PC-HELP.CZ

Ahoj,už několik dní mi vyskakuje internetová stránka sama od sebe,je to na nějaký antivir nebo nevím co,hned to vypínám radši


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:41, on 26.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kaul\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E514079C-4896-4DCC-A53F-CA93AD24743E}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RadClock - Unknown owner - C:\Program Files\RadLinker\RadClock.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 4700 bytes

Odinstaluj:
DAEMON Tools Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Zde je log


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26.4.2010 17:57:32
mbam-log-2010-04-26 (17-57-32).txt

Typ skenu: Rychlý sken
Skenované objekty: 106479
Uplynulý čas: 8 minuta(y), 5 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované složky: 1
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infikované složky:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infikované soubory:
C:\RECYCLER\S-1-5-21-1659004503-2111687655-1060284298-1004\Dc1\CRYPT.DLL (Hacktool) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Koukám , že nemáš antivir , pak si pořiď , třeba Aviru Free...

Vypni -deaktivuj Kerio.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Zde je log z MbAM


a zde je z Combofix
ComboFix 10-04-26.01 - Kaul 26.04.2010 19:07:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.310 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaul\Plocha\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\2yT6JPk3.exe
c:\windows\system32\winlogon.bak

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 13:43 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 13:42 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 13:42 . 2010-04-26 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:26 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-04-26 12:26 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-04-26 12:26 . 2010-04-26 12:26 -------- d-----w- c:\program files\Sunbelt Software
2010-04-25 14:20 . 2010-04-25 14:20 -------- d-----w- c:\program files\HLTooLz
2010-04-25 14:20 . 2010-04-25 14:20 249856 ------w- c:\windows\Setup1.exe
2010-04-25 14:20 . 2010-04-25 14:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-19 22:22 . 2010-04-19 22:22 -------- d-----w- c:\program files\Java
2010-04-17 11:42 . 2010-04-17 11:49 -------- d-----w- C:\Download
2010-04-17 11:42 . 2010-04-17 11:48 -------- d-----w- C:\tmpDownload
2010-04-17 11:41 . 2010-04-17 11:43 -------- d-----w- C:\YoutubeMusicDownloader
2010-04-16 19:55 . 2010-04-24 16:18 -------- d-----w- c:\program files\MSECache
2010-04-15 18:04 . 2010-04-15 18:04 -------- d-----w- c:\program files\Synth1
2010-04-15 18:03 . 2009-04-17 12:51 -------- d-----w- c:\documents and settings\Kaul\SuperWave
2010-04-14 19:18 . 2010-04-14 19:18 -------- d-----w- c:\program files\Opera
2010-04-14 19:07 . 2010-04-14 19:10 -------- d-----w- C:\DeusEx
2010-04-13 17:02 . 2010-04-13 17:02 -------- d-----w- c:\program files\GamePark
2010-04-13 17:01 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-04-13 16:56 . 2010-04-13 16:56 -------- d-----w- c:\program files\Mplayer
2010-04-13 16:54 . 2010-04-13 17:07 -------- d-----w- c:\program files\Quake III Arena
2010-04-13 16:38 . 2010-04-26 13:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-13 16:38 . 2010-04-13 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 16:38 . 2010-04-26 13:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-11 12:37 . 2010-04-11 12:37 -------- d-----w- c:\program files\Free WAV to MP3 Converter
2010-04-11 12:26 . 2010-04-11 12:26 -------- d-----w- c:\program files\Any Media to MP3 Converter
2010-04-11 11:16 . 2010-04-11 11:30 -------- d-----w- c:\program files\VirtualDJ
2010-04-11 10:18 . 2010-04-11 12:02 -------- d-----w- c:\program files\Native Instruments
2010-04-09 22:11 . 2010-04-09 22:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 04:41 . 2010-04-11 10:06 -------- d-----w- C:\VstPlugins
2010-04-09 04:41 . 2010-04-09 04:41 -------- d-----w- c:\program files\Outsim
2010-04-08 12:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-08 11:17 . 2003-12-28 19:58 54272 ----a-w- c:\windows\system32\KERNELH2.DLL
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\program files\MSBuild
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\program files\Reference Assemblies
