Prosím o kontrolu Vyřešeno

[vonyt]

Můžete se mi na to podívat?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:15, on 6.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\klara\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\stažené soubory\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\klara\Plocha\totalcmd\TotalCmd.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\klara\Dokumenty\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\STAENS~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Nová složka\stažené soubory\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IntelliScope] "C:\Program Files\CyberSnipa\Intelliscope Mouse\Panel.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\STAENS~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\STAENS~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\stažené soubory\Microsoft office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\stažené soubory\Microsoft office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\stažené soubory\Microsoft office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\stažené soubory\Microsoft office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7222002796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6447393-500A-4296-996D-6078639C084A}: NameServer = 10.0.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Nová složka\stažené soubory\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11557 bytes

[Reklama]

[memphisto]

Tak to je saigon ....

odinstaluj:
Ask Toolbar
ICQ Toolbar
Winamp Toolbar
Conduit Engine
Zynga Toolbar
MyAshampoo Toolbar
Nero Toolbar

v logu fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Nová složka\stažené soubory\Winamp\winampa.exe"
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7222002796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[vonyt]

Trochu to trvalo...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5473

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6.1.2011 22:25:08
mbam-log-2011-01-06 (22-24-42).txt

Typ kontroly: Rychlý test
Testované objekty: 154180
Uplynulý čas: 42 minut, 15 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\system32\calc.exe (Trojan.Agent.Gen) -> No action taken.

[memphisto]

A budeš to absolvovat ještě jednou

V Mbam proveď ještě jednou scan a nalezené nákazy dej smazat kromě toho calc.exe

Toto otestuj na Virustotal
c:\WINDOWS\system32\calc.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[vonyt]

No.. paráda:D dnes na to nemám už náladu tak dyštak zítra.. zatim díky

[memphisto]

On i Mbam, jako každý antivir, má falešnou detekci a raději to dělám takhle než smazat něco, co se mu nelíbilo. Třeba ten calc.exe je kalkulačka Windows, ale nemusí být. Může to být i šmejd, co se za ni maskuje. Zkontroluj to a dej sem odkaz na tu kontrolu. Ta nezabere ani minutu.

[vonyt]

Jde o to, že to je PC kámošky a ona tu už právěže neni.

[vonyt]

VirusTotal:
http://www.virustotal.com/file-scan/rep ... 1294414858

ComboFix:

ComboFix 11-01-06.06 - klara 07.01.2011 16:12:52.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.502.159 [GMT 1:00]
Spuštěný z: c:\documents and settings\klara\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\klara\Data aplikací\PriceGong
c:\documents and settings\klara\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\klara\Data aplikací\PriceGong\Data\z.xml
c:\windows\system32\Hook.dll

Nakažená kopie c:\windows\regedit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe

Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 13:17 . 2010-11-09 19:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C11CDA07-4589-49F2-85AE-D67028F82DB8}\mpengine.dll
2011-01-07 13:16 . 2009-08-06 18:24 209632 -c--a-w- c:\windows\system32\dllcache\wuweb.dll
2011-01-07 13:16 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2011-01-07 13:10 . 2011-01-07 13:10 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-06 20:41 . 2011-01-06 20:41 -------- d-----w- c:\documents and settings\klara\Data aplikací\Malwarebytes
2011-01-06 20:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 20:40 . 2011-01-06 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-06 20:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 19:19 . 2011-01-06 19:19 -------- d-----w- c:\documents and settings\klara\DoctorWeb
2011-01-06 18:49 . 2011-01-06 18:45 54251664 ----a-w- C:\launch.exe
2011-01-06 16:43 . 2011-01-06 16:46 -------- d-----w- c:\documents and settings\klara\Data aplikací\123 Free Solitaire
2011-01-06 14:40 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-06 14:34 . 2011-01-06 14:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 14:20 . 2011-01-06 14:20 -------- d-----w- c:\documents and settings\klara\Local Settings\Data aplikací\GHISLER
2011-01-05 21:10 . 2011-01-05 21:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-05 18:58 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-01-05 18:53 . 2011-01-05 18:58 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-05 18:53 . 2011-01-05 18:53 -------- d-----w- c:\program files\MSBuild
2011-01-05 18:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-05 18:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-05 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-05 18:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-05 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-05 18:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-05 18:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-05 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-03 21:12 . 2011-01-03 21:12 -------- d-----w- c:\program files\7-Zip
2011-01-03 21:02 . 2011-01-03 21:02 -------- d-----w- c:\documents and settings\klara\Data aplikací\GHISLER
2011-01-01 16:00 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-01 15:31 . 2011-01-02 12:32 -------- d-----w- c:\program files\DOSBox-0.63
2010-12-30 14:39 . 2010-12-30 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Badoo
2010-12-25 15:17 . 2007-08-21 08:39 27648 ----a-w- c:\windows\system32\drivers\GMFilter.sys
2010-12-25 15:17 . 2007-08-21 08:41 52080 ----a-w- c:\windows\system32\drivers\GMFilter(Amd64).sys
2010-12-25 15:17 . 2010-12-25 15:17 -------- d-----w- c:\program files\CyberSnipa
2010-12-25 15:17 . 2007-11-29 09:26 17477216 ----a-w- c:\windows\system32\XControlPad.dll
2010-12-25 15:16 . 2004-10-22 01:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-25 15:16 . 2004-10-22 01:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-25 15:16 . 2004-10-22 01:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-25 15:16 . 2004-10-22 01:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-25 15:16 . 2004-10-22 01:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-25 15:16 . 2010-12-25 15:16 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-25 15:16 . 2010-12-25 15:16 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-24 14:44 . 2010-12-25 08:27 -------- d-----w- c:\program files\123 Free Solitaire
2010-12-24 11:12 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-24 11:12 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-22 21:52 . 2010-12-22 21:52 -------- d-----w- c:\program files\TeamViewer
2010-12-12 09:49 . 2010-12-12 09:49 -------- d-----w- c:\documents and settings\klara\Data aplikací\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 21:04 . 2010-06-24 18:17 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-01 21:03 . 2010-06-24 18:17 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-01 21:03 . 2010-06-24 18:17 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 18:15 . 2010-06-19 09:46 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-19 22:27 1862272 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 20:25 . 2010-10-24 20:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-10-23 21:33 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelliScope"="c:\program files\CyberSnipa\Intelliscope Mouse\Panel.exe" [2007-11-29 282208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\stažené soubory\\Microsoft office\\Office14\\ONENOTE.EXE"=
"d:\\stažené soubory\\Microsoft office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Nová složka\\stažené soubory\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 GMFilter Filter;GMFilter Filter;c:\windows\system32\Drivers\GMFilter.sys [2007-08-21 27648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:20]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 06:46]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 06:46]

2011-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

2011-01-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2111687655-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2111687655-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2111687655-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2111687655-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\staens~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - d:\staens~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: {C6447393-500A-4296-996D-6078639C084A} = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\klara\Data aplikací\Mozilla\Firefox\Profiles\99s5n23x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Vyhledávání videí ve službě YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2475029&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-HijackThis - c:\documents and settings\klara\Dokumenty\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 16:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\SETUPAPI.dll
c:\windows\System32\sfc_os.dll
c:\windows\System32\COMRes.dll
c:\windows\System32\cscui.dll

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3232)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\docume~1\klara\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 16:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 15:36

Před spuštěním: 3 840 516 096
Po spuštění: 5 133 893 632

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DD69E7B45310000B2811685B3D099442

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\regedit.exe
c:\windows\system32\midimap.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

Jsou nějaké problémy?

