HiJackThis=kontrola Vyřešeno

[warcraftan]

Dobry den, prosim o kontrolu logu


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:47, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Home Series\Time Sync\TimeSync.exe
E:\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
D:\steam\steam.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AIMP2\AIMP2.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.562\WoWEmuHacker5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 82.208.58.92 l2authd.lineage2.com
O1 - Hosts: 82.208.58.92 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [TimeSync] C:\Program Files\Home Series\Time Sync\TimeSync.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] "E:\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSNGateway] "C:\WINDOWS\system32\MSNGateway.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 9903 bytes

Dekuji...preji hezky den

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[warcraftan]

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1861
Windows 5.1.2600 Service Pack 3

18.3.2009 11:27:30
mbam-log-2009-03-18 (11-27-27).txt

Typ skenu: Rychlý sken
Objektu skenováno: 63601
Uplynulý cas: 3 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 5

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\nnnlmlJd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBtRIyX.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\qoMeButs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJdArst.dll (Trojan.Vundo) -> No action taken.

Diky ze mi pomahas jaro...si muj nej administrator :)

[jaro3]

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[warcraftan]

Snad jsem tu ochranu vypl a tady ten Log

ComboFix 09-03-15.01 - Administrator 2009-03-18 12:15:27.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1590 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Zastupci\ComboFix.exe
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2009-03-18 11:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 11:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 13:54 . 2009-03-13 13:55 <DIR> d-------- c:\program files\GTactix
2009-03-06 19:15 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmp52A.tmp
2009-03-06 19:15 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmp529.tmp
2009-03-06 17:08 . 2009-03-06 19:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Codemasters
2009-03-06 17:00 . 2009-03-06 17:00 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-06 16:50 . 2009-03-06 16:50 <DIR> d-------- c:\program files\OpenAL
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-25 13:31 . 2009-02-25 13:31 19,583 --a------ c:\windows\system32\TuneUpDefragService_20090225-123142.dmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 08:02 --------- d-----w c:\program files\AIMP2
2009-03-17 14:23 --------- d-----w c:\program files\Garena
2009-03-13 14:15 --------- d-----w c:\documents and settings\Administrator\Data aplikací\uTorrent
2009-03-13 14:11 --------- d-----w c:\program files\ICQ6
2009-03-13 13:56 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Hamachi
2009-03-07 19:41 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Xfire
2009-03-06 18:15 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-06 18:15 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 15:47 188,848 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 15:47 138,064 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:44 --------- d-----w c:\program files\Google
2009-03-06 14:07 --------- d-----w c:\program files\Counter-Strike Source
2009-03-04 18:18 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2009-03-04 18:07 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2009-03-03 09:26 --------- d-----w c:\program files\Xfire
2009-02-16 22:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-10 19:03 --------- d-----w c:\documents and settings\Administrator\Data aplikací\teamspeak2
2009-02-09 13:38 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-08 14:09 --------- d-----w c:\program files\Tortun
2009-02-01 08:09 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-31 18:12 --------- d-----w c:\program files\GamePark
2009-01-31 17:57 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 19:50 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-21 19:50 --------- d-----w c:\program files\Sun
2009-01-21 19:50 --------- d-----w c:\program files\Java
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
.

------- Sigcheck -------

2008-04-14 07:52 812032 5e7011acca2c391a9446c201d5848e23 c:\windows\system32\wininet.dll
2008-04-14 07:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\VistaMizer\old\wininet.dll

2008-04-14 07:52 547328 471341d353962a35da3c6324d59d09c4 c:\windows\system32\winlogon.exe
2008-04-14 07:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\VistaMizer\old\winlogon.exe

2008-09-10 21:26 2325248 af9671053f8e5272d879a0f0b2e418dd c:\windows\system32\ntkrnlpa.exe
2008-09-10 21:26 2067968 4dee41c45e803db91a72fd1ba69c05ee c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-04-14 07:07 2448384 1bc2cbaf4395e7446ec57d1d14c408ad c:\windows\system32\ntoskrnl.exe
2008-04-14 07:07 2191104 c1536014ac1cb1d5397e31d9735e6571 c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-14 07:52 1552384 137a31c90841db6ef71abe912e72121e c:\windows\explorer.exe
2008-04-14 07:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\VistaMizer\old\explorer.exe