2010-04-08 09:31 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-08 09:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-08 09:31 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-08 09:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-08 09:31 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-08 09:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-08 09:31 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-08 09:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-08 09:25 . 2010-04-08 09:25 -------- d-----w- c:\program files\MSXML 6.0
2010-04-07 10:00 . 2010-04-07 10:00 -------- d-----w- c:\program files\Jeskola Buzz
2010-04-07 09:59 . 2010-04-07 10:00 -------- d-----w- c:\program files\Buzz
2010-04-07 09:59 . 2010-04-07 10:04 -------- d-----w- c:\program files\Plugins
2010-04-07 09:37 . 2010-04-08 10:02 -------- d-----w- c:\documents and settings\Nová složka (2)
2010-04-05 10:06 . 2010-04-05 10:06 -------- d-----w- c:\windows\Downloaded Installations
2010-04-04 20:27 . 2010-04-04 20:27 -------- d-----w- c:\program files\Comodo
2010-04-04 20:23 . 2010-04-04 20:24 -------- d-----w- c:\program files\Common Files\COWON
2010-04-04 20:23 . 2010-04-04 20:24 -------- d-----w- c:\program files\JetAudio
2010-04-04 19:19 . 2010-04-04 19:19 -------- d-----w- c:\program files\WWAYM
2010-04-04 19:01 . 2003-04-07 11:07 217088 ----a-w- c:\windows\system32\rewire.dll
2010-04-04 19:00 . 2010-04-19 22:20 -------- d-----w- c:\program files\Image-Line
2010-04-04 18:48 . 2010-04-04 18:59 -------- d-----w- c:\program files\Postal2STP
2010-04-04 18:03 . 2010-04-26 13:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-04 16:04 . 2010-04-04 16:04 -------- d-----w- c:\program files\Xplosiv
2010-04-04 16:03 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-04 09:57 . 2010-04-04 09:57 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\RadLinker
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\MultiRes
2010-04-03 12:08 . 2010-04-03 12:07 724992 ----a-w- c:\windows\iun6002.exe
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\Radeon Omega Drivers v2.4.78a
2010-04-03 11:31 . 2010-04-04 10:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:21 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:21 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:21 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:21 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:17 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:17 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:13 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 09:41 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-02 22:32 . 2010-04-04 11:21 -------- d-----w- c:\program files\IObit
2010-04-02 22:16 . 2010-04-02 22:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 22:16 . 2010-04-02 22:16 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 21:56 . 2010-04-03 11:08 -------- d-----w- c:\program files\ATITool
2010-04-02 20:50 . 2010-04-02 20:50 -------- d-----w- c:\program files\Lavalys
2010-04-02 17:00 . 2010-04-25 13:49 -------- d-----w- c:\program files\Valve
2010-04-01 20:27 . 2010-04-02 17:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-01 20:26 . 2010-04-01 20:26 -------- d-----w- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 13:31 . 2006-03-02 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-04-26 08:53 . 2006-03-02 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-25 11:12 . 2010-04-01 06:07 -------- d-----w- c:\program files\ICQ7.1
2010-04-24 09:02 . 2010-04-19 22:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 09:47 . 2010-04-23 09:47 34304 ----a-w- c:\windows\Fonts\3OjaiA7.com
2010-04-21 08:15 . 2010-04-21 08:15 -------- d-----w- c:\program files\C-Media PCI Audio Device
2010-04-19 22:50 . 2010-04-19 22:23 -------- d-----w- c:\program files\VstPlugins
2010-04-19 22:25 . 2010-04-19 22:25 -------- d-----w- c:\program files\u-he
2010-04-19 22:24 . 2010-04-19 22:24 -------- d-----w- c:\program files\Common Files\Java
2010-04-12 11:33 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-04-12 11:33 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-04-04 20:23 . 2010-04-01 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 06:48 . 2010-04-01 05:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-01 06:48 . 2010-04-01 05:54 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-01 06:47 . 2010-04-01 05:54 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-01 06:08 . 2010-04-01 06:08 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-01 05:56 . 2010-04-01 05:56 -------- d-----w- c:\program files\microsoft frontpage
2010-04-01 05:51 . 2010-04-01 05:51 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 08:07 . 2006-03-02 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12 . 2006-03-02 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.