[vonyt]

Regedit:
http://www.virustotal.com/file-scan/rep ... 1294431933

Midimap
http://www.virustotal.com/file-scan/rep ... 1294432055

ComboFix

ComboFix 11-01-06.06 - klara 07.01.2011 21:31:38.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.502.133 [GMT 1:00]
Spuštěný z: c:\documents and settings\klara\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\klara\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 13:17 . 2010-11-09 19:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C11CDA07-4589-49F2-85AE-D67028F82DB8}\mpengine.dll
2011-01-07 13:16 . 2009-08-06 18:24 209632 -c--a-w- c:\windows\system32\dllcache\wuweb.dll
2011-01-07 13:16 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2011-01-06 20:41 . 2011-01-06 20:41 -------- d-----w- c:\documents and settings\klara\Data aplikací\Malwarebytes
2011-01-06 20:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 20:40 . 2011-01-06 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-06 20:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 19:19 . 2011-01-06 19:19 -------- d-----w- c:\documents and settings\klara\DoctorWeb
2011-01-06 18:49 . 2011-01-06 18:45 54251664 ----a-w- C:\launch.exe
2011-01-06 16:43 . 2011-01-06 16:46 -------- d-----w- c:\documents and settings\klara\Data aplikací\123 Free Solitaire
2011-01-06 14:40 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-06 14:34 . 2011-01-06 14:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 14:20 . 2011-01-06 14:20 -------- d-----w- c:\documents and settings\klara\Local Settings\Data aplikací\GHISLER
2011-01-05 21:10 . 2011-01-05 21:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-05 18:58 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-01-05 18:53 . 2011-01-05 18:58 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-05 18:53 . 2011-01-05 18:53 -------- d-----w- c:\program files\MSBuild
2011-01-05 18:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-05 18:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-05 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-05 18:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-05 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-05 18:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-05 18:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-05 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-03 21:12 . 2011-01-03 21:12 -------- d-----w- c:\program files\7-Zip
2011-01-03 21:02 . 2011-01-03 21:02 -------- d-----w- c:\documents and settings\klara\Data aplikací\GHISLER
2011-01-01 16:00 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-01 15:31 . 2011-01-02 12:32 -------- d-----w- c:\program files\DOSBox-0.63
2010-12-30 14:39 . 2010-12-30 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Badoo
2010-12-25 15:17 . 2007-08-21 08:39 27648 ----a-w- c:\windows\system32\drivers\GMFilter.sys
2010-12-25 15:17 . 2007-08-21 08:41 52080 ----a-w- c:\windows\system32\drivers\GMFilter(Amd64).sys
2010-12-25 15:17 . 2010-12-25 15:17 -------- d-----w- c:\program files\CyberSnipa
2010-12-25 15:17 . 2007-11-29 09:26 17477216 ----a-w- c:\windows\system32\XControlPad.dll
2010-12-25 15:16 . 2004-10-22 01:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-25 15:16 . 2004-10-22 01:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-25 15:16 . 2004-10-22 01:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-25 15:16 . 2004-10-22 01:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-25 15:16 . 2004-10-22 01:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-25 15:16 . 2010-12-25 15:16 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-25 15:16 . 2010-12-25 15:16 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-24 14:44 . 2010-12-25 08:27 -------- d-----w- c:\program files\123 Free Solitaire
2010-12-24 11:12 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-24 11:12 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-22 21:52 . 2010-12-22 21:52 -------- d-----w- c:\program files\TeamViewer
2010-12-12 09:49 . 2010-12-12 09:49 -------- d-----w- c:\documents and settings\klara\Data aplikací\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 21:04 . 2010-06-24 18:17 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-01 21:03 . 2010-06-24 18:17 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-01 21:03 . 2010-06-24 18:17 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 18:15 . 2010-06-19 09:46 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:04 . 2008-10-19 22:27 1862272 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 20:25 . 2010-10-24 20:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-10-23 21:33 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2002-09-20 . D12F83B2037A01BB97A97F3EA54DD71F . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\60180\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2010-11-06 . 3AC8AB55B47DB51B07454A1D2246E7F7 . 3604480 . . [7.00.6000.17093] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3gdr\mshtml.dll
[-] 2010-11-06 . 839FFC69550E07EF43A94C932E49E520 . 3607040 . . [7.00.6000.21295] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3qfe\mshtml.dll
[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2010-06-24 . 2049A2958FE037E6AAEEF323AF7976DD . 3600896 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3gdr\mshtml.dll
[-] 2010-06-24 . 8A1385BF9CD3B394F266C8C5ACFEC5E0 . 3603968 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3qfe\mshtml.dll
[7] 2010-05-04 . 313C9A62085098043B441652B7491665 . 3600384 . . [7.00.6000.17063] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-05-04 . 67010C721CA0BA37D5B47E41393D4F13 . 3760640 . . [7.00.6000.17063] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . 67010C721CA0BA37D5B47E41393D4F13 . 3760640 . . [7.00.6000.17063] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[7] 2008-08-27 . 2ECA71D805E010713BE4EA0E86827410 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2008-08-26 . F1877EA1F348638E803DED6BEFB20637 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 . B552ADA48C2BA853872AFFCAC88A6513 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2010-11-06 . 43A169D0367A4105491A76C2AAE6A1FD . 832512 . . [7.00.6000.17093] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3gdr\wininet.dll
[-] 2010-11-06 . 2BB8C340B7D1293B88587D2C4B72506F . 841216 . . [7.00.6000.21295] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3qfe\wininet.dll
[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2010-06-24 . 805149680A8D2E91234D065BA4EAAB7A . 832512 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3gdr\wininet.dll