2008-04-14 07:52 25088 d8152865f2a59d765af8317e38aa5fb4 c:\windows\system32\ctfmon.exe
2008-04-14 07:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"MSNGateway"="c:\windows\system32\MSNGateway.exe" [2008-12-03 266240]
"Steam"="d:\steam\steam.exe" [2009-01-20 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-13 949376]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"TimeSync"="c:\program files\Home Series\Time Sync\TimeSync.exe" [2006-10-29 829440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="e:\hp\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-09-13 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-13 15424]
R1 SandBox;Outpost Firewall Sandbox Driver;c:\program files\Agnitum\Outpost Firewall\Kernel\SandBox.sys [2008-09-13 329928]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\adblock.dll [2008-09-13 33568]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\arp.dll [2008-09-13 17408]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\content.dll [2008-09-13 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\dnscache.dll [2008-09-13 14464]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll [2008-09-13 9248]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll [2008-09-13 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll [2008-09-13 13216]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll [2008-09-13 7168]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-09-13 12032]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll [2008-09-13 14880]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll [2008-09-13 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll [2008-09-13 10048]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\protect.dll [2008-09-13 15200]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\secret.dll [2008-09-13 12928]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]

2009-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1592454029-1801674531-500.job
- c:\documents and settings\Administrator\Local Settings\Data aplikac []

2008-11-25 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 12:16:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="EDDA4C93E4658E371ABD0802D65E8CF1FC5138C4CAAE8127DB77B27EEC8A281348381CEEE5395AA10B0AACB51379D6A09D5CF8E3C7BB1AB6387953631C2BC03765B9BB2DD48203B7B4805948CFBAB57E700E8E228CFDE4C267A213B23C73FB33CBE92772E0D3F3D797BFCC9B8559A3398DBD983E7D708FE33E1D93293643D3ADA6E9221B1E139A5657FC8AC690601F723252FC2CDD62482A3127B8B45A514D42456B31B08379EA7B3CFED81531AEAE3EBE4AE292D679C5965A922B7CD924EB009935A0F7EC955B84312544040D76D627B9B6B6CEF7AA3F9FF7C5D957CA1AB9E93C257DE41AC7E59F475C9A462A3E2527C93CA8EE31C3722FEABBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A6171C11EC38DE3D3809C1C9A4EFB48A0FD138DB7D73389B3B91ED8699E17DAE9B5F0B17B9670EF724A38EE74EC707FCAA2E90184550A671C49B1415F030656A3C0A6973840E215C831A231494F4576ECF499322AF91EF972D11E65786C1181231DF3C941DEBA81A3E57614E9A2D287E48690DBE155ACF82BC3638757E44270E68C1FDA91CDB2FABFDF98B67879A1DDCA08B2784CA3F223780833FEB035B4B580E450EB39930E6A233544C0808D97FCEA7DCF4E030CA6AD04AA4150CC29D5F019336AF09B52BA02190ECAF294AF93CAE72C26C91247B4EFCAFFAB8FBED16612B30908A53130557E20CFDA59B83026369D8D465AB8BC295FD091B0E323B44748DDE842A0F57EA2531E1F602806A6A2BFE755D1F17CF0631A9F3CD597B631A5FF4DB797D8FAEFBC96D91797ECFBAA0EC85ABDC390EDD21B1EBD10E457AA4808DBE2B88D77AC74BAA8CDD5D3653350424281D073AA225DFCCC1C60E61A2BF500DDE127E714953624E16CDABABAA1CEC71A133428B371B865CBD3CB19F3DFBD9125D195EE4C9093D61A6ACA340C8B7A01B43192B7A83B7495E85DF1355E621DFF154125C331DA34B336D8A373EF253DE09F34090B714F853F455237BBE117E992AF40CE2BCB9E2F038AFB78D52C4BED649ABDAF659485E4266793AEDF80065325600DE0E4CE9878608C5CE818BADCDAE0B7863945853EC299BD41F1E864B2BC7BB4E23B08A4A59D65F1C2920DFEFD77F257C93D5123D2C0B23DC0E75CEE129EDBF4BB8CF884EA2221CB2E5ADA5A2B9D58EE9ED59C8E2AAE4AF1E890E9B033DACEEF54026B83A321EC39C68209B2F5132668DB574A0F278A41534D53B9A44497DF560219F73A75BF0FE04582161D6828BEBC1F12D24F1292ACE53FB01DE0DB2CF2A3484DD730573B71724208F7A2A37C883FA70BE41B757CDFA41C8175E9C638781AA59B7D8945582FE4E6FFE4F11D7C7B7BB401AC66E9ED8DA584EE9F401C9FA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\sfc_os.dll
.
Celkový čas: 2009-03-18 12:17:31
ComboFix-quarantined-files.txt 2009-03-18 11:17:25
ComboFix2.txt 2008-11-21 19:50:25

Před spuštěním: 7 355 207 680
Po spuštění: 7,632,257,024

191

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\tmp52A.tmp
c:\windows\system32\tmp529.tmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\TuneUpDefragService_20090225-123142.dmp
Vlož sem pak odkaz výsledku.

