Agent CW Vyřešeno

[jaro3]

Nemám , normálně to rozjeď..

[Reklama]

[syky17]

ok du na to zatim dik, jinak to porat hazi...omg...ale chvili to porestalo po tom Malwarebytes' Anti-Malware

[syky17]

ComboFix 09-04-04.01 - pc 2009-04-10 16:52:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1300 [GMT 2:00]
Spuštěný z: d:\ulozeno\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pc\pc.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 16:51 . 2009-04-10 16:51 30,464 --a------ c:\windows\system32\drivers\systemntmi.sys
2009-04-10 16:39 . 2009-04-10 16:39 61,440 --a------ c:\windows\system32\drivers\sjilqsa.sys
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 16:10 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-10 15:49 . 2009-04-10 15:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-10 15:49 . 2009-04-10 16:35 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-10 15:35 . 2009-04-10 15:35 <DIR> d-------- c:\program files\Trend Micro
2009-04-10 13:34 . 2009-04-10 14:38 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-09 23:41 . 2009-04-10 15:26 <DIR> d-------- c:\program files\LFS
2009-04-09 17:47 . 2009-04-09 18:27 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Hide IP NG
2009-04-09 11:01 . 2009-04-09 11:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Tages
2009-04-09 10:48 . 2009-04-09 10:48 <DIR> d-------- c:\program files\Atari
2009-04-09 10:48 . 2009-04-09 10:48 279,712 --a------ c:\windows\system32\drivers\atksgt.sys
2009-04-09 10:48 . 2009-04-09 10:48 25,888 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-04-04 10:00 . 2009-04-04 10:00 <DIR> d-------- c:\program files\EA Games
2009-03-31 14:26 . 2009-03-31 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\wanted
2009-03-30 21:34 . 2002-02-14 10:36 60,416 --a------ c:\windows\system32\shdocvw.oca
2009-03-29 15:31 . 2009-04-05 10:16 <DIR> d-------- c:\program files\Aspyr
2009-03-29 11:18 . 2009-03-29 11:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-29 11:00 . 2009-03-29 11:00 <DIR> d-------- c:\program files\Sierra Entertainment
2009-03-29 00:12 . 2009-03-29 00:12 <DIR> d-------- c:\program files\WarnerBros
2009-03-28 23:30 . 2009-03-28 23:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-03-28 22:34 . 2009-03-28 22:34 <DIR> d-------- c:\program files\OpenAL
2009-03-28 16:04 . 2009-03-28 16:07 <DIR> d-------- c:\documents and settings\pc\Data aplikací\HideIP
2009-03-28 11:57 . 2009-03-28 11:57 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3 Uprising
2009-03-27 20:00 . 2009-03-27 20:00 <DIR> d-------- c:\documents and settings\pc\Data aplikací\InstallShield
2009-03-25 19:07 . 2009-03-25 19:07 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-22 17:35 . 2009-03-22 17:35 <DIR> d-------- c:\documents and settings\pc\Data aplikací\The Creative Assembly
2009-03-22 17:16 . 2009-03-22 22:26 <DIR> d-------- c:\program files\Empire Total War
2009-03-14 20:57 . 2009-03-18 18:02 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3
2009-03-12 15:10 . 2009-03-12 15:10 <DIR> d-------- c:\program files\MSECache
2009-03-10 18:01 . 2009-04-10 16:48 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-10 17:36 . 2009-03-10 17:36 <DIR> d-------- c:\program files\CCleaner
2009-03-10 15:59 . 2009-03-26 14:53 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 15:59 . 2009-03-10 16:06 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 15:59 . 2009-03-26 14:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-10 15:58 . 2009-04-10 11:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 15:58 . 2009-03-26 14:53 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 15:58 . 2009-03-10 15:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-10 15:58 . 2009-03-10 15:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 14:33 --------- d-----w c:\documents and settings\pc\Data aplikací\uTorrent
2009-04-10 11:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-04-09 08:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 08:18 8,310 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-28 22:28 --------- d-----w c:\documents and settings\pc\Data aplikací\DAEMON Tools Pro
2009-03-28 20:36 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 09:42 --------- d-----w c:\program files\Electronic Arts
2009-03-25 16:44 --------- d-----w c:\program files\Rockstar Games
2009-03-25 15:22 --------- d-----w c:\documents and settings\pc\Data aplikací\BSplayer
2009-03-19 20:26 --------- d-----w c:\documents and settings\pc\Data aplikací\ICQ
2009-03-16 19:22 21,808 ----a-w c:\documents and settings\pc\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-14 18:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-11 14:08 --------- d-----w c:\documents and settings\pc\Data aplikací\Apple Computer
2009-03-08 16:35 --------- d-----w c:\program files\ICQ6.5
2009-03-08 11:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\ATI
2009-03-08 11:19 --------- d-----w c:\documents and settings\pc\Data aplikací\Ashampoo
2009-03-08 11:14 103,424 ----a-w c:\windows\system32\PowerUp3_nat.dll
2009-03-08 11:14 --------- d-----w c:\program files\Ashampoo
2009-03-08 11:12 22,934 ----a-w c:\windows\system32\msdx92.dll
2009-03-08 11:06 --------- d-----w c:\documents and settings\pc\Data aplikací\Software4u
2009-03-08 11:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Software4u
2009-03-04 16:11 --------- d-----w c:\program files\QuickTime
2009-03-04 16:11 --------- d-----w c:\program files\iTunes
2009-03-04 16:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-03 14:06 --------- d-----w c:\program files\Duke Nukem - Manhattan Project
2009-02-28 18:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 08:07 --------- d-----w c:\program files\Google
2009-02-20 17:44 --------- d-----w c:\program files\Kwyshell
2009-02-20 12:13 --------- d-----w c:\program files\AVG
2009-02-17 20:46 --------- d-----w c:\documents and settings\pc\Data aplikací\U3
2009-02-13 23:05 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-13 23:05 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-13 23:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2009-02-13 22:47 --------- d-----w c:\program files\GRID
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-22 16:41 348,160 ----a-w c:\windows\system32\Msvcr71.dll
2009-01-22 16:41 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-22 16:41 1,060,864 ----a-w c:\windows\system32\mfc71.dll
2009-01-18 14:22 315,392 ----a-w c:\windows\HideWin.exe
2009-01-16 17:34 499,712 ----a-w c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-26 14:53 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SMART Board Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c993fb5d5cfabe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-10 1356616]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?]
S2 ksi32sk;ksi32sk;\??\c:\windows\system32\drivers\ksi32sk.sys --> c:\windows\system32\drivers\ksi32sk.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 systemntmi;systemntmi;c:\windows\system32\drivers\systemntmi.sys [2009-04-10 30464]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 gupdate1c993fb5d5cfabe;Google Update Service (gupdate1c993fb5d5cfabe);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a1d2a6-1be6-11de-ae96-001d92388788}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836e-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836f-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-pc - c:\documents and settings\pc\pc.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\9v182i94.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 16:53:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,91,bc,27,36,94,51,73,c8,f3,fd,14,65,7b,93,af,d5,6d,de,bb,11,66,4d,
45,6b,6d,36,ed,31,1c,93,60,cb,27,8a,50,b5,e2,0e,21,2a,37,32,96,e8,fa,47,d6,\
"??"=hex:62,59,a0,f8,59,29,4b,e2,19,ae,b1,10,ae,cf,ee,bf