[-] 2010-06-24 . 5A2EC6E4AE30B8CAF53389A286E39C23 . 841216 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3qfe\wininet.dll
[7] 2010-05-04 . 1497FB3C1BC993A5F263FB57E0AD63D3 . 832512 . . [7.00.6000.17055] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-05-04 . 2AF7B76CF6FED9EEBAA01556D7001DC4 . 899072 . . [7.00.6000.17055] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . 2AF7B76CF6FED9EEBAA01556D7001DC4 . 899072 . . [7.00.6000.17055] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[7] 2008-08-26 . A74381B8D7024B2D8BB5691A93F825B8 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . 0930F57122FF74739E3684D0016877F1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2008-06-23 . 57BE3F6CA8282AC863C16862C1B65964 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-10-19 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2010-04-28 . 2FA1EF498F026847CF276DF9099ABE79 . 2069120 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-04-28 . 2FA1EF498F026847CF276DF9099ABE79 . 2069120 . . [5.1.2600.5973] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-04-28 . 995A48D050DA35740ED6DA3CA61FEA06 . 2230272 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-28 . 995A48D050DA35740ED6DA3CA61FEA06 . 2230272 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . DCC3D91A3DEDBBA9ECFFA6028D872CF5 . 2069120 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2008-10-19 . 5495B7902AE2EEE3A98D889E9A679724 . 2068224 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2010-10-18 . 72D1F43C4146D312B0DB6AB98C21340E . 634648 . . [7.00.6000.17093] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3gdr\iexplore.exe
[7] 2010-10-18 . DA6E1F0F1932B62DD2F6ED05541C555C . 634648 . . [7.00.6000.21295] . . c:\windows\SoftwareDistribution\Download\dd60fe5720881a53a69a138a26eaa4d9\sp3qfe\iexplore.exe
[7] 2010-08-25 . E5412ED9E07C42C20C48D3FF71E6B1E8 . 634648 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\iexplore.exe
[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\iexplore.exe
[7] 2010-06-17 . 203E897F843D56496E2CC101DFF6CE34 . 634656 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3gdr\iexplore.exe
[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\e574754c794d710f0c3b9c139e56b57f\sp3qfe\iexplore.exe
[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2010-04-16 . 917D73F3B6A4CE841A86859403D68CD2 . 507168 . . [7.00.6000.17055] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2010-04-28 . 91FE668957FF51A2DBCEE0D8637BA77E . 2192256 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-04-28 . 91FE668957FF51A2DBCEE0D8637BA77E . 2192256 . . [5.1.2600.5973] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-04-28 . 52A4AE8441ED4572E019B5C9A7175744 . 2353408 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 52A4AE8441ED4572E019B5C9A7175744 . 2353408 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 6B2312D847BA95F4E858CB4C3B5F51E1 . 2192256 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2008-10-19 . 2BCBCE27A946C057051A85CB032F49FF . 2191360 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-01-07_15.29.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 18:46 . 2011-01-07 18:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\73ae539155e71e3a5010fac0f6654711\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-01-07 18:48 . 2011-01-07 18:48 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\a06ee7193165a055dab98d1ea590ca84\System.Xml.Linq.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d2c3e573c18e0d4b2cf29898121e928f\System.Web.Routing.ni.dll
+ 2011-01-07 18:48 . 2011-01-07 18:48 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\38a8ab66aaad0500692cf0cc86a30bbf\System.Web.Entity.ni.dll
+ 2011-01-07 18:48 . 2011-01-07 18:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\0a12cfa24979b234a5996bacbeaf3fdb\System.Web.Entity.Design.ni.dll
+ 2011-01-07 18:48 . 2011-01-07 18:48 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2193f863397e0e52c01af66ded11397d\System.Web.DynamicData.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e9c320dd612abb2ebedc753900a154a5\System.Security.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\eb7e489ca80b6e21f3289fa29bf4bd63\System.Management.Instrumentation.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\f6f3f7a5166f23dedc43ff1f1f3a1e0c\System.Data.Services.Design.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\af4a0d47bf2b2a084a091efa338f4655\System.Data.Services.Client.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d11e960610673b7e7a4b5f8135f652f7\System.Data.Entity.Design.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\3e6fc40479a13542e7493bca4e276bf6\System.Data.DataSetExtensions.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2b4c4e22f6ab55528b03a09dfc9ed492\System.Configuration.ni.dll
+ 2011-01-07 18:48 . 2011-01-07 18:48 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0c219e1f22dc3d5e941b969415e4c2c8\System.Web.Extensions.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4b69895bd849ab6a089eabebc7fa6480\System.Deployment.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\06f11d4f68d2f4d77a86a71ab81feba0\System.Data.Services.ni.dll
+ 2011-01-07 18:47 . 2011-01-07 18:47 9902080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\56eea7f13c14082ba3fe61bbc06177d6\System.Data.Entity.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d6e098e4f156252e802673dd1834a370\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2961613c0d7aa2bfcbf23033b747f671\Microsoft.Build.Tasks.ni.dll
+ 2011-01-07 18:46 . 2011-01-07 18:46 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8585dae07443e33fe5f54fcd32e4eb80\System.ServiceModel.ni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelliScope"="c:\program files\CyberSnipa\Intelliscope Mouse\Panel.exe" [2007-11-29 282208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\stažené soubory\\Microsoft office\\Office14\\ONENOTE.EXE"=
"d:\\stažené soubory\\Microsoft office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Nová složka\\stažené soubory\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 7:52 14336]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [22.12.2010 22:52 2228008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 10:38 92008]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [25.12.2010 16:17 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.8.2010 7:46 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:20]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 06:46]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 06:46]

