Správce úloh

Teedok · Příspěvekod **Teedok** » 30 pro 2008 15:33

Ahoj nejde mi spustit správce úloh :-(

a v nabídce start mi chybí položka všechny programy(soubory).

zde je log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:19, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\A MARTIN\DO\Server.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\A MARTIN\MSPF10ENU\ShellHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1796396
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
R3 - URLSearchHook: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FFEA54F-09C8-4A54-9E41-3641F7BC8460} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9FA70636-4CFB-4CAE-85FF-D836C1783BC7} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DirectInputControl] "C:\A MARTIN\DO\Server.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ctl3pack - C:\WINDOWS\system32\ctl3pack.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Eset - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 13056 bytes

Reklama

Příspěvekod **jaro3** » 30 pro 2008 18:17

Máš tam dva antiviry?
AVG8 a toto je taky antivir:McAfee VirusScan ?
Něco odinstaluj.
Vypni rez. ochranu u antiviru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Teedok · Příspěvekod **Teedok** » 30 pro 2008 22:19

ComboFix 08-12-29.02 - user 2008-12-30 22:09:28.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.402 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Data aplikací\BITS
c:\documents and settings\user\Data aplikací\BITS\BITS.ini
c:\documents and settings\user\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\user\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080924111340.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080924111340.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080924111340.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080924111340.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080924111340.torrent.seeds
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925114303.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925114303.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925114303.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925114303.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925192043.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925192043.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925192043.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080925192043.torrent.seeds
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926145117.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926145117.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926145117.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926145117.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926151133.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926151133.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926151133.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080926151133.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080928130944.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080928130944.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080928130944.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20080928130944.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20081203195645.torrent.hybridlist
c:\documents and settings\user\Data aplikací\BITS\Torrent\20081207134025.torrent
c:\documents and settings\user\Data aplikací\BITS\Torrent\20081207134025.torrent.~tmp
c:\documents and settings\user\Data aplikací\BITS\Torrent\20081207134025.torrent.bits
c:\documents and settings\user\Data aplikací\BITS\Torrent\20081207134025.torrent.filelist
c:\documents and settings\user\Data aplikací\BITS\UPnP.ini
c:\documents and settings\user\Data aplikací\dach100.dll
c:\documents and settings\user\Data aplikací\PCPrivacyCleaner
c:\documents and settings\user\Data aplikací\PCPrivacyCleaner\Logs\scns.log
C:\install.exe
c:\windows\system32\fbtswcfn.ini
c:\windows\system32\hwwmvmwv.ini
c:\windows\system32\jerxwmwd.ini
c:\windows\system32\TAaJPXbc.ini
c:\windows\system32\TAaJPXbc.ini2
c:\windows\system32\uabiiehm.ini
c:\windows\system32\wtrxjdlv.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-28 do 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 15:15 . 2008-12-30 15:17 <DIR> d-------- c:\program files\Polda 3
2008-12-30 14:15 . 2008-12-30 14:15 <DIR> d-------- c:\windows\ERUNT
2008-12-30 13:24 . 2008-12-30 14:34 <DIR> d-------- C:\SDFix
2008-12-30 12:16 . 2007-12-01 16:30 <DIR> d-------- c:\program files\Polda
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\documents and settings\user\Data aplikací\Malwarebytes
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-30 08:45 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 08:45 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 08:19 . 2008-12-30 14:57 <DIR> d-------- c:\program files\Polda 2
2008-12-30 04:41 . 2008-12-30 04:41 <DIR> d-------- C:\Downloads
2008-12-29 21:48 . 2008-12-29 22:55 <DIR> d-------- c:\program files\Polda 5
2008-12-29 17:49 . 2008-12-29 17:49 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 13:30 . 2008-12-29 13:30 <DIR> d-------- c:\program files\Yahoo!
2008-12-29 13:29 . 2008-12-29 13:30 <DIR> d-------- c:\program files\CCleaner
2008-12-25 17:48 . 2008-12-25 17:48 <DIR> d-------- c:\program files\VIO1
2008-12-25 17:48 . 2008-12-25 17:48 <DIR> d-------- c:\program files\Conduit
2008-12-25 17:48 . 2008-12-25 17:48 65 --a------ C:\ioVIO.ini
2008-12-18 18:32 . 2008-12-18 18:32 <DIR> d-------- c:\windows\system32\Plugins
2008-12-18 06:20 . 2008-12-18 06:20 <DIR> d-------- c:\documents and settings\user\Data aplikací\aAvgApi
2008-12-16 23:13 . 2008-12-16 23:13 <DIR> d-------- c:\program files\Zoner
2008-12-16 23:13 . 2008-12-16 23:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\Zoner