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e7,a6,4e,34,d0,0f,10,5e,4d,e2,35,14,07,19,e6,32,e3,40,56,48,e4,
02,3f,4d,50,00,65,ed,92,5b,22,7c,c5,f4,54,ee,62,15,82,f1,d3,09,8c,2c,e2,4e,\
"rkeysecu"=hex:b9,0d,04,38,85,4e,96,c9,3e,1f,69,b7,7e,88,fc,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-10 16:54:13
ComboFix-quarantined-files.txt 2009-04-10 14:54:11

Před spuštěním: Volných bajtů: 205 126 709 248
Po spuštění: Volných bajtů: 205,114,351,616

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

223 --- E O F --- 2009-03-20 08:56:21

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config amd64si start= disabled
sc stop amd64si
sc delete amd64si
sc config ati64si start= disabled
sc stop ati64si
sc delete ati64si
sc config i386si start= disabled
sc stop i386si
sc delete i386si
sc config ksi32sk start= disabled
sc stop ksi32sk
sc delete ksi32sk
sc config port135sik start= disabled
sc stop port135sik
sc delete port135sik
sc config systemntmi start= disabled
sc stop systemntmi
sc delete systemntmi

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\sjilqsa.sys
J:\Autorun.exe

Driver::
sjilqsa
systemntmi

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a1d2a6-1be6-11de-ae96-001d92388788}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[syky17]

ComboFix 09-04-04.01 - pc 2009-04-10 17:48:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1599 [GMT 2:00]
Spuštěný z: d:\ulozeno\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\sjilqsa.sys
c:\windows\system32\drivers\systemntmi.sys
J:\Autorun.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 16:10 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-10 15:49 . 2009-04-10 15:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-10 15:49 . 2009-04-10 16:35 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-10 15:35 . 2009-04-10 15:35 <DIR> d-------- c:\program files\Trend Micro
2009-04-10 13:34 . 2009-04-10 14:38 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-09 23:41 . 2009-04-10 17:39 <DIR> d-------- c:\program files\LFS
2009-04-09 17:47 . 2009-04-09 18:27 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Hide IP NG
2009-04-09 11:01 . 2009-04-09 11:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Tages
2009-04-09 10:48 . 2009-04-09 10:48 <DIR> d-------- c:\program files\Atari
2009-04-09 10:48 . 2009-04-09 10:48 279,712 --a------ c:\windows\system32\drivers\atksgt.sys
2009-04-09 10:48 . 2009-04-09 10:48 25,888 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-04-04 10:00 . 2009-04-04 10:00 <DIR> d-------- c:\program files\EA Games
2009-03-31 14:26 . 2009-03-31 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\wanted
2009-03-30 21:34 . 2002-02-14 10:36 60,416 --a------ c:\windows\system32\shdocvw.oca
2009-03-29 15:31 . 2009-04-05 10:16 <DIR> d-------- c:\program files\Aspyr
2009-03-29 11:18 . 2009-03-29 11:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-29 11:00 . 2009-03-29 11:00 <DIR> d-------- c:\program files\Sierra Entertainment
2009-03-29 00:12 . 2009-03-29 00:12 <DIR> d-------- c:\program files\WarnerBros
2009-03-28 23:30 . 2009-03-28 23:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-03-28 22:34 . 2009-03-28 22:34 <DIR> d-------- c:\program files\OpenAL
2009-03-28 16:04 . 2009-03-28 16:07 <DIR> d-------- c:\documents and settings\pc\Data aplikací\HideIP
2009-03-28 11:57 . 2009-03-28 11:57 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3 Uprising
2009-03-27 20:00 . 2009-03-27 20:00 <DIR> d-------- c:\documents and settings\pc\Data aplikací\InstallShield
2009-03-25 19:07 . 2009-03-25 19:07 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-22 17:35 . 2009-03-22 17:35 <DIR> d-------- c:\documents and settings\pc\Data aplikací\The Creative Assembly
2009-03-22 17:16 . 2009-03-22 22:26 <DIR> d-------- c:\program files\Empire Total War
2009-03-14 20:57 . 2009-03-18 18:02 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3
2009-03-12 15:10 . 2009-03-12 15:10 <DIR> d-------- c:\program files\MSECache
2009-03-10 18:01 . 2009-04-10 16:59 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-10 17:36 . 2009-03-10 17:36 <DIR> d-------- c:\program files\CCleaner