[warcraftan]

COMBO[b][/b]

ComboFix 09-03-15.01 - Administrator 2009-03-18 15:25:33.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1503 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Zastupci\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\windows\system32\tmp529.tmp
c:\windows\system32\tmp52A.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp529.tmp
c:\windows\system32\tmp52A.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 11:23 . 2009-03-18 11:23 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2009-03-18 11:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 11:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 13:54 . 2009-03-13 13:55 <DIR> d-------- c:\program files\GTactix
2009-03-06 17:08 . 2009-03-06 19:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Codemasters
2009-03-06 17:00 . 2009-03-06 17:00 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-06 16:50 . 2009-03-06 16:50 <DIR> d-------- c:\program files\OpenAL
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-25 13:31 . 2009-02-25 13:31 19,583 --a------ c:\windows\system32\TuneUpDefragService_20090225-123142.dmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 08:02 --------- d-----w c:\program files\AIMP2
2009-03-17 14:23 --------- d-----w c:\program files\Garena
2009-03-13 14:15 --------- d-----w c:\documents and settings\Administrator\Data aplikací\uTorrent
2009-03-13 14:11 --------- d-----w c:\program files\ICQ6
2009-03-13 13:56 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Hamachi
2009-03-07 19:41 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Xfire
2009-03-06 18:15 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-06 18:15 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 15:47 188,848 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 15:47 138,064 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 15:44 --------- d-----w c:\program files\Google
2009-03-06 14:07 --------- d-----w c:\program files\Counter-Strike Source
2009-03-04 18:18 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2009-03-04 18:07 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2009-03-03 09:26 --------- d-----w c:\program files\Xfire
2009-02-16 22:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-10 19:03 --------- d-----w c:\documents and settings\Administrator\Data aplikací\teamspeak2
2009-02-09 13:38 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-08 14:09 --------- d-----w c:\program files\Tortun
2009-02-01 08:09 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-31 18:12 --------- d-----w c:\program files\GamePark
2009-01-31 17:57 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 19:50 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-21 19:50 --------- d-----w c:\program files\Sun
2009-01-21 19:50 --------- d-----w c:\program files\Java
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
.

------- Sigcheck -------

2008-04-14 07:52 812032 5e7011acca2c391a9446c201d5848e23 c:\windows\system32\wininet.dll
2008-04-14 07:52 667136 3fe5e65a7ed9ec98aee9167ca07812d3 c:\windows\VistaMizer\old\wininet.dll

2008-04-14 07:52 547328 471341d353962a35da3c6324d59d09c4 c:\windows\system32\winlogon.exe
2008-04-14 07:52 507904 cddb1f8e1aea356f3ad106f2cf9b7fea c:\windows\VistaMizer\old\winlogon.exe

2008-09-10 21:26 2325248 af9671053f8e5272d879a0f0b2e418dd c:\windows\system32\ntkrnlpa.exe
2008-09-10 21:26 2067968 4dee41c45e803db91a72fd1ba69c05ee c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-04-14 07:07 2448384 1bc2cbaf4395e7446ec57d1d14c408ad c:\windows\system32\ntoskrnl.exe
2008-04-14 07:07 2191104 c1536014ac1cb1d5397e31d9735e6571 c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-14 07:52 1552384 137a31c90841db6ef71abe912e72121e c:\windows\explorer.exe
2008-04-14 07:52 1034240 27afd587c462e280ee046b8cca3c2cd1 c:\windows\VistaMizer\old\explorer.exe