2008-12-16 22:59 . 2008-12-16 22:58 164,848 --a------ c:\windows\system32\drivers\HookSys.sys
2008-12-16 22:59 . 2008-12-16 22:58 62,576 --a------ c:\windows\system32\drivers\HookNtos.sys
2008-12-16 22:59 . 2008-12-16 22:58 38,256 --a------ c:\windows\system32\drivers\HOOKREG.sys
2008-12-16 22:59 . 2008-12-16 22:58 30,704 --a------ c:\windows\system32\drivers\HookHelp.sys
2008-12-16 22:59 . 2008-12-16 22:58 13,808 --a------ c:\windows\system32\drivers\HookCont.sys
2008-12-16 22:44 . 2008-12-16 22:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-12-16 22:29 . 2008-12-16 22:29 <DIR> d-------- c:\program files\Opera
2008-12-07 14:03 . 2008-12-07 14:03 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-03 22:55 . 2007-11-15 23:42 164,144 --a------ c:\windows\system32\COMCT232.OCX
2008-12-03 22:55 . 2007-11-15 23:32 92,672 --a------ c:\windows\system32\dijpg.dll
2008-12-02 18:11 . 2008-12-02 18:11 <DIR> d-------- c:\program files\The_Pirate_Bay
2008-12-01 20:13 . 2008-12-17 21:01 <DIR> d-------- c:\program files\BitSpirit
2008-12-01 20:13 . 2008-12-01 20:13 <DIR> d-------- c:\documents and settings\user\Data aplikací\BitSpirit
2008-11-30 22:53 . 2008-11-30 22:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\2DBoy
2008-11-30 22:47 . 2008-12-23 17:48 <DIR> d-------- c:\program files\WorldOfGoo
2008-11-24 18:46 . 2008-12-16 22:59 <DIR> dr------- C:\RavBin
2008-11-24 18:46 . 2008-11-24 18:51 136 -r-hs---- C:\rising.ini
2008-11-24 18:45 . 2008-12-17 06:28 108 --a------ c:\windows\Rav.inf
2008-11-24 18:43 . 2008-11-24 18:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Rising
2008-11-24 18:43 . 2008-12-17 06:28 42 --a------ c:\windows\Rav.ini
2008-11-19 06:52 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-19 06:52 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 17:44 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2008-12-28 17:05 --------- d-----w c:\documents and settings\user\Data aplikací\XnView
2008-12-27 08:35 --------- d-----w c:\documents and settings\user\Data aplikací\U3
2008-12-25 12:18 --------- d-----w c:\documents and settings\user\Data aplikací\ICQ
2008-12-17 20:10 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-17 20:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2008-12-17 05:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 21:47 --------- d-----w c:\program files\Winamp
2008-12-16 21:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 19:58 --------- d-----w c:\program files\BitLord
2008-12-15 14:55 --------- d-----w c:\documents and settings\user\Data aplikací\uTorrent
2008-12-15 14:00 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-05 23:47 --------- d-----w c:\documents and settings\user\Data aplikací\Skype
2008-11-27 20:23 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2008-10-30 20:08 --------- d-----w c:\documents and settings\user\Data aplikací\Audacity
2008-09-23 04:31 39,424 ----a-w c:\windows\zipinst.exe
2008-06-10 14:02 920 ---ha-w c:\documents and settings\user\setup.bin
2008-06-10 14:02 36 ---ha-w c:\documents and settings\user\gameinf.bin
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-11-23 1784856]
"{01188d35-daf3-4a43-90aa-f1bf150207e6}"= "c:\program files\VIO1\tbVIO1.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CLASSES_ROOT\clsid\{01188d35-daf3-4a43-90aa-f1bf150207e6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01188d35-daf3-4a43-90aa-f1bf150207e6}]
2008-11-23 23:03 1784856 --a------ c:\program files\VIO1\tbVIO1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-11-23 23:03 1784856 --a------ c:\program files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-11-23 1784856]
"{01188d35-daf3-4a43-90aa-f1bf150207e6}"= "c:\program files\VIO1\tbVIO1.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"DirectInputControl"="c:\a martin\DO\Server.exe" [2004-10-24 694272]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ABExpress"="c:\documents and settings\All Users\Data aplikací\AB Studio\ABExpress.exe" [2007-06-12 143360]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"Edison"="c:\program files\Verdiem\Edison\Edison.exe" [2008-07-31 1795328]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\A MARTIN\\DO\\Server.exe"=
"c:\\A MARTIN\\Trackmania\\Trackmania United\\TrackMania United\\TmUnited.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\A MARTIN\\Trackmania nation forever\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\A MARTIN\\Utorrent\\uTorrent.exe"=
"c:\\A MARTIN\\CS 1.6\\hl.exe"=
"c:\\A MARTIN\\CS 1.6\\hltv.exe"=
"c:\\A MARTIN\\CS 1.6\\cstrike.exe"=
"c:\\A MARTIN\\CS 1.6\\hlds.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-16 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-16 62576]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-12-16 38256]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-16 164848]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-09-09 58048]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 edsvc;Edison Power Management Service;"c:\program files\Verdiem\Edison\edsvc.exe" [2008-07-31 75008]
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\windows\System32\DRIVERS\nxsIO32.sys [2008-08-12 2208]
R2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
S2 ERA_SERVER;Eset Remote Administrator Server;"c:\program files\Eset\Eset Remote Administrator\Server\era.exe" [2007-08-23 1205504]
S2 LF30FS;LF30FS;\??\c:\a martin\Lock\LF30XP.sys []
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2236-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2238-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2239-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2952c-8802-11dd-9343-0019dbb21520}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4da2549-824a-11dc-9073-0019dbb21520}]
\Shell\AutoRun\command - 8e9gmih.bat
\Shell\explore\Command - 8e9gmih.bat
\Shell\open\Command - 8e9gmih.bat
.
Obsah adresáře 'Naplánované úlohy'