2009-03-10 15:59 . 2009-03-26 14:53 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 15:59 . 2009-03-10 16:06 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 15:59 . 2009-03-26 14:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-10 15:58 . 2009-04-10 11:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 15:58 . 2009-03-26 14:53 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 15:58 . 2009-03-10 15:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-10 15:58 . 2009-03-10 15:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 15:41 --------- d-----w c:\documents and settings\pc\Data aplikací\uTorrent
2009-04-10 11:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-04-09 08:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 08:18 8,310 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-28 22:28 --------- d-----w c:\documents and settings\pc\Data aplikací\DAEMON Tools Pro
2009-03-28 20:36 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 09:42 --------- d-----w c:\program files\Electronic Arts
2009-03-25 16:44 --------- d-----w c:\program files\Rockstar Games
2009-03-25 15:22 --------- d-----w c:\documents and settings\pc\Data aplikací\BSplayer
2009-03-19 20:26 --------- d-----w c:\documents and settings\pc\Data aplikací\ICQ
2009-03-16 19:22 21,808 ----a-w c:\documents and settings\pc\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-14 18:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-11 14:08 --------- d-----w c:\documents and settings\pc\Data aplikací\Apple Computer
2009-03-08 16:35 --------- d-----w c:\program files\ICQ6.5
2009-03-08 11:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\ATI
2009-03-08 11:19 --------- d-----w c:\documents and settings\pc\Data aplikací\Ashampoo
2009-03-08 11:14 103,424 ----a-w c:\windows\system32\PowerUp3_nat.dll
2009-03-08 11:14 --------- d-----w c:\program files\Ashampoo
2009-03-08 11:12 22,934 ----a-w c:\windows\system32\msdx92.dll
2009-03-08 11:06 --------- d-----w c:\documents and settings\pc\Data aplikací\Software4u
2009-03-08 11:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Software4u
2009-03-04 16:11 --------- d-----w c:\program files\QuickTime
2009-03-04 16:11 --------- d-----w c:\program files\iTunes
2009-03-04 16:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-03 14:06 --------- d-----w c:\program files\Duke Nukem - Manhattan Project
2009-02-28 18:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 08:07 --------- d-----w c:\program files\Google
2009-02-20 17:44 --------- d-----w c:\program files\Kwyshell
2009-02-20 12:13 --------- d-----w c:\program files\AVG
2009-02-17 20:46 --------- d-----w c:\documents and settings\pc\Data aplikací\U3
2009-02-13 23:05 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-13 23:05 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-13 23:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2009-02-13 22:47 --------- d-----w c:\program files\GRID
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-22 16:41 348,160 ----a-w c:\windows\system32\Msvcr71.dll
2009-01-22 16:41 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-22 16:41 1,060,864 ----a-w c:\windows\system32\mfc71.dll
2009-01-18 14:22 315,392 ----a-w c:\windows\HideWin.exe
2009-01-16 17:34 499,712 ----a-w c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_16.53.50,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-10 14:39:23 78,156 ----a-w c:\windows\system32\perfc005.dat
+ 2009-04-10 15:48:46 78,156 ----a-w c:\windows\system32\perfc005.dat
- 2009-04-10 14:39:23 67,560 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-10 15:48:47 67,560 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-10 14:39:23 429,206 ----a-w c:\windows\system32\perfh005.dat
+ 2009-04-10 15:48:47 429,206 ----a-w c:\windows\system32\perfh005.dat
- 2009-04-10 14:39:23 432,856 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-10 15:48:47 432,856 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-26 14:53 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SMART Board Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c993fb5d5cfabe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-10 1356616]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 gupdate1c993fb5d5cfabe;Google Update Service (gupdate1c993fb5d5cfabe);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836e-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836f-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\9v182i94.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:50:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,91,bc,27,36,94,51,73,c8,f3,fd,14,65,7b,93,af,d5,6d,de,bb,11,66,4d,
45,6b,6d,36,ed,31,1c,93,60,cb,27,8a,50,b5,e2,0e,21,2a,37,32,96,e8,fa,47,d6,\
"??"=hex:62,59,a0,f8,59,29,4b,e2,19,ae,b1,10,ae,cf,ee,bf

