kontrola logu prosím

drtert · Příspěvekod **drtert** » 30 kvě 2009 17:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:29, on 30.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\novy\Plocha\hry programy crack cestiny atd\spyware\sp_rsser.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://83.149.75.33/info.png?cmp=fkfrt& ... 1&ver=4053
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Documents and Settings\novy\Plocha\hry programy crack cestiny atd\spyware\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=060509 serial=DR12CNC-8322248-NFT lang=CZ
O4 - HKLM\..\Run: [e083f04c] rundll32.exe "C:\WINDOWS\system32\kwikqxxx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: prf6C.tmp
O4 - Startup: Registration Ghost Recon Advanced Warfighter® 2.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2\Support\Register\RegistrationReminder.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2916105109
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.icq.com/online/online2/mah ... uncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: lrkyqo.dll opzpvo.dll nrbwmc.dll wglotb.dll fhxbzp.dll icydlg.dll xsxhmj.dll suobiq.dll cckxcv.dll brwwnr.dll rlpvlh.dll momieo.dll vvmfcy.dll qfuqgy.dll mkxqjd.dll epajqw.dll uplfsz.dll hstjxp.dll wervdy.dll zbmqbx.dll jgnifn.dll aucczj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b6277ac194e) (gupdate1c9b6277ac194e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\novy\Plocha\hry programy crack cestiny atd\spyware\sp_rsser.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe

--
End of file - 12240 bytes

děkuji

Reklama

Damned · Příspěvekod **Damned** » 30 kvě 2009 18:12

Vypni si Body obnovení a Odinstaluj:

Crawler toolbar
DAEMON Tools Toolbar
free-downloads.net Toolbar

Pak sem dej znovu log HJT

Příspěvekod **jaro3** » 30 kvě 2009 18:17

Toto ale vypadá!!!
Ponech body obnovení a odinstaluj vše , co radí Damned ,pak udělej , co radím já.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
návod:
viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://83.149.75.33/info.png?cmp=fkfrt&amp; ... 1&amp;ver=4053
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [e083f04c] rundll32.exe &quot;C:\WINDOWS\system32\kwikqxxx.dll&quot;,b
O4 - Startup: prf6C.tmp
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O20 - AppInit_DLLs: lrkyqo.dll opzpvo.dll nrbwmc.dll wglotb.dll fhxbzp.dll icydlg.dll xsxhmj.dll suobiq.dll cckxcv.dll brwwnr.dll rlpvlh.dll momieo.dll vvmfcy.dll qfuqgy.dll mkxqjd.dll epajqw.dll uplfsz.dll hstjxp.dll wervdy.dll zbmqbx.dll jgnifn.dll aucczj.dll

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

drtert · Příspěvekod **drtert** » 30 kvě 2009 18:55

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2197
Windows 5.1.2600 Service Pack 3

30.5.2009 18:49:04
mbam-log-2009-05-30 (18-48-58).txt

Typ skenu: Rychlý sken
Objektu skenováno: 117211
Uplynulý cas: 17 minute(s), 10 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 10
Infikované klíce registru: 42
Infikované hodnoty registru: 8
Infikované položky dat registru: 8
Infikované složky: 10
Infikované soubory: 226

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\WINDOWS\system32\kwikqxxx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\whdlad.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xsxhmj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rlpvlh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\momieo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mkxqjd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wervdy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jgnifn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aucczj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXPgdDT.dll (Trojan.Vundo) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dffecf0f-f707-444a-a34a-4524e6452a2e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f8af5961-6a54-4f94-9c34-f0cebea2556e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89048a67-6bbc-4f46-8071-e88afc8b76b6} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9864b3ca-a1e5-4911-b5ee-e3afcde2d810} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ea73dc16-cfbf-471b-a92b-e2c1727a9105} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d6246bbd-7e31-46fb-a207-9f25489027f9} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{475ac1d3-cba6-4d44-a1ab-160f5ea5eda0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{1fbc6925-90a0-404e-83e6-f0fbcc7ad034} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fcdc8851-f04b-406e-a14a-8d2589b097ab} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d4c4fc4d-60a5-49bd-87f7-294d36eecea5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bec0253f-7707-40ed-b595-a31638ff883a} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7e365b10-2d5b-40f9-bf9b-df82c2400513} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper (Adware.NetPumper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_offersfortoday (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alnn (Trojan.AntiLeechPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.1.8 (Trojan.AntiLeechPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e083f04c (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdnjd.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxpgddt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> No action taken.

Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
c:\documents and settings\PC\Data aplikací\gadcom (Trojan.Agent) -> No action taken.
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\Program Files\Mjcore (Trojan.BHO) -> No action taken.
c:\documents and settings\PC\Data aplikací\NetPumper (Adware.NetPumper) -> No action taken.
C:\WINDOWS\system32\675873 (Trojan.BHO) -> No action taken.
c:\program files\Anti-Leech (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALIE_1.0.1.9 (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALNN (Trojan.AntiLeechPlugin) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\whdlad.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bcvsyucm.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\mcuysvcb.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\dkxcvxwt.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\twxvcxkd.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\dpmpfety.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ytefpmpd.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ejondsgd.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\dgsdnoje.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gqitrasy.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ysartiqg.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\hkkqqhtg.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gthqqkkh.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kwikqxxx.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\xxxqkiwk.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\lylyriox.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\xoirylyl.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\pctdnoyv.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vyondtcp.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\qaamgusu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\usugmaaq.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\qrgvrxwq.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\qwxrvgrq.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\sefouuuy.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\yuuuofes.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\syqbiugx.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\xguibqys.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tuqnqaiq.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\qiaqnqut.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\wlbrcapp.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ppacrblw.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\wqmsyupm.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\mpuysmqw.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\yqsbdwwu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\uwwdbsqy.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cbXPgdDT.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\xsxhmj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rlpvlh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\momieo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mkxqjd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wervdy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jgnifn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aucczj.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\abkuqccn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ibvvcbdi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\icddyrdr.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\apqqwcwb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\asbvcjva.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\cfuilv.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ddcDsrSj.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fccaAtRH.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fcdcwfmp.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\flfmkcbd.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\lberdsiv.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\lmlgouul.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\phenvtbw.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rdoxwhoi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\rdxqhklb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\seutkshg.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sgvcax.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\srfygr.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tcefsvsn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\uefmmgdx.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\vaeonyqw.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\vbthhfqc.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vbyukwte.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\comui.dll (Trojan.BHO) -> No action taken.
c:\WINDOWS\system32\cpbjjehn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\bpewralh.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dngfpfar.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dnwojjst.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dpfvacjw.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\efcDTNhE.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fxplbcva.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\geBtTKeb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ghuiuqgu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\lvbirlir.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\mqttqubu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\nnfjqxbg.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ohjvbomp.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\okyqfjka.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\pbluoogb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rgnmtkxb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rqevaa.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rqRIbAqq.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\skeydz.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\skggnrhm.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ssohikdc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ursxpeab.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wtwcbhxp.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\kbxqdcqv.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\keqofmqh.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\hbmccz.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\hjbpwtul.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\hnhqcmmt.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\cnstjykh.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\bwcmopmm.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\byXOfghI.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\byXPIXRi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\smjsfenc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\adpbueas.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\crqlxgyy.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wvUnMdET.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wwipognn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qdhgrnyj.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qnovjk.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qrwxafgw.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\xkldqitb.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\xnnjvuut.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\mmhhfxrl.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\tuvSjggf.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\twajfyea.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qwxbjkai.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\igdounpf.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ikgpxsky.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\etyqfxrc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fawwxcij.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jfuqtcmn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jlcxffkd.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jvbjnulp.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ebcvsyol.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ecxerr.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\cbXQgfcc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\xetivevn.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\kjhcfgca.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\knkkeu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\kxxqbbtl.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rvcnwuwc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rvtrxm.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rwqtipur.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\rxfdvg.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\saeenpvs.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\xzdihr.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ycrwzc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yfexdoua.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yrxwergm.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yujlmoci.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zzohgr.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\gxabecpp.dll (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\Temp\errpmrcj.dll (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\Temp\A2B-tmpaASI.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\PC\local settings\Temp\ctuqylie.dll (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\Temp\INFEF1.tmp (Trojan.Vundo) -> No action taken.
c:\documents and settings\pc\local settings\temp\klkdawhs.dat (Rootkit.Agent) -> No action taken.
c:\WINDOWS\Temp\tempo-41.tmp (Trojan.DNSChanger) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\ALL3OXGJ\divx20[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\ALL3OXGJ\divx20[2] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\klite9[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\index[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\divx20[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\divx20[3] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[2] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[3] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\upd105320[2] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\klite9[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\divx20[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\divx20[2] (Trojan.Vundo) -> No action taken.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\qw[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\temp.autodukla.000\local settings\temporary internet files\Content.IE5\0PA34BGP\qw[1] (Trojan.Vundo.H) -> No action taken.
c:\documents and settings\temp.autodukla.000\local settings\temporary internet files\Content.IE5\8HELWBCR\index[1] (Trojan.Vundo.H) -> No action taken.
c:\program files\mozilla firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
c:\documents and settings\PC\data aplikací\netpumper\PC.ini (Adware.NetPumper) -> No action taken.
c:\program files\anti-leech\alie_1.0.1.9\al2np.dll (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\alie_1.0.1.9\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\alie_1.0.1.9\alie.inf (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\alie_1.0.1.9\iesetup2.exe (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
c:\program files\anti-leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> No action taken.
c:\windows\system32\lowsec\local.ds (Stolen.Data) -> No action taken.
c:\windows\system32\lowsec\user.ds (Stolen.Data) -> No action taken.
C:\Program Files\Mozilla Firefox\components\nsoffersfortoday.dll (Adware.BHO) -> No action taken.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> No action taken.
c:\WINDOWS\system32\cont_offersfortoday-remove.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\tempo-9F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-B1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-F1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-01B.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-05B.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-193.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-1C9.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-305.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-377.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-489.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-4D1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-51B.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-56F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-5B1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-641.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-6EB.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-7A7.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-805.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-807.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-817.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-91D.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-95D.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-95F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-99F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-9EB.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-9FB.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-A19.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-A31.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-A99.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-ABB.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-B3D.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-BF5.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-C87.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-CB1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-D15.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-D4F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-DE9.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-E3F.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-EA1.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-EDF.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-F35.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-F47.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-F99.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-FDB.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-FFB.tmp (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Mozilla FireFox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