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-26 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{1FFEA54F-09C8-4A54-9E41-3641F7BC8460} - (no file)
HKLM-Run-LFAgent - (no file)
Notify-ctl3pack - c:\windows\system32\ctl3pack.dll

.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1796396
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Compare Prices with &Dealio - c:\documents and settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{3015DB92-158E-4b77-9020-85C8E311FBB5} - c:\progra~1\CASINO~1\casino.exe
Trusted Zone: www.msi.com.tw

O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
c:\windows\Downloaded Program Files\MSIWDev.inf
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\3bsr3876.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UT ... f-divxd&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:14:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\EntApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\a martin\MSPF10ENU\PrfldSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2008-12-30 22:16:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-30 21:16:13

Před spuštěním: Volných bajtů: 94 362 976 256
Po spuštění: Volných bajtů: 94,476,095,488

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

298 --- E O F --- 2008-12-18 05:21:32

Teedok · Příspěvekod **Teedok** » 30 pro 2008 22:22

AVG mi nejde smazat...jinak je nefunkční.. :-(

.

a ten MCAfee se mi podařilo smáznout

Teedok · Příspěvekod **Teedok** » 30 pro 2008 23:00

super, všechno se mi rozchodilo....všechny programi, správce úloh atd...

jediné co mě trápí je mozilla...když ji spustím, objeví se mi okno a tam je napsáno

[Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsILocalFile.initWithPath]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: chrome://megaupload/content/xpcom/network.js :: anonymous :: line 38" data: no]

a když chci dát další záložku tak mi to píše

TypeError: browser is undefined

Argoneus · Příspěvekod **Argoneus** » 30 pro 2008 23:30

zkoušels jí přeinstalovat?