2008-04-14 07:52 25088 d8152865f2a59d765af8317e38aa5fb4 c:\windows\system32\ctfmon.exe
2008-04-14 07:52 15360 a756b8f0f7bafba6dfe39f7d169f2519 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-18_12.16.49,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-16 12:17:23 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2009-03-18 11:19:31 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"MSNGateway"="c:\windows\system32\MSNGateway.exe" [2008-12-03 266240]
"Steam"="d:\steam\steam.exe" [2009-01-20 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-13 949376]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"TimeSync"="c:\program files\Home Series\Time Sync\TimeSync.exe" [2006-10-29 829440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="e:\hp\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-09-13 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-13 15424]
R1 SandBox;Outpost Firewall Sandbox Driver;c:\program files\Agnitum\Outpost Firewall\Kernel\SandBox.sys [2008-09-13 329928]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\adblock.dll [2008-09-13 33568]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\arp.dll [2008-09-13 17408]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\content.dll [2008-09-13 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\dnscache.dll [2008-09-13 14464]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll [2008-09-13 9248]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll [2008-09-13 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll [2008-09-13 13216]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll [2008-09-13 7168]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-09-13 12032]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll [2008-09-13 14880]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll [2008-09-13 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll [2008-09-13 10048]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\protect.dll [2008-09-13 15200]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\secret.dll [2008-09-13 12928]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]

2009-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1592454029-1801674531-500.job
- c:\documents and settings\Administrator\Local Settings\Data aplikac []

2008-11-25 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = http://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 15:26:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="EDDA4C93E4658E371ABD0802D65E8CF1FC5138C4CAAE8127DB77B27EEC8A281348381CEEE5395AA10B0AACB51379D6A09D5CF8E3C7BB1AB6387953631C2BC03765B9BB2DD48203B7B4805948CFBAB57E700E8E228CFDE4C267A213B23C73FB33CBE92772E0D3F3D797BFCC9B8559A3398DBD983E7D708FE33E1D93293643D3ADA6E9221B1E139A5657FC8AC690601F723252FC2CDD62482A3127B8B45A514D42456B31B08379EA7B3CFED81531AEAE3EBE4AE292D679C5965A922B7CD924EB009935A0F7EC955B84312544040D76D627B9B6B6CEF7AA3F9FF7C5D957CA1AB9E93C257DE41AC7E59F475C9A462A3E2527C93CA8EE31C3722FEABBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A6171C11EC38DE3D3809C1C9A4EFB48A0FD138DB7D73389B3B91ED8699E17DAE9B5F0B17B9670EF724A38EE74EC707FCAA2E90184550A671C49B1415F030656A3C0A6973840E215C831A231494F4576ECF499322AF91EF972D11E65786C1181231DF3C941DEBA81A3E57614E9A2D287E48690DBE155ACF82BC3638757E44270E68C1FDA91CDB2FABFDF98B67879A1DDCA08B2784CA3F223780833FEB035B4B580E450EB39930E6A233544C0808D97FCEA7DCF4E030CA6AD04AA4150CC29D5F019336AF09B52BA02190ECAF294AF93CAE72C26C91247B4EFCAFFAB8FBED16612B30908A53130557E20CFDA59B83026369D8D465AB8BC295FD091B0E323B44748DDE842A0F57EA2531E1F602806A6A2BFE755D1F17CF0631A9F3CD597B631A5FF4DB797D8FAEFBC96D91797ECFBAA0EC85ABDC390EDD21B1EBD10E457AA4808DBE2B88D77AC74BAA8CDD5D3653350424281D073AA225DFCCC1C60E61A2BF500DDE127E714953624E16CDABABAA1CEC71A133428B371B865CBD3CB19F3DFBD9125D195EE4C9093D61A6ACA340C8B7A01B43192B7A83B7495E85DF1355E621DFF154125C331DA34B336D8A373EF253DE09F34090B714F853F455237BBE117E992AF40CE2BCB9E2F038AFB78D52C4BED649ABDAF659485E4266793AEDF80065325600DE0E4CE9878608C5CE818BADCDAE0B7863945853EC299BD41F1E864B2BC7BB4E23B08A4A59D65F1C2920DFEFD77F257C93D5123D2C0B23DC0E75CEE129EDBF4BB8CF884EA2221CB2E5ADA5A2B9D58EE9ED59C8E2AAE4AF1E890E9B033DACEEF54026B83A321EC39C68209B2F5132668DB574A0F278A41534D53B9A44497DF560219F73A75BF0FE04582161D6828BEBC1F12D24F1292ACE53FB01DE0DB2CF2A3484DD730573B71724208F7A2A37C883FA70BE41B757CDFA41C8175E9C638781AA59B7D8945582FE4E6FFE4F11D7C7B7BB401AC66E9ED8DA584EE9F401C9FA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\sfc_os.dll
.
Celkový čas: 2009-03-18 15:27:34
ComboFix-quarantined-files.txt 2009-03-18 14:27:24
ComboFix2.txt 2009-03-18 11:17:32
ComboFix3.txt 2008-11-21 19:50:25