------- Sigcheck -------

[-] 2010-04-26 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-04-25 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.cpl" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\Kaul\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26.4.2010 14:26 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [26.4.2010 14:26 65576]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-23 c:\windows\Tasks\At1.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At10.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At11.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At12.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At13.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At14.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At15.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-24 c:\windows\Tasks\At16.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At17.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At18.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\At19.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At2.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-24 c:\windows\Tasks\At20.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At21.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At22.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At23.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At24.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At3.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At4.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At5.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At6.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At7.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At8.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-23 c:\windows\Tasks\At9.job
- c:\windows\Fonts\3OjaiA7.com [2010-04-23 09:47]

2010-04-26 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-04 11:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 19:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-26 19:30:59
ComboFix-quarantined-files.txt 2010-04-26 17:30

Před spuštěním: 1 967 607 808
Po spuštění: 1 997 250 560

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E3A6C44DBB67559AEC1460355A1900BB[/code]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tuto složku znáš:
c:\documents and settings\Nová složka (2)
?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\winlogon.exe
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

Zde je log z Combofix
ComboFix 10-04-26.01 - Kaul 27.04.2010 11:37:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.278 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaul\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kaul\Plocha\CFScript.txt

FILE ::
"c:\windows\Fonts\3OjaiA7.com"
"c:\windows\iun6002.exe"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At10.job"
"c:\windows\Tasks\At11.job"
"c:\windows\Tasks\At12.job"
"c:\windows\Tasks\At13.job"
"c:\windows\Tasks\At14.job"
"c:\windows\Tasks\At15.job"
"c:\windows\Tasks\At16.job"
"c:\windows\Tasks\At17.job"
"c:\windows\Tasks\At18.job"
"c:\windows\Tasks\At19.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At20.job"
"c:\windows\Tasks\At21.job"
"c:\windows\Tasks\At22.job"
"c:\windows\Tasks\At23.job"
"c:\windows\Tasks\At24.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
"c:\windows\Tasks\At5.job"
"c:\windows\Tasks\At6.job"
"c:\windows\Tasks\At7.job"
"c:\windows\Tasks\At8.job"
"c:\windows\Tasks\At9.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\2yT6JPk3.exe
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files\DAEMON Tools Toolbar\Resources\download.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files\DAEMON Tools Toolbar\Resources\home.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\map.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files\DAEMON Tools Toolbar\Resources\show.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\soft24.ico
c:\program files\DAEMON Tools Toolbar\Resources\soft24_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\Fonts\3OjaiA7.com
c:\windows\iun6002.exe
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-27 do 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 09:21 . 2010-04-27 09:25 -------- d-----w- c:\program files\Valve
2010-04-27 09:17 . 2010-04-27 09:28 -------- d-----w- C:\cs
2010-04-26 13:43 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 13:42 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 13:42 . 2010-04-26 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:26 . 2010-04-26 12:26 -------- d-----w- c:\program files\Sunbelt Software
