Kontrola logu prosím Vyřešeno

[Radinoo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:07, on 15.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "D:\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Služba Google Update (gupdate1c9e8785c7aa73e) (gupdate1c9e8785c7aa73e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8659 bytes

[Reklama]

[Damned]

Nějaký problém?

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "D:\Steam.exe" -silent
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Radinoo]

seká se mi nebo restartuje.


Malwarebytes' Anti-Malware 1.37
Verze databáze: 2284
Windows 5.1.2600 Service Pack 3

15.6.2009 20:06:58
mbam-log-2009-06-15 (20-06-58).txt

Typ skenu: Rychlý sken
Objektu skenováno: 80345
Uplynulý cas: 2 minute(s), 45 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Radinoo]

ComboFix 09-06-15.01 - Radek Kahák 15.06.2009 20:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1539 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radek Kahák\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-15 do 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 18:03 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:03 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 18:03 . 2009-06-15 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 17:02 . 2009-06-15 17:02 -------- d-----w- c:\program files\Trend Micro
2009-06-15 16:15 . 2009-06-15 16:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-10 16:26 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-10 16:26 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-10 16:25 . 2006-11-06 05:00 198656 ----a-w- c:\windows\system32\CNMLM8O.DLL
2009-06-10 16:25 . 2009-06-10 16:25 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-06-10 16:25 . 2009-06-10 16:25 -------- d--h--w- c:\program files\CanonBJ
2009-06-10 16:24 . 2009-06-10 16:27 -------- d-----w- c:\program files\Canon
2009-06-10 07:10 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:10 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 07:10 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 07:10 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 06:54 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-10 06:54 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-09 16:17 . 2009-06-09 16:19 -------- d-----w- c:\program files\ICQ6.5
2009-06-08 20:34 . 2009-06-08 20:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-08 20:33 . 2009-06-08 20:33 -------- d-----w- c:\program files\Common Files\Skype
2009-06-08 20:33 . 2009-06-08 20:33 -------- d-----r- c:\program files\Skype
2009-06-08 18:24 . 2009-06-08 18:24 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-08 18:17 . 2009-06-08 18:17 -------- d-----w- C:\ATI
2009-06-07 22:15 . 2009-06-07 22:15 -------- d-----w- c:\program files\CCleaner
2009-06-07 19:37 . 2009-06-07 19:38 -------- d--h--w- c:\program files\Zero G Registry
2009-06-07 10:56 . 2009-06-07 10:56 -------- d-----w- c:\program files\Common Files\Java
2009-06-07 10:56 . 2009-06-07 10:56 -------- d-----w- c:\program files\NOS
2009-06-07 10:54 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-07 07:49 . 2009-06-13 15:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-07 07:48 . 2009-06-07 07:48 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-07 07:48 . 2009-06-07 07:48 -------- d-----w- c:\windows\system32\LogFiles
2009-06-07 07:39 . 2009-06-07 07:39 737280 ----a-w- c:\windows\iun6002.exe
2009-06-07 07:39 . 2009-06-07 07:39 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-07 07:21 . 2009-06-07 07:21 -------- d-----w- C:\ProgramData
2009-06-06 23:32 . 2009-06-06 23:32 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 23:32 . 2009-06-06 23:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 23:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-06 23:32 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-06 23:32 . 2009-06-06 23:32 -------- d-----w- c:\windows\Logs
2009-06-06 23:09 . 2009-06-06 23:09 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-06-06 23:08 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-06 23:08 . 2009-02-25 21:09 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-06-06 23:08 . 2009-02-25 21:42 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-06-06 23:08 . 2009-02-25 20:58 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-06-06 23:08 . 2007-06-07 02:25 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-06-06 23:08 . 2009-01-26 17:55 182995 ----a-w- c:\windows\system32\atiicdxx.dat
2009-06-06 23:08 . 2007-06-07 02:25 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-06-06 23:01 . 2009-06-06 23:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-06 22:59 . 2006-08-18 08:28 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-06 22:59 . 2006-07-31 23:02 49152 ------r- c:\windows\system32\ChCfg.exe
2009-06-06 22:58 . 2009-06-06 22:58 -------- d-----w- c:\program files\Realtek
2009-06-06 22:58 . 2006-09-11 22:34 499712 ------r- c:\windows\RtlExUpd.dll
2009-06-06 22:50 . 2009-06-09 16:18 -------- d-----w- c:\program files\Google
2009-06-06 22:25 . 2009-06-08 18:21 -------- d-----w- c:\program files\ATI Technologies
2009-06-06 22:17 . 2009-06-06 22:17 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-06 22:04 . 2009-06-06 22:04 -------- d-----w- C:\fd0cd73ad58dfb3eef80fda256a2
2009-06-06 21:57 . 2009-06-06 21:57 -------- d-----w- c:\program files\MSBuild
2009-06-06 21:55 . 2009-06-06 22:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-06 21:54 . 2009-06-06 21:54 -------- d-----w- c:\program files\Reference Assemblies
2009-06-06 21:54 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-06 21:31 . 2009-06-06 21:31 -------- d-----w- C:\Poker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 10:13 . 2006-03-02 12:00 83832 ----a-w- c:\windows\system32\perfc005.dat
2009-06-15 10:13 . 2006-03-02 12:00 440590 ----a-w- c:\windows\system32\perfh005.dat
2009-06-09 16:17 . 2009-06-06 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 13:20 . 2009-06-07 13:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-07 13:20 . 2009-06-07 10:56 -------- d-----w- c:\program files\Java
2009-06-07 10:49 . 2009-06-06 19:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 20:08 . 2009-06-06 18:58 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-06 20:08 . 2009-06-06 18:58 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-06 19:39 . 2009-06-06 18:58 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-06 19:37 . 2009-06-06 19:37 -------- d-----w- c:\program files\A4Tech
2009-06-06 19:35 . 2009-06-06 19:35 -------- d-----w- c:\program files\KYE
2009-06-06 19:26 . 2009-06-06 19:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-06 19:20 . 2009-06-06 19:20 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-06 19:17 . 2009-06-06 19:09 -------- d-----w- c:\program files\GIGABYTE
2009-06-06 19:07 . 2009-06-06 19:07 -------- d-----w- c:\program files\DIFX
2009-06-06 18:59 . 2009-06-06 18:59 -------- d-----w- c:\program files\microsoft frontpage
2009-06-06 18:57 . 2009-06-06 18:57 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:05 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-01-04 24576]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2006-12-08 547840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-30 16269312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 gupdate1c9e8785c7aa73e;Služba Google Update (gupdate1c9e8785c7aa73e);c:\program files\Google\Update\GoogleUpdate.exe [8.6.2009 22:33 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7.6.2009 12:56 33176]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - MarkFun_NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 20:33]