Je to dost zlí co?? :-(

Příspěvekod **jaro3** » 30 kvě 2009 19:01

To je slabý slovo

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Nod32 a štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

drtert · Příspěvekod **drtert** » 30 kvě 2009 19:14

Hele a proč jsem měl odinstal. DAEMON Tools? :idea:

Damned · Příspěvekod **Damned** » 30 kvě 2009 19:15

Jen takový malý podnět :idea:

:

Navrhuji log z MbAm umístit do Zlatého fondu fóra. :profesor:

Damned · Příspěvekod **Damned** » 30 kvě 2009 19:17

drtert píše:Hele a proč jsem měl odinstal. DAEMON Tools?

Psal jsem:

Crawler toolbar
DAEMON Tools Toolbar
free-downloads.net Toolbar

Pokračuj podle jaro3

drtert · Příspěvekod **drtert** » 30 kvě 2009 19:27

Tak jsem to smazal a chtělo to po mě restart aby se to vše smázlo . Tak jsem to restartoval a tady je log z MBAM:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2197
Windows 5.1.2600 Service Pack 3

30.5.2009 19:14:03
mbam-log-2009-05-30 (19-14-03).txt

Typ skenu: Rychlý sken
Objektu skenováno: 117167
Uplynulý cas: 14 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 10
Infikované klíce registru: 42
Infikované hodnoty registru: 8
Infikované položky dat registru: 8
Infikované složky: 10
Infikované soubory: 226

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\WINDOWS\system32\kwikqxxx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\whdlad.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xsxhmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rlpvlh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\momieo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mkxqjd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wervdy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jgnifn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aucczj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXPgdDT.dll (Trojan.Vundo) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18a8ef1a-9703-41fc-9151-799c586da147} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dffecf0f-f707-444a-a34a-4524e6452a2e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8af5961-6a54-4f94-9c34-f0cebea2556e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{89048a67-6bbc-4f46-8071-e88afc8b76b6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9864b3ca-a1e5-4911-b5ee-e3afcde2d810} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea73dc16-cfbf-471b-a92b-e2c1727a9105} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6246bbd-7e31-46fb-a207-9f25489027f9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{475ac1d3-cba6-4d44-a1ab-160f5ea5eda0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e26d5386-f16c-4dec-b511-acd2d44c6439} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6549e485-c533-4e58-ba92-9fbcd2f6e839} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1fbc6925-90a0-404e-83e6-f0fbcc7ad034} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcdc8851-f04b-406e-a14a-8d2589b097ab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4c4fc4d-60a5-49bd-87f7-294d36eecea5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bec0253f-7707-40ed-b595-a31638ff883a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e365b10-2d5b-40f9-bf9b-df82c2400513} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_offersfortoday (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\anti-leech alnn (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.1.8 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e083f04c (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{58f53c13-75af-463c-8d43-4d343e3c16fd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdnjd.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxpgddt -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infikované složky:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\PC\Data aplikací\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\PC\Data aplikací\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALIE_1.0.1.9 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Delete on reboot.