/přečti si prosím pravidla této sekce a jinak jestli můžu poprosit, dej si sestavu z podpisu do profilu a nebo alespoň na řádek. memphisto

Teedok · Příspěvekod **Teedok** » 30 pro 2008 23:43

jj mnohokrát, za starší i novější verze...

Příspěvekod **fredik** » 31 pro 2008 00:55

Počkal bych nejdříve až se dořeší logy, ještě to není OK.

Jinak přeinstalace ti nepomůže, pokud máš poškozený profil. Zkus nejdříve spustit prohlížeč v jeho Nouzovém režimu (Safe mode). Pokud by byl problém i v něm, tak si zkus vytvořit nový uživatelský profil. Jak se dostat do NZ, nebo vytvořit nový profil najdeš zde

Pokud by i pak problém pokračoval, tak bych ti doporučil se přeptat přímo na CZilla fórum
Dej pak vědět co případně pomohlo.

Teedok · Příspěvekod **Teedok** » 31 pro 2008 08:42

zde je log z HJT...teď si zkusím založit ten nový profil...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:41, on 31.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\A MARTIN\DO\Server.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Plocha\Martin\Ostatní\cryptload\CryptLoad.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1796396
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
R3 - URLSearchHook: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: VIO1 Toolbar - {01188d35-daf3-4a43-90aa-f1bf150207e6} - C:\Program Files\VIO1\tbVIO1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DirectInputControl] "C:\A MARTIN\DO\Server.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Eset - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10872 bytes

Příspěvekod **jaro3** » 31 pro 2008 09:38

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\Ndisprot.sys
c:\windows\system32\dijpg.dll
c:\windows\system32\sw20.exe
c:\windows\system32\sw24.exe
c:\windows\system32\winsys2.exe

Folder::
c:\program files\Common Files\Symantec Shared

Driver::
Ndisprot

Registry::
[-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[-HKEY_CLASSES_ROOT\clsid\{01188d35-daf3-4a43-90aa-f1bf150207e6}]
[-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4da2549-824a-11dc-9073-0019dbb21520}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"=-
"SW24"=-
"WinSys2"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\documents and settings\user\setup.bin
c:\documents and settings\user\gameinf.bin
c:\program files\VIO1\tbVIO1.dll

Teedok · Příspěvekod **Teedok** » 31 pro 2008 15:35

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:36, on 31.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\A MARTIN\DO\Server.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Plocha\Martin\Ostatní\cryptload\CryptLoad.exe
C:\Program Files\BitLord\BitLord.exe
C:\A MARTIN\MSPF10ENU\ShellHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1796396
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DirectInputControl] "C:\A MARTIN\DO\Server.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Eset - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\A MARTIN\MSPF10ENU\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10019 bytes

