prosím o kontrolu logu Vyřešeno

[Hady]

Prosím o pomoc. Z ničeho nič přestal jít zvuk. Vše se zdá být v pořádku. Děkuji...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:30, on 12.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4500\1325\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8395 bytes

[Reklama]

[memphisto]

Odinstaluj BearShare, ICQ Toolbar, Yahoo Toolbar, BearShare MediaBar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Hady]

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2116
Windows 5.1.2600 Service Pack 2

12.5.2009 19:26:19
mbam-log-2009-05-12 (19-26-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 76247
Uplynulý cas: 2 minute(s), 7 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 21
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 9
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ICQToolbar\4500\1325\toolbaru.dll (Adware.BHO) -> No action taken.

[memphisto]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Hady]

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2116
Windows 5.1.2600 Service Pack 2

12.5.2009 19:54:04
mbam-log-2009-05-12 (19-54-04).txt

Typ skenu: Rychlý sken
Objektu skenováno: 76352
Uplynulý cas: 1 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 21
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 9
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\4500\1325\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

[Hady]

ComboFix 09-05-11.08 - Administrator 12.05.2009 20:02.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1555 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

----- BITS: Možné infikované stránky -----

hxxp://dx5.biz
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-12 do 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 17:22 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 17:22 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 17:22 . 2009-05-12 17:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 16:37 . 2009-05-12 16:37 -------- d-----w c:\program files\Trend Micro
2009-05-12 15:18 . 2004-08-03 21:15 140928 -c--a-w c:\windows\system32\dllcache\ks.sys
2009-05-12 15:18 . 2004-08-03 21:15 140928 ----a-w c:\windows\system32\drivers\ks.sys
2009-05-12 15:18 . 2008-10-23 15:42 290816 ----a-w c:\windows\vncutil.exe
2009-05-12 15:18 . 2009-03-17 10:44 36352 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-05-12 15:18 . 2009-03-17 12:07 122880 ----a-w c:\windows\RtkAudioService.exe
2009-05-12 15:17 . 2006-01-04 13:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys
2009-05-12 15:17 . 2008-08-05 18:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys
2009-05-11 19:43 . 2007-04-25 14:20 4030144 ----a-w c:\windows\system32\drivers\alcxwdm.sys
2009-05-11 19:43 . 2006-12-08 13:20 10528768 ----a-w c:\windows\system32\RTLCPL.exe
2009-05-11 19:42 . 2009-05-11 19:42 -------- d-----w c:\program files\Realtek AC97
2009-05-11 19:42 . 2006-07-31 09:19 315392 ----a-w c:\windows\alcupd.exe
2009-05-11 19:42 . 2006-07-31 09:27 217088 ----a-w c:\windows\alcrmv.exe
2009-05-10 18:50 . 2005-05-31 12:10 17516 ----a-w c:\windows\system32\drivers\frmupgr.sys
2009-05-10 18:50 . 2005-05-31 12:06 44163 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-05-08 09:27 . 2009-05-08 09:27 -------- d-----w c:\documents and settings\Administrator\kbpki
2009-05-08 09:24 . 2009-05-08 09:24 -------- d-----w C:\KBcertifikat
2009-05-05 13:16 . 2009-05-05 13:16 -------- d-----w c:\windows\system32\Attansic
2009-05-05 13:16 . 2007-03-15 14:12 38656 ----a-r c:\windows\system32\drivers\atl01_xp.sys
2009-05-05 13:16 . 2009-05-05 13:16 -------- d-----w c:\program files\Attansic

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 17:21 . 2007-12-22 19:25 -------- d-----w c:\program files\Yahoo!
2009-05-12 17:20 . 2007-12-28 09:49 -------- d-----w c:\program files\BearShare Applications
2009-05-12 15:17 . 2007-12-23 10:05 -------- d-----w c:\program files\Realtek
2009-05-11 19:42 . 2007-12-20 18:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 19:37 . 2008-01-24 18:42 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-11 19:37 . 2008-01-24 18:42 737280 ----a-w c:\windows\iun6002.exe
2009-05-11 19:02 . 2007-12-23 10:16 137928 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-11 19:02 . 2007-12-23 10:15 189768 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-29 18:07 . 2008-10-26 06:28 -------- d-----w c:\program files\The KMPlayer
2009-04-27 10:43 . 2008-05-04 09:23 -------- d-----w c:\program files\Fotolab
2009-03-30 15:13 . 2007-12-23 10:05 5063168 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-29 08:44 . 2001-10-25 12:00 71746 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 08:44 . 2001-10-25 12:00 398316 ----a-w c:\windows\system32\perfh005.dat
2009-03-27 09:22 . 2007-12-23 10:05 17567744 ----a-w c:\windows\RTHDCPL.EXE
2009-03-24 10:32 . 2001-10-25 12:00 8704 ---ha-w c:\windows\system32\userinit.exe
2009-03-17 11:58 . 2007-12-23 10:05 540672 ----a-w c:\windows\RtlExUpd.dll
2009-03-15 18:36 . 2007-12-23 10:15 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-10 12:32 . 2007-12-23 10:05 2168320 ----a-w c:\windows\MicCal.exe
2009-03-02 09:14 . 2007-12-23 10:05 57344 ----a-w c:\windows\ALCMTR.EXE
.