Infikované soubory:
C:\WINDOWS\system32\whdlad.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\bcvsyucm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcuysvcb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dkxcvxwt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twxvcxkd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dpmpfety.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ytefpmpd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ejondsgd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dgsdnoje.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gqitrasy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ysartiqg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hkkqqhtg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gthqqkkh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kwikqxxx.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\xxxqkiwk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lylyriox.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xoirylyl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pctdnoyv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vyondtcp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qaamgusu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usugmaaq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qrgvrxwq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qwxrvgrq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sefouuuy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yuuuofes.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\syqbiugx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xguibqys.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tuqnqaiq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qiaqnqut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wlbrcapp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ppacrblw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wqmsyupm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mpuysmqw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yqsbdwwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uwwdbsqy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPgdDT.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\xsxhmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rlpvlh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\momieo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mkxqjd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wervdy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jgnifn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aucczj.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\abkuqccn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ibvvcbdi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\icddyrdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\apqqwcwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\asbvcjva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cfuilv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ddcDsrSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fccaAtRH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fcdcwfmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\flfmkcbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lberdsiv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lmlgouul.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\phenvtbw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rdoxwhoi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rdxqhklb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\seutkshg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sgvcax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\srfygr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tcefsvsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uefmmgdx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vaeonyqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vbthhfqc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vbyukwte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\comui.dll (Trojan.BHO) -> Delete on reboot.
c:\WINDOWS\system32\cpbjjehn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bpewralh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dngfpfar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dnwojjst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dpfvacjw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\efcDTNhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fxplbcva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\geBtTKeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ghuiuqgu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lvbirlir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mqttqubu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nnfjqxbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ohjvbomp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\okyqfjka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pbluoogb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rgnmtkxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rqevaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rqRIbAqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\skeydz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\skggnrhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ssohikdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ursxpeab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wtwcbhxp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kbxqdcqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\keqofmqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hbmccz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hjbpwtul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hnhqcmmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cnstjykh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bwcmopmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\byXOfghI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\byXPIXRi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\smjsfenc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\adpbueas.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crqlxgyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wvUnMdET.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wwipognn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qdhgrnyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qnovjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qrwxafgw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xkldqitb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xnnjvuut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mmhhfxrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tuvSjggf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twajfyea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qwxbjkai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\igdounpf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ikgpxsky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\etyqfxrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fawwxcij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jfuqtcmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jlcxffkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jvbjnulp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ebcvsyol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ecxerr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cbXQgfcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xetivevn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kjhcfgca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\knkkeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kxxqbbtl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rvcnwuwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rvtrxm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rwqtipur.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rxfdvg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\saeenpvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xzdihr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ycrwzc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yfexdoua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yrxwergm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yujlmoci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zzohgr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gxabecpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\Temp\errpmrcj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\Temp\A2B-tmpaASI.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\Temp\ctuqylie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\Temp\INFEF1.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\pc\local settings\temp\klkdawhs.dat (Rootkit.Agent) -> Delete on reboot.
c:\WINDOWS\Temp\tempo-41.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\ALL3OXGJ\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\ALL3OXGJ\divx20[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\klite9[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BLC1043X\divx20[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\divx20[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\BTH9KB0U\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\klite9[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\divx20[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\PC\local settings\temporary internet files\Content.IE5\CI6OQKZP\qw[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\temp.autodukla.000\local settings\temporary internet files\Content.IE5\0PA34BGP\qw[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\documents and settings\temp.autodukla.000\local settings\temporary internet files\Content.IE5\8HELWBCR\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\PC\data aplikací\netpumper\PC.ini (Adware.NetPumper) -> Quarantined and deleted successfully.
c:\program files\anti-leech\alie_1.0.1.9\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\alie_1.0.1.9\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\alie_1.0.1.9\alie.inf (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\alie_1.0.1.9\iesetup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\program files\anti-leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
c:\windows\system32\lowsec\local.ds (Stolen.Data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds (Stolen.Data) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\nsoffersfortoday.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cont_offersfortoday-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-9F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-B1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-F1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-01B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-05B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-193.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-1C9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-305.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-377.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-489.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-4D1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-51B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-56F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-5B1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-641.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-6EB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-7A7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-805.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-807.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-817.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-91D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-95D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-95F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-99F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-9EB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-9FB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-A19.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-A31.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-A99.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-ABB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-B3D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-BF5.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-C87.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-CB1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-D15.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-D4F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-DE9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-E3F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-EA1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-EDF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-F35.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-F47.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-F99.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-FDB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-FFB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

A ted jdu na ten ComboFix

drtert · Příspěvekod **drtert** » 30 kvě 2009 20:11

Tak sem dávám ten ComboFix a je normální že se restartuje počítač pak naskočí a jede to dál (ComboFix) A že se změní plocha a na plochu naskočí Internet Explorer (ikonka) :wink:

log:
ComboFix 09-05-30.01 - novy 30.05.2009 19:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.598 [GMT 2:00]
Spuštěný z: c:\documents and settings\novy\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\Update.exe
c:\windows\system32\anidnq.dll
c:\windows\system32\aoqnxysk.dll
c:\windows\system32\aqbhwr.dll
c:\windows\system32\arjosngg.dll
c:\windows\system32\auisqelr.dll
c:\windows\system32\bairhmss.dll
c:\windows\system32\bdgcwhsy.dll
c:\windows\system32\bgaajard.dll
c:\windows\system32\bjomrkhr.dll
c:\windows\system32\blqtlfre.dll
c:\windows\system32\byukkfif.dll
c:\windows\system32\byXQGvVl.dll
c:\windows\system32\bzbgva.dll
c:\windows\system32\cbmfhthu.dll
c:\windows\system32\cckxcv.dll
c:\windows\system32\cffqnpgq.dll
c:\windows\system32\comui.dll
c:\windows\system32\cukydrrl.dll
c:\windows\system32\cvhovawb.dll
c:\windows\system32\cxnbkb.dll
c:\windows\system32\cyhimcht.dll
c:\windows\system32\deaeamvn.dll
c:\windows\system32\dflqjovi.dll
c:\windows\system32\dikjxopb.dll
c:\windows\system32\drivers\bowsqzof.sys
c:\windows\system32\drivers\pzzeczrg.sys
c:\windows\system32\dsbejwwk.dll
c:\windows\system32\eeginipg.dll
c:\windows\system32\epajqw.dll
c:\windows\system32\esipfddi.dll
c:\windows\system32\eysdvguc.dll
c:\windows\system32\fhxbzp.dll
c:\windows\system32\fkkfkrob.dll
c:\windows\system32\futpwjfu.ini
c:\windows\system32\gbylabfv.dll
c:\windows\system32\gfsukh.dll
c:\windows\system32\gjlonnpo.ini
c:\windows\system32\gjlonnpo.ini2
c:\windows\system32\gpxowxfv.ini
c:\windows\system32\gtytkand.dll
c:\windows\system32\gycutp.dll
c:\windows\system32\hdaccdyb.dll
c:\windows\system32\hstjxp.dll
c:\windows\system32\hyppprih.dll
c:\windows\system32\icydlg.dll
c:\windows\system32\inkalysf.ini
c:\windows\system32\iolaicbn.dll
c:\windows\system32\isoiwjuy.dll
c:\windows\system32\iywttphx.dll
c:\windows\system32\jeefvtbg.ini
c:\windows\system32\kagnqmrd.ini
c:\windows\system32\kcwnzz.dll
c:\windows\system32\khemtshj.dll
c:\windows\system32\khwwoagl.dll
c:\windows\system32\ktkilsng.dll
c:\windows\system32\kwujob.dll
c:\windows\system32\kxdvxdis.dll
c:\windows\system32\lbgnlk.dll
c:\windows\system32\llkkhlat.dll
c:\windows\system32\loxiltch.dll
c:\windows\system32\lsnliy.dll
c:\windows\system32\mbymolop.dll
c:\windows\system32\mnaovhlc.ini
c:\windows\system32\mnyufxag.dll
c:\windows\system32\momdhsvc.dll
c:\windows\system32\ngpruaui.dll
c:\windows\system32\nlkyorcv.ini
c:\windows\system32\nrbwmc.dll
c:\windows\system32\nxyrohra.dll
c:\windows\system32\nyvpxmhk.ini
c:\windows\system32\nywcbdxx.dll
c:\windows\system32\ofovcahe.dll
c:\windows\system32\ournjsbc.ini
c:\windows\system32\oyenkojn.ini
c:\windows\system32\pdmajesn.dll
c:\windows\system32\piykerjx.ini
c:\windows\system32\plxwifgh.dll
c:\windows\system32\pnwbfeld.ini
c:\windows\system32\prfcasur.ini
c:\windows\system32\qfuqgy.dll
c:\windows\system32\qnapctsd.ini
c:\windows\system32\qneqsunb.dll
c:\windows\system32\qriwhvyf.dll
c:\windows\system32\qxbmlean.dll
c:\windows\system32\qydorrmr.dll
c:\windows\system32\rboydovg.dll
c:\windows\system32\rgxgkmop.dll
c:\windows\system32\rrgqjcip.dll
c:\windows\system32\rtcovsno.dll
c:\windows\system32\rurumvnj.dll
c:\windows\system32\shyphtob.dll
c:\windows\system32\sommqsal.ini
c:\windows\system32\suobiq.dll
c:\windows\system32\TAyGNqru.ini
c:\windows\system32\TAyGNqru.ini2
c:\windows\system32\tBabIRqr.ini
c:\windows\system32\tBabIRqr.ini2
c:\windows\system32\tbyahluf.dll
c:\windows\system32\teulukty.ini
c:\windows\system32\ticsjkyc.dll
c:\windows\system32\tifxxqsg.dll
c:\windows\system32\tocnynxl.dll
c:\windows\system32\tugyawum.dll
c:\windows\system32\txrmiddp.dll
c:\windows\system32\tyumve.dll
c:\windows\system32\uFefOXyb.ini
c:\windows\system32\uFefOXyb.ini2
c:\windows\system32\uffntbar.dll
c:\windows\system32\uhfpaxjn.ini
c:\windows\system32\uhwywjjf.ini
c:\windows\system32\ujufoxci.ini
c:\windows\system32\utdqgfdj.ini
c:\windows\system32\uxdtlvxt.dll
c:\windows\system32\vgdaukat.dll
c:\windows\system32\vhfdeutp.dll
c:\windows\system32\vilrqwbv.ini
c:\windows\system32\vljbfrny.dll
c:\windows\system32\vmnafqia.ini
c:\windows\system32\vrtfegbg.ini
c:\windows\system32\vtbjwlnj.dll
c:\windows\system32\vupbfxye.dll
c:\windows\system32\vvmfcy.dll
c:\windows\system32\waojkiad.ini
c:\windows\system32\wcjdpvme.ini
c:\windows\system32\wglotb.dll
c:\windows\system32\wmybbelq.dll
c:\windows\system32\wobijjjj.ini
c:\windows\system32\wseqcqhx.ini
c:\windows\system32\wttbfsml.ini
c:\windows\system32\xkznli.dll
c:\windows\system32\ydlexfxg.ini
c:\windows\system32\yjlhcyrx.ini
c:\windows\system32\yqtdkxwj.ini
c:\windows\system32\ywaglg.dll
c:\windows\system32\zbmqbx.dll
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNDMSS
-------\Legacy_PZZECZRG
-------\Service_pzzeczrg