2011-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2111687655-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2011-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2111687655-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2111687655-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2111687655-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\staens~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - d:\staens~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: {C6447393-500A-4296-996D-6078639C084A} = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\klara\Data aplikací\Mozilla\Firefox\Profiles\99s5n23x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Vyhledávání videí ve službě YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2475029&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 21:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\SETUPAPI.dll
c:\windows\System32\sfc_os.dll
c:\windows\System32\COMRes.dll
c:\windows\System32\cscui.dll

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(452)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2011-01-07 21:42:33
ComboFix-quarantined-files.txt 2011-01-07 20:42
ComboFix2.txt 2011-01-07 15:36

Před spuštěním: 4 972 507 136
Po spuštění: 4 943 261 696

- - End Of File - - 88B4F3654D18C0968BC64ACAFEEBB16D





HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:00, on 7.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\stažené soubory\TeamSpeak 3 Client\ts3client_win32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Documents and Settings\klara\Plocha\totalcmd\TotalCmd.exe
D:\Nová složka\stažené soubory\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\STAENS~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliScope] "C:\Program Files\CyberSnipa\Intelliscope Mouse\Panel.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\STAENS~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\STAENS~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\stažené soubory\Microsoft office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\stažené soubory\Microsoft office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\stažené soubory\Microsoft office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\stažené soubory\Microsoft office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6447393-500A-4296-996D-6078639C084A}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Nová složka\stažené soubory\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6884 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\sfcfiles.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[vonyt]

Tady je link. http://www.virustotal.com/file-scan/rep ... 1294435362

Vše vypadá v pořádku. Dám teda fajfku.. díky moc oběma