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e7,a6,4e,34,d0,0f,10,5e,4d,e2,35,14,07,19,e6,32,e3,40,56,48,e4,
02,3f,4d,50,00,65,ed,92,5b,22,7c,c5,f4,54,ee,62,15,82,f1,d3,09,8c,2c,e2,4e,\
"rkeysecu"=hex:b9,0d,04,38,85,4e,96,c9,3e,1f,69,b7,7e,88,fc,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-10 17:50:42
ComboFix-quarantined-files.txt 2009-04-10 15:50:40
ComboFix2.txt 2009-04-10 14:54:14

Před spuštěním: Volných bajtů: 205 159 866 368
Po spuštění: Volných bajtů: 205,142,167,552

217 --- E O F --- 2009-03-20 08:56:21

[syky17]

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4949 bytes

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config acpi32 start= disabled
sc stop acpi32
sc delete acpi32

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
******************************************************************************************************************************************
Vlož sem znovu a celý nový log z HJT, chybí Ti tam začátek..

[syky17]

udelal jsme chybu zapomnel jsme zkopirovat posledni 3 radky...


ComboFix 09-04-04.01 - pc 2009-04-10 17:59:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1591 [GMT 2:00]
Spuštěný z: d:\ulozeno\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\sjilqsa.sys
c:\windows\system32\drivers\systemntmi.sys
J:\Autorun.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-10 16:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-10 16:10 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 16:10 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-10 15:49 . 2009-04-10 15:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-10 15:49 . 2009-04-10 16:35 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-10 15:35 . 2009-04-10 15:35 <DIR> d-------- c:\program files\Trend Micro
2009-04-10 13:34 . 2009-04-10 14:38 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-09 23:41 . 2009-04-10 17:39 <DIR> d-------- c:\program files\LFS
2009-04-09 17:47 . 2009-04-09 18:27 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Hide IP NG
2009-04-09 11:01 . 2009-04-09 11:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Tages
2009-04-09 10:48 . 2009-04-09 10:48 <DIR> d-------- c:\program files\Atari
2009-04-09 10:48 . 2009-04-09 10:48 279,712 --a------ c:\windows\system32\drivers\atksgt.sys
2009-04-09 10:48 . 2009-04-09 10:48 25,888 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-04-04 10:00 . 2009-04-04 10:00 <DIR> d-------- c:\program files\EA Games
2009-03-31 14:26 . 2009-03-31 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\wanted
2009-03-30 21:34 . 2002-02-14 10:36 60,416 --a------ c:\windows\system32\shdocvw.oca
2009-03-29 15:31 . 2009-04-05 10:16 <DIR> d-------- c:\program files\Aspyr
2009-03-29 11:18 . 2009-03-29 11:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-29 11:00 . 2009-03-29 11:00 <DIR> d-------- c:\program files\Sierra Entertainment
2009-03-29 00:12 . 2009-03-29 00:12 <DIR> d-------- c:\program files\WarnerBros
2009-03-28 23:30 . 2009-03-28 23:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-03-28 22:34 . 2009-03-28 22:34 <DIR> d-------- c:\program files\OpenAL
2009-03-28 16:04 . 2009-03-28 16:07 <DIR> d-------- c:\documents and settings\pc\Data aplikací\HideIP
2009-03-28 11:57 . 2009-03-28 11:57 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3 Uprising
2009-03-27 20:00 . 2009-03-27 20:00 <DIR> d-------- c:\documents and settings\pc\Data aplikací\InstallShield
2009-03-25 19:07 . 2009-03-25 19:07 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-22 17:35 . 2009-03-22 17:35 <DIR> d-------- c:\documents and settings\pc\Data aplikací\The Creative Assembly
2009-03-22 17:16 . 2009-03-22 22:26 <DIR> d-------- c:\program files\Empire Total War
2009-03-14 20:57 . 2009-03-18 18:02 <DIR> d-------- c:\documents and settings\pc\Data aplikací\Red Alert 3
2009-03-12 15:10 . 2009-03-12 15:10 <DIR> d-------- c:\program files\MSECache
2009-03-10 18:01 . 2009-04-10 16:59 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-10 17:36 . 2009-03-10 17:36 <DIR> d-------- c:\program files\CCleaner
2009-03-10 15:59 . 2009-03-26 14:53 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 15:59 . 2009-03-10 16:06 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 15:59 . 2009-03-26 14:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-10 15:58 . 2009-04-10 11:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 15:58 . 2009-03-26 14:53 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 15:58 . 2009-03-10 15:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-10 15:58 . 2009-03-10 15:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 15:41 --------- d-----w c:\documents and settings\pc\Data aplikací\uTorrent