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 15:56 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 15:56 . 2009-05-30 15:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-30 15:56 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-30 15:38 . 2009-05-30 15:38 -------- d-----w c:\program files\Trend Micro
2009-05-23 12:38 . 2009-05-23 12:38 -------- d-----w c:\windows\system32\AGEIA
2009-05-23 12:38 . 2009-05-23 12:38 -------- d-----w c:\program files\AGEIA Technologies
2009-05-23 12:36 . 2009-05-23 12:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 14:52 . 2009-05-22 14:52 279712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-05-22 14:52 . 2009-05-22 14:52 25888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-05-06 19:05 . 2009-05-06 19:05 -------- d-----w c:\program files\CENZURA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 17:14 . 2008-02-26 16:12 -------- d-----w c:\program files\ICQToolbar
2009-05-30 16:21 . 2008-12-02 19:21 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-26 15:14 . 2008-02-13 14:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 12:19 . 2008-11-14 17:51 -------- d-----w c:\program files\Ubisoft
2009-05-22 14:42 . 2008-05-12 14:01 -------- d-----w c:\program files\Atari
2009-05-19 11:40 . 2008-06-12 15:29 -------- d-----w c:\program files\Google
2009-05-15 14:39 . 2008-04-16 13:01 -------- d-----w c:\program files\GamePark
2009-04-15 13:11 . 2008-12-05 13:55 -------- d-----w c:\program files\System Protect
2009-04-15 12:00 . 2008-02-23 17:32 -------- d-----w c:\program files\Spyware Terminator
2009-04-12 18:07 . 2009-04-12 17:47 -------- d-----w c:\program files\Silkroad
2009-04-10 19:57 . 2008-05-27 15:48 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-10 19:55 . 2008-05-27 15:48 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-10 19:39 . 2009-04-10 19:39 -------- d-----w c:\program files\CCleaner
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\program files\Zaparit
2009-04-06 19:02 . 2009-04-06 19:02 -------- d-----w c:\program files\Common Files\Corel
2009-04-06 19:01 . 2009-04-06 19:01 -------- d-----w c:\program files\Corel
2009-03-29 13:36 . 2006-03-02 12:00 70106 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 13:36 . 2006-03-02 12:00 393192 ----a-w c:\windows\system32\perfh005.dat
2009-03-19 18:35 . 2008-05-27 15:47 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-03 19:17 . 2009-03-03 19:16 1614336 ----a-w c:\documents and settings\PC\klient.exe
2004-07-03 19:09 . 2008-10-22 13:58 140800 ----a-w c:\program files\mozilla firefox\plugins\al2np.dll
2009-01-05 13:51 . 2009-01-05 13:51 102 --sha-w c:\windows\system32\drivers\02617.DAT
2009-01-05 13:51 . 2009-01-05 13:51 102 --sha-w c:\windows\system32\drivers\0de19.DAT
2009-01-05 13:51 . 2009-01-05 13:51 102 --sha-w c:\windows\system32\drivers\d1d18.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SpywareTerminator"="c:\documents and settings\novy\Plocha\hry programy crack cestiny atd\spyware\SpywareTerminatorShield.exe" [2009-04-29 1783808]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2008-12-05 1223680]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-22 949376]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\novy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Ghost Recon Advanced WarfighterR 2.LNK - c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\Support\Register\RegistrationReminder.exe [2009-5-23 874000]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-10 10872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry 2.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"skp66.exe"= skp66.exe:BNDMSS
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bohemia Interactive\\Operace Flashpoint\\OperationFlashpoint.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\FlatOut\\flatout.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Codemasters\\IGI 2\\pc\\igi2.exe"=
"c:\\Program Files\\Atari\\Codename Panzers Cold War\\Home\\Game\\CPCW.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12751:TCP"= 12751:TCP:BitComet 12751 TCP
"12751:UDP"= 12751:UDP:BitComet 12751 UDP

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [22.1.2009 21:49 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.2.2008 19:33 141312]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 9:22 70912]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [5.12.2008 15:55 598528]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [13.2.2008 17:29 29536]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [5.12.2008 15:55 12288]
S0 02617;02617;c:\windows\system32\drivers\02617.SYS --> c:\windows\system32\drivers\02617.SYS [?]
S1 d1d18;d1d18;\??\c:\windows\system32\drivers\d1d18.SYS --> c:\windows\system32\drivers\d1d18.SYS [?]
S2 0de19;0de19;\??\c:\windows\system32\drivers\0de19.SYS --> c:\windows\system32\drivers\0de19.SYS [?]
S2 arvodbevh;Manager Support;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 bsinvtvcx;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 gupdate1c9b6277ac194e;Služba Google Update (gupdate1c9b6277ac194e);c:\program files\Google\Update\GoogleUpdate.exe [5.4.2009 21:45 133104]
S2 hdsytv;Server Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 hpauidbx;Support Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.7.2008 19:10 222456]
S2 mhkrcg;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 mlhfdp;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 qyofogt;Helper Universal;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 xerlvlaa;Support Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 xgxkafws;Monitor Task;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 ybaphwrz;Boot Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S3 e2f132;e2f132;c:\windows\system32\e2f132.sys [4.1.2009 22:59 54624]
S3 jnv4_mib;jnv4_mib;c:\docume~1\PC\LOCALS~1\Temp\jnv4_mib.sys [15.9.2006 14:30 31744]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [10.11.2008 18:28 27904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mlhfdp
qyofogt
xgxkafws
mhkrcg
xerlvlaa
ybaphwrz
hpauidbx
bsinvtvcx
hdsytv
arvodbevh