2010-04-25 14:20 . 2010-04-25 14:20 -------- d-----w- c:\program files\HLTooLz
2010-04-25 14:20 . 2010-04-25 14:20 249856 ------w- c:\windows\Setup1.exe
2010-04-25 14:20 . 2010-04-25 14:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-19 22:22 . 2010-04-19 22:22 -------- d-----w- c:\program files\Java
2010-04-17 11:42 . 2010-04-17 11:49 -------- d-----w- C:\Download
2010-04-17 11:42 . 2010-04-17 11:48 -------- d-----w- C:\tmpDownload
2010-04-17 11:41 . 2010-04-17 11:43 -------- d-----w- C:\YoutubeMusicDownloader
2010-04-16 19:55 . 2010-04-24 16:18 -------- d-----w- c:\program files\MSECache
2010-04-15 18:04 . 2010-04-15 18:04 -------- d-----w- c:\program files\Synth1
2010-04-15 18:03 . 2009-04-17 12:51 -------- d-----w- c:\documents and settings\Kaul\SuperWave
2010-04-14 19:18 . 2010-04-14 19:18 -------- d-----w- c:\program files\Opera
2010-04-14 19:07 . 2010-04-14 19:10 -------- d-----w- C:\DeusEx
2010-04-13 17:02 . 2010-04-13 17:02 -------- d-----w- c:\program files\GamePark
2010-04-13 17:01 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-04-13 16:56 . 2010-04-13 16:56 -------- d-----w- c:\program files\Mplayer
2010-04-13 16:54 . 2010-04-13 17:07 -------- d-----w- c:\program files\Quake III Arena
2010-04-13 16:38 . 2010-04-13 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 16:38 . 2010-04-27 09:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-11 12:37 . 2010-04-11 12:37 -------- d-----w- c:\program files\Free WAV to MP3 Converter
2010-04-11 12:26 . 2010-04-11 12:26 -------- d-----w- c:\program files\Any Media to MP3 Converter
2010-04-11 11:16 . 2010-04-11 11:30 -------- d-----w- c:\program files\VirtualDJ
2010-04-11 10:18 . 2010-04-11 12:02 -------- d-----w- c:\program files\Native Instruments
2010-04-09 22:11 . 2010-04-09 22:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 04:41 . 2010-04-11 10:06 -------- d-----w- C:\VstPlugins
2010-04-09 04:41 . 2010-04-09 04:41 -------- d-----w- c:\program files\Outsim
2010-04-08 12:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-08 11:17 . 2003-12-28 19:58 54272 ----a-w- c:\windows\system32\KERNELH2.DLL
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\program files\MSBuild
2010-04-08 09:32 . 2010-04-08 09:32 -------- d-----w- c:\program files\Reference Assemblies
2010-04-08 09:31 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-08 09:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-08 09:31 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-08 09:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-08 09:31 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-08 09:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-08 09:31 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-08 09:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-08 09:25 . 2010-04-08 09:25 -------- d-----w- c:\program files\MSXML 6.0
2010-04-07 10:00 . 2010-04-07 10:00 -------- d-----w- c:\program files\Jeskola Buzz
2010-04-07 09:59 . 2010-04-07 10:00 -------- d-----w- c:\program files\Buzz
2010-04-07 09:59 . 2010-04-07 10:04 -------- d-----w- c:\program files\Plugins
2010-04-07 09:37 . 2010-04-08 10:02 -------- d-----w- c:\documents and settings\Nová složka (2)
2010-04-05 10:06 . 2010-04-05 10:06 -------- d-----w- c:\windows\Downloaded Installations
2010-04-04 20:27 . 2010-04-04 20:27 -------- d-----w- c:\program files\Comodo
2010-04-04 20:23 . 2010-04-04 20:24 -------- d-----w- c:\program files\Common Files\COWON
2010-04-04 20:23 . 2010-04-04 20:24 -------- d-----w- c:\program files\JetAudio
2010-04-04 19:19 . 2010-04-04 19:19 -------- d-----w- c:\program files\WWAYM
2010-04-04 19:01 . 2003-04-07 11:07 217088 ----a-w- c:\windows\system32\rewire.dll
2010-04-04 19:00 . 2010-04-19 22:20 -------- d-----w- c:\program files\Image-Line
2010-04-04 18:48 . 2010-04-04 18:59 -------- d-----w- c:\program files\Postal2STP
2010-04-04 18:03 . 2010-04-26 13:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-04 16:04 . 2010-04-04 16:04 -------- d-----w- c:\program files\Xplosiv
2010-04-04 16:03 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-04 09:57 . 2010-04-04 09:57 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\RadLinker
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\MultiRes
2010-04-03 12:08 . 2010-04-03 12:08 -------- d-----w- c:\program files\Radeon Omega Drivers v2.4.78a