2009-04-10 11:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-04-09 08:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 08:18 8,310 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-28 22:28 --------- d-----w c:\documents and settings\pc\Data aplikací\DAEMON Tools Pro
2009-03-28 20:36 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 09:42 --------- d-----w c:\program files\Electronic Arts
2009-03-25 16:44 --------- d-----w c:\program files\Rockstar Games
2009-03-25 15:22 --------- d-----w c:\documents and settings\pc\Data aplikací\BSplayer
2009-03-19 20:26 --------- d-----w c:\documents and settings\pc\Data aplikací\ICQ
2009-03-16 19:22 21,808 ----a-w c:\documents and settings\pc\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-14 18:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-11 14:08 --------- d-----w c:\documents and settings\pc\Data aplikací\Apple Computer
2009-03-08 16:35 --------- d-----w c:\program files\ICQ6.5
2009-03-08 11:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\ATI
2009-03-08 11:19 --------- d-----w c:\documents and settings\pc\Data aplikací\Ashampoo
2009-03-08 11:14 103,424 ----a-w c:\windows\system32\PowerUp3_nat.dll
2009-03-08 11:14 --------- d-----w c:\program files\Ashampoo
2009-03-08 11:12 22,934 ----a-w c:\windows\system32\msdx92.dll
2009-03-08 11:06 --------- d-----w c:\documents and settings\pc\Data aplikací\Software4u
2009-03-08 11:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Software4u
2009-03-04 16:11 --------- d-----w c:\program files\QuickTime
2009-03-04 16:11 --------- d-----w c:\program files\iTunes
2009-03-04 16:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-03 14:06 --------- d-----w c:\program files\Duke Nukem - Manhattan Project
2009-02-28 18:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 08:07 --------- d-----w c:\program files\Google
2009-02-20 17:44 --------- d-----w c:\program files\Kwyshell
2009-02-20 12:13 --------- d-----w c:\program files\AVG
2009-02-17 20:46 --------- d-----w c:\documents and settings\pc\Data aplikací\U3
2009-02-13 23:05 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-13 23:05 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-13 23:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2009-02-13 22:47 --------- d-----w c:\program files\GRID
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-22 16:41 348,160 ----a-w c:\windows\system32\Msvcr71.dll
2009-01-22 16:41 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2009-01-22 16:41 1,060,864 ----a-w c:\windows\system32\mfc71.dll
2009-01-18 14:22 315,392 ----a-w c:\windows\HideWin.exe
2009-01-16 17:34 499,712 ----a-w c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-10_16.53.50,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-10 14:39:23 78,156 ----a-w c:\windows\system32\perfc005.dat
+ 2009-04-10 16:00:13 78,156 ----a-w c:\windows\system32\perfc005.dat
- 2009-04-10 14:39:23 67,560 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-10 16:00:13 67,560 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-10 14:39:23 429,206 ----a-w c:\windows\system32\perfh005.dat
+ 2009-04-10 16:00:13 429,206 ----a-w c:\windows\system32\perfh005.dat
- 2009-04-10 14:39:23 432,856 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-10 16:00:13 432,856 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-26 14:53 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SMART Board Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c993fb5d5cfabe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-10 1356616]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 gupdate1c993fb5d5cfabe;Google Update Service (gupdate1c993fb5d5cfabe);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836e-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecb836f-fc65-11dd-ae32-001d92388788}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\9v182i94.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 18:00:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,91,bc,27,36,94,51,73,c8,f3,fd,14,65,7b,93,af,d5,6d,de,bb,11,66,4d,
45,6b,6d,36,ed,31,1c,93,60,cb,27,8a,50,b5,e2,0e,21,2a,37,32,96,e8,fa,47,d6,\
"??"=hex:62,59,a0,f8,59,29,4b,e2,19,ae,b1,10,ae,cf,ee,bf