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 19:43]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:44]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{59B6892F-0E4A-41A2-B5CC-9C40EE761C4E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{2562A49B-6E0F-4164-BE1C-2C32CEA8E747} - (no file)
BHO-{76CFB752-E1B5-45E5-871F-E696B997FFB1} - c:\windows\system32\byXQGvVl.dll
BHO-{855CFE5F-8FF3-3E4C-BA46-CF7903635B44} - (no file)
BHO-{9250592F-650B-4A78-8143-70EB57D8610A} - (no file)
BHO-{96D8729B-0288-4E62-8065-4FFC1D60873C} - (no file)
BHO-{CACF967F-D340-472C-90E3-9EE09B1E8E86} - (no file)
ShellExecuteHooks-{76CFB752-E1B5-45E5-871F-E696B997FFB1} - c:\windows\system32\byXQGvVl.dll
SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearchMigratedDefaultURL = hxxp://www.google.com/
LSP: c:\windows\system32\imon.dll
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mah ... uncher.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 19:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\arvodbevh]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsinvtvcx]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hdsytv]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpauidbx]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mhkrcg]
"ServiceDll"="c:\windows\system32\lqqjq.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlhfdp]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qyofogt]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xerlvlaa]
"ServiceDll"="c:\windows\system32\lqqjq.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgxkafws]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ybaphwrz]
"ServiceDll"="c:\windows\system32\lqqjq.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\documents and settings\novy\Plocha\hry programy crack cestiny atd\spyware\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2009-05-30 20:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-30 18:01

Před spuštěním: Volných bajtů: 11 574 583 296
Po spuštění: Volných bajtů: 17 610 375 168

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

403 --- E O F --- 2008-11-05 14:03

Příspěvekod **jaro3** » 30 kvě 2009 20:49

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\drivers\02617.DAT
c:\windows\system32\drivers\0de19.DAT
c:\windows\system32\drivers\d1d18.DAT
c:\windows\system32\lqqjq.dll
c:\docume~1\PC\LOCALS~1\Temp\jnv4_mib.sys
c:\windows\system32\drivers\ndisprot.sys

Driver::
02617
0de19
d1d18
jnv4_mib
ndisprot
mlhfdp
qyofogt
xgxkafws
mhkrcg
xerlvlaa
ybaphwrz
hpauidbx
bsinvtvcx
hdsytv
arvodbevh

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"skp66.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\arvodbevh]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsinvtvcx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hdsytv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpauidbx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mhkrcg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlhfdp]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qyofogt]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xerlvlaa]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xgxkafws]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ybaphwrz]

NetSvcs::
mlhfdp
qyofogt
xgxkafws
mhkrcg
xerlvlaa
ybaphwrz
hpauidbx
bsinvtvcx
hdsytv
arvodbevh

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

drtert · Příspěvekod **drtert** » 30 kvě 2009 21:26

Tak tady to je

log:
ComboFix 09-05-30.01 - novy 30.05.2009 21:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.549 [GMT 2:00]
Spuštěný z: c:\documents and settings\novy\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\novy\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

FILE ::
"c:\docume~1\PC\LOCALS~1\Temp\jnv4_mib.sys"
"c:\windows\system32\drivers\02617.DAT"
"c:\windows\system32\drivers\0de19.DAT"
"c:\windows\system32\drivers\d1d18.DAT"
"c:\windows\system32\drivers\ndisprot.sys"
"c:\windows\system32\lqqjq.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PC\LOCALS~1\Temp\jnv4_mib.sys
c:\windows\system32\drivers\02617.DAT
c:\windows\system32\drivers\0de19.DAT
c:\windows\system32\drivers\d1d18.DAT
c:\windows\system32\drivers\ndisprot.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ARVODBEVH
-------\Legacy_BSINVTVCX
-------\Legacy_HDSYTV
-------\Legacy_HPAUIDBX
-------\Legacy_JNV4_MIB
-------\Legacy_MHKRCG
-------\Legacy_MLHFDP
-------\Legacy_NDISPROT
-------\Legacy_QYOFOGT
-------\Legacy_XERLVLAA
-------\Legacy_XGXKAFWS
-------\Legacy_YBAPHWRZ
-------\Service_02617
-------\Service_0de19
-------\Service_arvodbevh
-------\Service_bsinvtvcx
-------\Service_d1d18
-------\Service_hdsytv
-------\Service_hpauidbx
-------\Service_jnv4_mib
-------\Service_mhkrcg
-------\Service_mlhfdp
-------\Service_Ndisprot
-------\Service_qyofogt
-------\Service_xerlvlaa
-------\Service_xgxkafws
-------\Service_ybaphwrz