------- Sigcheck -------

[-] 2001-10-25 12:00 21504 95C5E6E59DF2B91E8A5CD181B1C96174 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-17 14:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-03-24 10:32 8704 1BF810178B61740A717558E157ADB792 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [5.5.2009 15:16 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [25.10.2001 14:00 69120]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [9.1.2008 18:33 185504]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [9.1.2008 18:33 6272]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [22.12.2007 19:16 93440]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.5.2009 17:17 1684736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f933b0f6-b0b9-11dc-b212-fdef54e6dca1}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\loqt4e9j.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 20:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1284227242-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-05-12 20:04
ComboFix-quarantined-files.txt 2009-05-12 18:04

Před spuštěním: Volných bajtů: 23 175 434 240
Po spuštění: Volných bajtů: 23 301 283 840

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

171 --- E O F --- 2008-07-09 20:04

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\ALCMTR.EXE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\drivers\V0250Vfx.sys
Vlož sem pak odkaz výsledku.

[Hady]

ComboFix 09-05-11.08 - Administrator 12.05.2009 21:13.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1524 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET personal firewall *enabled*
* Resident AV is active


FILE ::
c:\windows\ALCMTR.EXE
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ALCMTR.EXE

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-12 do 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 17:22 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 17:22 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 17:22 . 2009-05-12 17:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 16:37 . 2009-05-12 16:37 -------- d-----w c:\program files\Trend Micro
2009-05-12 15:18 . 2004-08-03 21:15 140928 -c--a-w c:\windows\system32\dllcache\ks.sys
2009-05-12 15:18 . 2004-08-03 21:15 140928 ----a-w c:\windows\system32\drivers\ks.sys
2009-05-12 15:18 . 2008-10-23 15:42 290816 ----a-w c:\windows\vncutil.exe
2009-05-12 15:18 . 2009-03-17 10:44 36352 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-05-12 15:18 . 2009-03-17 12:07 122880 ----a-w c:\windows\RtkAudioService.exe
2009-05-12 15:17 . 2006-01-04 13:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys
2009-05-12 15:17 . 2008-08-05 18:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys
2009-05-11 19:43 . 2007-04-25 14:20 4030144 ----a-w c:\windows\system32\drivers\alcxwdm.sys
2009-05-11 19:43 . 2006-12-08 13:20 10528768 ----a-w c:\windows\system32\RTLCPL.exe
2009-05-11 19:42 . 2009-05-11 19:42 -------- d-----w c:\program files\Realtek AC97
2009-05-11 19:42 . 2006-07-31 09:19 315392 ----a-w c:\windows\alcupd.exe
2009-05-11 19:42 . 2006-07-31 09:27 217088 ----a-w c:\windows\alcrmv.exe
2009-05-10 18:50 . 2005-05-31 12:10 17516 ----a-w c:\windows\system32\drivers\frmupgr.sys
2009-05-10 18:50 . 2005-05-31 12:06 44163 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-05-08 09:27 . 2009-05-08 09:27 -------- d-----w c:\documents and settings\Administrator\kbpki
2009-05-08 09:24 . 2009-05-08 09:24 -------- d-----w C:\KBcertifikat
2009-05-05 13:16 . 2009-05-05 13:16 -------- d-----w c:\windows\system32\Attansic
2009-05-05 13:16 . 2007-03-15 14:12 38656 ----a-r c:\windows\system32\drivers\atl01_xp.sys
2009-05-05 13:16 . 2009-05-05 13:16 -------- d-----w c:\program files\Attansic

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 17:21 . 2007-12-22 19:25 -------- d-----w c:\program files\Yahoo!
2009-05-12 17:20 . 2007-12-28 09:49 -------- d-----w c:\program files\BearShare Applications
2009-05-12 15:17 . 2007-12-23 10:05 -------- d-----w c:\program files\Realtek
2009-05-11 19:42 . 2007-12-20 18:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 19:37 . 2008-01-24 18:42 -------- d-----w c:\program files\Codec Pack - All In 1
2009-05-11 19:37 . 2008-01-24 18:42 737280 ----a-w c:\windows\iun6002.exe
2009-05-11 19:02 . 2007-12-23 10:16 137928 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-11 19:02 . 2007-12-23 10:15 189768 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-29 18:07 . 2008-10-26 06:28 -------- d-----w c:\program files\The KMPlayer
2009-04-27 10:43 . 2008-05-04 09:23 -------- d-----w c:\program files\Fotolab
2009-03-30 15:13 . 2007-12-23 10:05 5063168 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-29 08:44 . 2001-10-25 12:00 71746 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 08:44 . 2001-10-25 12:00 398316 ----a-w c:\windows\system32\perfh005.dat
2009-03-27 09:22 . 2007-12-23 10:05 17567744 ----a-w c:\windows\RTHDCPL.EXE
2009-03-24 10:32 . 2001-10-25 12:00 8704 ---ha-w c:\windows\system32\userinit.exe
2009-03-17 11:58 . 2007-12-23 10:05 540672 ----a-w c:\windows\RtlExUpd.dll
2009-03-15 18:36 . 2007-12-23 10:15 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-10 12:32 . 2007-12-23 10:05 2168320 ----a-w c:\windows\MicCal.exe
.