[HKEY_USERS\S-1-5-21-484763869-706699826-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e7,a6,4e,34,d0,0f,10,5e,4d,e2,35,14,07,19,e6,32,e3,40,56,48,e4,
02,3f,4d,50,00,65,ed,92,5b,22,7c,c5,f4,54,ee,62,15,82,f1,d3,09,8c,2c,e2,4e,\
"rkeysecu"=hex:b9,0d,04,38,85,4e,96,c9,3e,1f,69,b7,7e,88,fc,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-10 18:02:37
ComboFix-quarantined-files.txt 2009-04-10 16:01:20
ComboFix2.txt 2009-04-10 15:50:43
ComboFix3.txt 2009-04-10 14:54:14

Před spuštěním: Volných bajtů: 205 130 772 480
Po spuštění: Volných bajtů: 205,113,057,280

216 --- E O F --- 2009-03-20 08:56:21

[jaro3]

Proveď ten script:
sc config acpi32 start= disabled
sc stop acpi32
sc delete acpi32
jak je výše a pak sem dej ten log z HJT ( ne z CF).Ať to můžeme uzavřít.

[syky17]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:26, on 10.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4920 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions prezent
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe

pokud nejsou problémy , je to vše.

[syky17]

ty vado...ses fakt moc velkej borec, kdyz dokazes tejto rozlustit...zatim to kalpe(klepu do stolu).....chtel bych taky umet si takhle poradit sam...