ComboFix

ComboFix 08-12-30.02 - user 2008-12-31 15:20:18.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.544 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\dijpg.dll
c:\windows\system32\drivers\Ndisprot.sys
c:\windows\system32\sw20.exe
c:\windows\system32\sw24.exe
c:\windows\system32\WinSys2.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081212.004\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20081214.003\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\hh
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinf.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.grd
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.sig
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat
c:\windows\system32\dijpg.dll
c:\windows\system32\drivers\Ndisprot.sys
c:\windows\system32\sw20.exe
c:\windows\system32\sw24.exe
c:\windows\system32\WinSys2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-28 do 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-30 15:15 . 2008-12-30 15:17 <DIR> d-------- c:\program files\Polda 3
2008-12-30 14:15 . 2008-12-30 14:15 <DIR> d-------- c:\windows\ERUNT
2008-12-30 13:24 . 2008-12-30 14:34 <DIR> d-------- C:\SDFix
2008-12-30 12:16 . 2007-12-01 16:30 <DIR> d-------- c:\program files\Polda
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\documents and settings\user\Data aplikací\Malwarebytes
2008-12-30 08:45 . 2008-12-30 08:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-30 08:45 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 08:45 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 08:19 . 2008-12-30 14:57 <DIR> d-------- c:\program files\Polda 2
2008-12-30 04:41 . 2008-12-30 04:41 <DIR> d-------- C:\Downloads
2008-12-29 21:48 . 2008-12-29 22:55 <DIR> d-------- c:\program files\Polda 5
2008-12-29 17:49 . 2008-12-29 17:49 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 13:30 . 2008-12-29 13:30 <DIR> d-------- c:\program files\Yahoo!
2008-12-29 13:29 . 2008-12-29 13:30 <DIR> d-------- c:\program files\CCleaner
2008-12-25 17:48 . 2008-12-25 17:48 <DIR> d-------- c:\program files\VIO1
2008-12-25 17:48 . 2008-12-25 17:48 65 --a------ C:\ioVIO.ini
2008-12-18 18:32 . 2008-12-18 18:32 <DIR> d-------- c:\windows\system32\Plugins
2008-12-18 06:20 . 2008-12-18 06:20 <DIR> d-------- c:\documents and settings\user\Data aplikací\aAvgApi
2008-12-16 23:13 . 2008-12-16 23:13 <DIR> d-------- c:\program files\Zoner
2008-12-16 23:13 . 2008-12-16 23:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\Zoner
2008-12-16 22:59 . 2008-12-16 22:58 164,848 --a------ c:\windows\system32\drivers\HookSys.sys
2008-12-16 22:59 . 2008-12-16 22:58 62,576 --a------ c:\windows\system32\drivers\HookNtos.sys
2008-12-16 22:59 . 2008-12-16 22:58 38,256 --a------ c:\windows\system32\drivers\HOOKREG.sys
2008-12-16 22:59 . 2008-12-16 22:58 30,704 --a------ c:\windows\system32\drivers\HookHelp.sys
2008-12-16 22:59 . 2008-12-16 22:58 13,808 --a------ c:\windows\system32\drivers\HookCont.sys
2008-12-16 22:44 . 2008-12-16 22:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-12-16 22:29 . 2008-12-16 22:29 <DIR> d-------- c:\program files\Opera
2008-12-03 22:55 . 2007-11-15 23:42 164,144 --a------ c:\windows\system32\COMCT232.OCX
2008-12-02 18:11 . 2008-12-02 18:11 <DIR> d-------- c:\program files\The_Pirate_Bay
2008-12-01 20:13 . 2008-12-17 21:01 <DIR> d-------- c:\program files\BitSpirit
2008-12-01 20:13 . 2008-12-01 20:13 <DIR> d-------- c:\documents and settings\user\Data aplikací\BitSpirit
2008-11-30 22:53 . 2008-11-30 22:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\2DBoy
2008-11-30 22:47 . 2008-12-23 17:48 <DIR> d-------- c:\program files\WorldOfGoo
2008-11-24 18:46 . 2008-12-16 22:59 <DIR> dr------- C:\RavBin
2008-11-24 18:46 . 2008-11-24 18:51 136 -r-hs---- C:\rising.ini
2008-11-24 18:45 . 2008-12-17 06:28 108 --a------ c:\windows\Rav.inf
2008-11-24 18:43 . 2008-11-24 18:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Rising
2008-11-24 18:43 . 2008-12-17 06:28 42 --a------ c:\windows\Rav.ini
2008-11-19 06:52 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-19 06:52 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:13 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2008-12-31 07:01 --------- d-----w c:\program files\Scorpions WinCheater
2008-12-30 21:40 --------- d-----w c:\program files\Common Files\Network Associates
2008-12-28 17:05 --------- d-----w c:\documents and settings\user\Data aplikací\XnView
2008-12-27 08:35 --------- d-----w c:\documents and settings\user\Data aplikací\U3
2008-12-25 12:18 --------- d-----w c:\documents and settings\user\Data aplikací\ICQ