2010-04-03 11:31 . 2010-04-04 10:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:21 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:21 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:21 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:21 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:17 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:17 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:13 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 09:41 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-02 22:32 . 2010-04-04 11:21 -------- d-----w- c:\program files\IObit
2010-04-02 21:56 . 2010-04-03 11:08 -------- d-----w- c:\program files\ATITool
2010-04-02 20:50 . 2010-04-02 20:50 -------- d-----w- c:\program files\Lavalys
2010-04-01 20:27 . 2010-04-02 17:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-01 20:26 . 2010-04-01 20:26 -------- d-----w- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 09:37 . 2010-04-01 06:07 -------- d-----w- c:\program files\ICQ7.1
2010-04-26 13:31 . 2006-03-02 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-04-26 08:53 . 2006-03-02 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-24 09:02 . 2010-04-19 22:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 08:15 . 2010-04-21 08:15 -------- d-----w- c:\program files\C-Media PCI Audio Device
2010-04-19 22:50 . 2010-04-19 22:23 -------- d-----w- c:\program files\VstPlugins
2010-04-19 22:25 . 2010-04-19 22:25 -------- d-----w- c:\program files\u-he
2010-04-19 22:24 . 2010-04-19 22:24 -------- d-----w- c:\program files\Common Files\Java
2010-04-12 11:33 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-04-12 11:33 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-04-04 20:23 . 2010-04-01 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 06:48 . 2010-04-01 05:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-01 06:48 . 2010-04-01 05:54 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-01 06:47 . 2010-04-01 05:54 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-01 05:56 . 2010-04-01 05:56 -------- d-----w- c:\program files\microsoft frontpage
2010-04-01 05:51 . 2010-04-01 05:51 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 08:07 . 2006-03-02 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12 . 2006-03-02 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2006-03-02 12:00 2183552 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2004-08-17 15:45 2060544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2010-04-26 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-26_17.19.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 09:47 . 2010-04-27 09:47 16384 c:\windows\temp\Perflib_Perfdata_710.dat
+ 2010-04-01 05:56 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2010-04-01 05:56 . 2009-05-26 09:01 18296 c:\windows\system32\spmsg.dll
+ 2010-04-03 11:21 . 2010-02-16 19:34 2183552 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-03 11:21 . 2010-02-16 19:34 2018816 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-04-03 11:21 . 2010-02-16 19:34 2060544 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-03 11:21 . 2010-02-16 19:34 2139136 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-04-01 133368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\Kaul\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Kaul\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\HijackThis.exe
AddRemove-Radeon Omega Drivers for Windows 2k-XPv2.4.78a - c:\windows\iun6002.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 11:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-27 11:53:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-27 09:53
ComboFix2.txt 2010-04-26 17:31

Před spuštěním: 2 361 733 120
Po spuštění: 2 354 728 960

- - End Of File - - 873CDC11023CA938CEA1BE4971DA535A


Zde je log z Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:46, on 27.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Kaul\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RadClock - Unknown owner - C:\Program Files\RadLinker\RadClock.exe

--
End of file - 2680 bytes


Zde je odkaz na stránku
http://www.virustotal.com/cs/analisis/be0872874fd83b4652fa29d4123bb5e326624b662b0246f4ab070d09083ec63f-1271802280

Tu složku v documents & settings znám,mám tam porno obrázky

//logy nedávej do code... jaro3

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Nevykašlem se na to už ??? .Tohle to pc budu mít jen do neděle,jinak okna už nevyskakujou,a vše jede jak má a ani csko mi nepadá do lišty díky moc.

Ok.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Příště si pořiď antivir free- Avira , Avast , AVG..

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.