"c:\documents and settings\PECHY\saskda.tmp"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\program files\ec_602pcsuite41.exe"
"c:\windows.0\system32\d3d9caps.dat"
"c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PECHY\Plocha\PECHY.exe
c:\documents and settings\PECHY\saskda.tmp
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ec_602pcsuite41.exe
c:\windows.0\system32\d3d9caps.dat
c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-07 do 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-01-31 08:54 . 2010-01-31 08:54 -------- d-----w- C:\searchplugins
2010-01-30 08:54 . 2004-05-03 23:53 1645320 ----a-w- c:\windows.0\system32\gdiplus.dll
2010-01-30 08:54 . 2009-10-23 11:00 4236288 ----a-w- c:\windows.0\system32\PDFCreatorPilot.dll
2010-01-26 09:07 . 2010-01-30 09:17 -------- d-----w- C:\UCTO2010
2010-01-18 22:43 . 2010-01-18 22:43 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY\Oblíbené položky

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 06:41 . 2006-12-16 10:11 -------- d-----w- c:\program files\RegVac Registry Cleaner
2010-02-06 20:00 . 2009-12-19 19:14 137464 ----a-w- c:\windows.0\system32\drivers\PnkBstrK.sys
2010-02-06 19:59 . 2009-12-19 19:14 214520 ----a-w- c:\windows.0\system32\PnkBstrB.exe
2010-02-02 19:45 . 2010-01-07 17:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-01-26 13:17 . 2004-12-21 17:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-03 18:57 . 2009-02-27 18:07 -------- d-----w- c:\program files\Steam
2009-12-29 09:36 . 2009-10-18 13:36 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 19:49 . 2009-12-28 19:48 -------- d-----w- c:\program files\GIMP-2.0
2009-12-28 19:12 . 2005-09-30 12:39 -------- d-----w- c:\program files\IrfanView
2009-12-28 19:07 . 2009-12-28 19:02 -------- d-----w- c:\program files\GIMPshop
2009-12-26 10:30 . 2005-11-03 11:47 -------- d-----w- c:\program files\Babylon
2009-12-23 16:21 . 2007-10-17 19:32 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-23 10:05 . 2009-02-27 17:45 -------- d-----w- c:\program files\Valve
2009-12-21 20:02 . 2009-12-21 20:02 413696 ----a-w- c:\windows.0\system32\wrap_oal.dll
2009-12-21 20:02 . 2009-12-21 20:02 110592 ----a-w- c:\windows.0\system32\OpenAL32.dll
2009-12-21 20:02 . 2009-12-21 20:02 -------- d-----w- c:\program files\OpenAL
2009-12-21 20:01 . 2009-12-21 20:01 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-19 19:14 . 2009-12-19 19:14 75064 ----a-w- c:\windows.0\system32\PnkBstrA.exe
2009-12-19 19:08 . 2009-12-19 19:08 -------- d-----w- c:\program files\GamePark
2009-12-19 14:51 . 2009-12-19 14:51 -------- d-----w- c:\program files\Hamachi
2009-12-19 14:51 . 2009-12-19 14:51 17480 ----a-w- c:\windows.0\system32\drivers\hamachi.sys
2009-12-17 15:51 . 2009-12-17 15:51 -------- d-----w- c:\program files\THQ
2009-12-13 14:58 . 2009-12-13 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 13:47 . 2006-07-18 08:13 -------- d-----w- c:\program files\iTunes
2009-12-13 13:46 . 2006-07-18 08:13 -------- d-----w- c:\program files\iPod
2009-12-13 13:46 . 2009-10-16 21:57 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 13:42 . 2007-09-16 10:35 -------- d-----w- c:\program files\QuickTime
2009-12-12 14:48 . 2007-10-16 22:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-10 16:28 . 2009-10-18 11:45 -------- d-----w- c:\program files\Java
2009-12-08 16:37 . 2009-08-04 13:02 56816 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
2009-12-03 15:14 . 2009-12-13 14:58 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-13 14:58 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2008-09-22 18:11 . 2008-09-22 18:11 914305 ----a-w- c:\program files\PVD15.rar
2005-09-22 15:53 . 2006-11-18 12:40 718336 ----a-w- c:\program files\ABBYY FineReader 8.0 Professional Edition.msi
2003-04-21 13:09 . 2006-11-18 12:39 245408 ----a-w- c:\program files\unicows.dll
2002-03-11 10:06 . 2006-11-18 12:40 1822520 ----a-w- c:\program files\instmsiW.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\FIND_MOZ_EXT ----



((((((((((((((((((((((((((((( SnapShot@2010-02-05_23.11.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 11:04 . 2010-02-07 11:04 16384 c:\windows.0\temp\Perflib_Perfdata_74c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Taśulda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RegVac.lnk - c:\program files\RegVac Registry Cleaner\regvac.exe [2006-12-16 2633216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\i_am_pechy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R1 SbFw;SbFw;c:\windows.0\system32\drivers\SbFw.sys [18.10.2009 20:39 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows.0\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.8.2009 14:02 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows.0\system32\drivers\SbFwIm.sys [18.10.2009 20:39 65576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-06 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://portal.ozp.cz/obj/Signer.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 12:05
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3188)
c:\windows.0\system32\nview.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\nvwddi.dll
c:\windows.0\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\PnkBstrA.exe
c:\windows.0\system32\PnkBstrB.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows.0\SOUNDMAN.EXE
c:\windows.0\system32\RUNDLL32.EXE
c:\windows.0\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-02-07 12:13:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-07 11:13
ComboFix2.txt 2010-02-05 23:16
ComboFix3.txt 2009-12-23 16:16

Před spuštěním: 8 772 198 400
Po spuštění: 8 759 570 432

- - End Of File - - 9DC9A3E0F8F824AB16E4F40980CCDB50

[jaro3]

Můžeš smazat prázdnou složku:
C:\FIND_MOZ_EXT

ComboFix se odinstaluje takto:

Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[PECHY15]

JJ, to už je všechno klasika... dik moc za pomoc