2008-12-17 20:10 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-17 20:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2008-12-16 21:47 --------- d-----w c:\program files\Winamp
2008-12-16 21:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 19:58 --------- d-----w c:\program files\BitLord
2008-12-15 14:55 --------- d-----w c:\documents and settings\user\Data aplikací\uTorrent
2008-12-15 14:00 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-05 23:47 --------- d-----w c:\documents and settings\user\Data aplikací\Skype
2008-11-27 20:23 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2008-10-30 20:08 --------- d-----w c:\documents and settings\user\Data aplikací\Audacity
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 04:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 18:55 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 18:52 418,480 ----a-w c:\windows\system32\wrap_oal.dll
2008-09-25 18:52 115,432 ----a-w c:\windows\system32\OpenAL32.dll
2008-09-23 04:31 39,424 ----a-w c:\windows\zipinst.exe
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-06-10 14:02 920 ---ha-w c:\documents and settings\user\setup.bin
2008-06-10 14:02 36 ---ha-w c:\documents and settings\user\gameinf.bin
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"DirectInputControl"="c:\a martin\DO\Server.exe" [2004-10-24 694272]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ABExpress"="c:\documents and settings\All Users\Data aplikací\AB Studio\ABExpress.exe" [2007-06-12 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-01-11 39792]
"Edison"="c:\program files\Verdiem\Edison\Edison.exe" [2008-07-31 1795328]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\A MARTIN\\DO\\Server.exe"=
"c:\\A MARTIN\\Trackmania\\Trackmania United\\TrackMania United\\TmUnited.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\A MARTIN\\Trackmania nation forever\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\A MARTIN\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=
"c:\\A MARTIN\\CS 1.6 +bots\\hl.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-16 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-16 62576]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-12-16 38256]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-16 164848]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 edsvc;Edison Power Management Service;"c:\program files\Verdiem\Edison\edsvc.exe" [2008-07-31 75008]
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\windows\System32\DRIVERS\nxsIO32.sys [2008-08-12 2208]
R2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
S2 ERA_SERVER;Eset Remote Administrator Server;"c:\program files\Eset\Eset Remote Administrator\Server\era.exe" [2007-08-23 1205504]
S2 LF30FS;LF30FS;\??\c:\a martin\Lock\LF30XP.sys []
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2236-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2238-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2239-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2952c-8802-11dd-9343-0019dbb21520}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-26 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
URLSearchHooks-{01188d35-daf3-4a43-90aa-f1bf150207e6} - (no file)
BHO-{01188d35-daf3-4a43-90aa-f1bf150207e6} - (no file)
BHO-{a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
Toolbar-{a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
Toolbar-{01188d35-daf3-4a43-90aa-f1bf150207e6} - (no file)
WebBrowser-{A33FA729-D155-4B23-842B-2C665ECABDB6} - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1796396
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Compare Prices with &Dealio - c:\documents and settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{3015DB92-158E-4b77-9020-85C8E311FBB5} - c:\progra~1\CASINO~1\casino.exe
Trusted Zone: www.msi.com.tw

O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
c:\windows\Downloaded Program Files\MSIWDev.inf
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\3bsr3876.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UT ... f-divxd&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 15:22:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\avgrsstx.dll
.
Celkový čas: 2008-12-31 15:23:29
ComboFix-quarantined-files.txt 2008-12-31 14:23:20
ComboFix2.txt 2008-12-30 21:16:17

Před spuštěním: Volných bajtů: 90 813 243 392
Po spuštění: Volných bajtů: 90,782,883,840

373 --- E O F --- 2008-12-18 05:21:32

A z těch testovanejch souborů sem mam taky hodit logy???

Příspěvekod **jaro3** » 31 pro 2008 15:43

Pokud tam není žádný nález nemusíš.

Správce úloh Vyřešeno

Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Re: Správce úloh

Kdo je online