Před spuštěním: 7 613 652 992
Po spuštění: 7,611,191,296

200

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:53, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Home Series\Time Sync\TimeSync.exe
E:\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 82.208.58.92 l2authd.lineage2.com
O1 - Hosts: 82.208.58.92 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [TimeSync] C:\Program Files\Home Series\Time Sync\TimeSync.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] "E:\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSNGateway] "C:\WINDOWS\system32\MSNGateway.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 9822 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')    

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Ten VT jsi dělal:
c:\windows\system32\TuneUpDefragService_20090225-123142.dmp ?
Jinak je to vše.

[warcraftan]

Jaro udělal jsem vše co jsi řekl, test na ten vir jsem udělal..

Soubor TuneUpDefragService_20090225-1231 přijatý 2009.03.18 16:10:59 (CET)
Antivirus;Verze;Poslední aktualizace;Výsledek
a-squared ;4.0.0.101;2009.03.18;-

AhnLab-V3 ;5.0.0.2;2009.03.18;-

AntiVir ;7.9.0.116;2009.03.18;-

Authentium ;5.1.2.4;2009.03.18;-

Avast ;4.8.1335.0;2009.03.17;-

AVG ;8.0.0.237;2009.03.18;-

BitDefender ;7.2;2009.03.18;-

CAT-QuickHeal ;10.00;2009.03.18;-

ClamAV ;0.94.1;2009.03.18;-

Comodo ;1066;2009.03.18;-

DrWeb ;4.44.0.09170;2009.03.18;-

eSafe ;7.0.17.0;2009.03.18;-

eTrust-Vet ;31.6.6388;2009.03.09;-

F-Prot ;4.4.4.56;2009.03.17;-

F-Secure ;8.0.14470.0;2009.03.18;-

Fortinet ;3.117.0.0;2009.03.18;-

GData ;19;2009.03.18;-

Ikarus ;T3.1.1.45.0;2009.03.18;-

K7AntiVirus ;7.10.674;2009.03.17;-

Kaspersky ;7.0.0.125;2009.03.18;-

McAfee ;5556;2009.03.17;-

McAfee+Artemis ;5556;2009.03.17;-

McAfee-GW-Edition ;6.7.6;2009.03.18;Heuristic.Exploit.CodeExec.EBOJ

Microsoft ;1.4502;2009.03.18;-

NOD32 ;3944;2009.03.17;-

Norman ;6.00.06;2009.03.18;-

nProtect ;2009.1.8.0;2009.03.18;-

Panda ;10.0.0.10;2009.03.18;-

PCTools ;4.4.2.0;2009.03.18;-

Prevx1 ;V2;2009.03.18;-

Rising ;21.21.22.00;2009.03.18;-

Sophos ;4.39.0;2009.03.18;-

Sunbelt ;3.2.1858.2;2009.03.18;-

Symantec ;1.4.4.12;2009.03.18;-

TheHacker ;6.3.3.0.283;2009.03.16;-

TrendMicro ;8.700.0.1004;2009.03.18;-

VBA32 ;3.12.10.1;2009.03.17;-

ViRobot ;2009.3.18.1654;2009.03.18;-

VirusBuste r ;4.6.5.0;2009.03.17;-


Rozšiřující informace
File size: 19583 bytes
MD5...: bbd682920970808437b2f2429ed4c993
SHA1..: 448aab08dbe3dc660dccb7856a3a4901b901c351
SHA256: a61cf2439533ba60263a2140a2e5c275da2cf7e61144262bafe9fceab7806b99
SHA512: 97b62cd6b9d37617cec1cf44a1af96f1e23fe2d88bc75ed9e589163871b1a039<br>ec8903bbd474fd91ad0c79147bdaa2e31557e9ce8ddf74ebe8a463387e4e73ae
ssdeep: 384:tNnFDY2ScVVpIteeeEYFq1jxqITV0d1vZgryP1p8lV3jtBWvRUE+ZrhpsZ8b<br>NAUB:7OqIx0d1vZgryPmzEOrhpsZ8bFI1A<br>
PEiD..: -
TrID..: File type identification<br>Windows Minidump (100.0%)
PEInfo: -

[warcraftan]

Jaro vše? Můžu dat fajfku?

[jaro3]

Můžeš.