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 15:56 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 15:56 . 2009-05-30 15:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-30 15:56 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-30 15:38 . 2009-05-30 15:38 -------- d-----w c:\program files\Trend Micro
2009-05-23 12:38 . 2009-05-23 12:38 -------- d-----w c:\windows\system32\AGEIA
2009-05-23 12:38 . 2009-05-23 12:38 -------- d-----w c:\program files\AGEIA Technologies
2009-05-23 12:36 . 2009-05-23 12:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 14:52 . 2009-05-22 14:52 279712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-05-22 14:52 . 2009-05-22 14:52 25888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-05-06 19:05 . 2009-05-06 19:05 -------- d-----w c:\program files\CENZURA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 17:14 . 2008-02-26 16:12 -------- d-----w c:\program files\ICQToolbar
2009-05-30 16:21 . 2008-12-02 19:21 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-26 15:14 . 2008-02-13 14:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 12:19 . 2008-11-14 17:51 -------- d-----w c:\program files\Ubisoft
2009-05-22 14:42 . 2008-05-12 14:01 -------- d-----w c:\program files\Atari
2009-05-19 11:40 . 2008-06-12 15:29 -------- d-----w c:\program files\Google
2009-05-15 14:39 . 2008-04-16 13:01 -------- d-----w c:\program files\GamePark
2009-04-15 13:11 . 2008-12-05 13:55 -------- d-----w c:\program files\System Protect
2009-04-15 12:00 . 2008-02-23 17:32 -------- d-----w c:\program files\Spyware Terminator
2009-04-12 18:07 . 2009-04-12 17:47 -------- d-----w c:\program files\Silkroad
2009-04-10 19:57 . 2008-05-27 15:48 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-10 19:55 . 2008-05-27 15:48 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-10 19:39 . 2009-04-10 19:39 -------- d-----w c:\program files\CCleaner
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\program files\Zaparit
2009-04-06 19:02 . 2009-04-06 19:02 -------- d-----w c:\program files\Common Files\Corel
2009-04-06 19:01 . 2009-04-06 19:01 -------- d-----w c:\program files\Corel
2009-03-29 13:36 . 2006-03-02 12:00 70106 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 13:36 . 2006-03-02 12:00 393192 ----a-w c:\windows\system32\perfh005.dat
2009-03-19 18:35 . 2008-05-27 15:47 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-03 19:17 . 2009-03-03 19:16 1614336 ----a-w c:\documents and settings\PC\klient.exe
2004-07-03 19:09 . 2008-10-22 13:58 140800 ----a-w c:\program files\mozilla firefox\plugins\al2np.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-30_17.57.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 18:19 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll
+ 2008-02-13 14:01 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2008-02-13 14:01 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-05-30 18:27 . 2008-10-16 12:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-05-30 18:27 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-02-13 14:01 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-02-13 14:01 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll
+ 2008-02-13 14:01 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll
+ 2008-02-13 14:01 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll
+ 2008-02-13 14:01 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll
+ 2008-02-13 14:01 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-13 14:01 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2008-02-13 14:01 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-13 14:01 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll
+ 2008-02-13 14:01 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SpywareTerminator"="c:\documents and settings\novy\Plocha\hry programy crack cestiny atd\spyware\SpywareTerminatorShield.exe" [2009-04-29 1783808]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2008-12-05 1223680]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-22 949376]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\novy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Ghost Recon Advanced WarfighterR 2.LNK - c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\Support\Register\RegistrationReminder.exe [2009-5-23 874000]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-10 10872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry 2.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bohemia Interactive\\Operace Flashpoint\\OperationFlashpoint.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\FlatOut\\flatout.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Codemasters\\IGI 2\\pc\\igi2.exe"=
"c:\\Program Files\\Atari\\Codename Panzers Cold War\\Home\\Game\\CPCW.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12751:TCP"= 12751:TCP:BitComet 12751 TCP
"12751:UDP"= 12751:UDP:BitComet 12751 UDP

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [22.1.2009 21:49 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.2.2008 19:33 141312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.7.2008 19:10 222456]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 9:22 70912]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [5.12.2008 15:55 598528]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [13.2.2008 17:29 29536]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [5.12.2008 15:55 12288]
S2 gupdate1c9b6277ac194e;Služba Google Update (gupdate1c9b6277ac194e);c:\program files\Google\Update\GoogleUpdate.exe [5.4.2009 21:45 133104]
S3 e2f132;e2f132;c:\windows\system32\e2f132.sys [4.1.2009 22:59 54624]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 19:43]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:44]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{59B6892F-0E4A-41A2-B5CC-9C40EE761C4E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearchMigratedDefaultURL = hxxp://www.google.com/
LSP: c:\windows\system32\imon.dll
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mah ... uncher.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 21:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\documents and settings\novy\Plocha\hry programy crack cestiny atd\spyware\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-05-30 21:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-30 19:19
ComboFix2.txt 2009-05-30 18:01

Před spuštěním: Volných bajtů: 18 088 800 256
Po spuštění: Volných bajtů: 18 076 491 776

253 --- E O F --- 2009-05-30 18:27

kontrola logu prosím Vyřešeno

kontrola logu prosím

Re: kontrola logu prosím

Re: kontrola logu prosím

malware

Re: kontrola logu prosím

Re: kontrola logu prosím

Re: kontrola logu prosím

Re: kontrola logu prosím

Re: kontrola logu prosím

ComboFix

Re: kontrola logu prosím

Re: kontrola logu prosím

Kdo je online