------- Sigcheck -------

[-] 2001-10-25 12:00 21504 95C5E6E59DF2B91E8A5CD181B1C96174 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-17 14:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-03-24 10:32 8704 1BF810178B61740A717558E157ADB792 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-12_18.03.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 18:19 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll
+ 2007-12-20 18:05 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2007-12-20 17:43 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-05-12 18:11 . 2008-10-16 12:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-05-12 18:11 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2007-12-20 18:05 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2007-12-20 17:43 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2001-10-25 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2001-10-25 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll
+ 2007-12-20 18:05 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll
+ 2007-12-20 18:05 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll
+ 2007-12-20 18:05 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll
+ 2007-12-20 18:05 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2007-12-20 18:05 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2007-12-20 18:05 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2007-12-20 17:43 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll
+ 2007-12-20 17:43 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [5.5.2009 15:16 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [25.10.2001 14:00 69120]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [9.1.2008 18:33 185504]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [9.1.2008 18:33 6272]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [22.12.2007 19:16 93440]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.5.2009 17:17 1684736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f933b0f6-b0b9-11dc-b212-fdef54e6dca1}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\loqt4e9j.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 21:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1284227242-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-05-12 21:16
ComboFix-quarantined-files.txt 2009-05-12 19:16
ComboFix2.txt 2009-05-12 18:04

Před spuštěním: Volných bajtů: 23 302 426 624
Po spuštění: Volných bajtů: 23 289 151 488

181 --- E O F --- 2008-07-09 20:04




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:40, on 12.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6897 bytes

[Hady]

Soubor v0230vfx_sys_23.pper přijatý 2008.12.17 17:15:56 (CET)
Současný stav: Dokončeno
Výsledek: 0/37 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.17 -
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 -
Ikarus T3.1.1.45.0 2008.12.17 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5466 2008.12.16 -
McAfee+Artemis 5466 2008.12.16 -
Microsoft 1.4205 2008.12.17 -
NOD32 3699 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.17 -
Rising 21.08.22.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.17 -
Sophos 4.37.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
TheHacker 6.3.1.4.190 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.17 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.17 -
Rozšiřující informace
Tamano archivo: 6272 bytes
MD5...: a0c643d5f8c60f12faa6e3454dfe9c32
SHA1..: 62fc3702aa263f9d5324ad205b20c98dfc981eff
SHA256: 7b15a51a003391be9419a7a1531919ec3931906a3260f3f6ecfb5a2ad82faf5a
SHA512: 53061cb11d2046f42fb70752b9f1cb18ed670e641b3d8c9c0c2524ac0c3e9f46
7c198187bfc128ecd803c7bdab5d5b357c30a1fdbb37b722c8a183fe7c227e3b
ssdeep: 96:1sf28Ikh82i4LdzplKtodCQt/BUpoVDVbLbZbNeaF6:1Doni2ddIodCQtG213
saF6
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1103a
timedatestamp.....: 0x4423abdd (Fri Mar 24 08:20:45 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0xade 0xb00 6.38 ce7eb63e97a1b2e21f8b7d764206dba7
.rdata 0xe00 0xf3 0x100 4.70 031812e8372a9b4d5b49e24fa83854bd
PAGE 0xf00 0x188 0x200 4.95 283e8c2c6992affe31b9324874597d36
INIT 0x1100 0x302 0x380 4.49 4be2af96d4b13625a8210a7b876c8f04
.rsrc 0x1480 0x2b8 0x300 2.93 9c2d93e6b44a23a6b33dd1d6a0deffea
.reloc 0x1780 0xfc 0x100 4.57 2790eb8dd697a7588af37508d24cdd09

( 2 imports )
> NTOSKRNL.EXE: RtlUnicodeStringToAnsiString, KeReleaseMutex, KeSetEvent, KeWaitForSingleObject, KeClearEvent, IoReleaseRemoveLockEx, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IofCallDriver, IoAcquireRemoveLockEx, RtlInitUnicodeString, PoCallDriver, PoStartNextPowerIrp, ObfDereferenceObject, IoGetAttachedDeviceReference, IoDeleteDevice, IoDetachDevice, KeInitializeMutex, KeInitializeEvent, IoAttachDeviceToDeviceStack, IoInitializeRemoveLockEx, IoCreateDevice, IoReleaseRemoveLockAndWaitEx, RtlFreeAnsiString, RtlUnwind
> HAL.DLL: KeGetCurrentIrql

Doufám že jsem to udělal dobře :-).....tovíš amatér!!

[jaro3]

Za chvíli budeš profík!!

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.

[Hady]

ok. děkuji!!!!

[jaro3]

Nemáš zač, můžeš dát vyřešeno , fajfku.