2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{88FA17CE-0BCA-4A5B-A277-F32843C01EB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - d:\office11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: mojebanka.cz\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 20:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*‘|0ß•]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="????¦"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-15 20:52
ComboFix-quarantined-files.txt 2009-06-15 18:52

Před spuštěním: Volných bajtů: 194 238 476 288
Po spuštění: Volných bajtů: 196 101 484 544

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

187 --- E O F --- 2009-06-15 15:50

[Damned]

Červený soubor zkontroluj na Virustotalu

c:\windows\system32\CNMLM8O.DLL
c:\windows\system32\ChCfg.exe

a vlož sem odkazy na výsledky

[Radinoo]

c:\windows\system32\CNMLM8O.DLL


a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1337 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.15 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 -
McAfee-GW-Edition 6.7.6 2009.06.15 -
Microsoft 1.4701 2009.06.15 -
NOD32 4156 2009.06.15 -
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.15 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.15 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
VirusBuster 4.6.5.0 2009.06.15 -
Rozšiřující informace
File size: 198656 bytes
MD5...: e6d9c7284a03f193496a0b268c5b39f9
SHA1..: 7e8611e9ac88970004c59e664d4ce19b186f3bc6
SHA256: 4365007ee6f92707f246a6fffdc9170ed665bb5f5aca2031c06ee7e68cf3fd64
ssdeep: -

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x26b70
timedatestamp.....: 0x454e81e5 (Mon Nov 06 00:29:25 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ad89 0x2ae00 6.41 1eb88c4f2a26e36a7b9bfa3dfcd1a62f
.data 0x2c000 0x3618 0x3400 3.26 b97bf7df2cf2e8b4b07a4706b1758367
.rsrc 0x30000 0x390 0x400 3.03 6b0878e9adcd9e469c9a5c0feac09fc6
.reloc 0x31000 0x1c82 0x1e00 5.82 3d51c634069c8d2c6c54b7b0cc2a9eb4

( 8 imports )
> msvcrt.dll: _wcslwr, _XcptFilter, malloc, free, _initterm, _amsg_exit, _adjust_fdiv, _wtoi, _itow, _wstat, _wsplitpath, sprintf, atoi, wcsncpy, wcstol, __2@YAPAXI@Z, __3@YAXPAX@Z, _vsnwprintf, _vsnprintf, wcschr, wcsstr, wcsrchr, wcsncat, memcpy, wcsncmp, _snwprintf, memset
> KERNEL32.dll: IsBadWritePtr, GetModuleFileNameW, GetPrivateProfileSectionW, CopyFileW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, FindClose, CreateDirectoryW, RemoveDirectoryW, DeleteFileW, SetFileAttributesW, GetFileAttributesW, GetSystemWindowsDirectoryW, HeapAlloc, GetProcessHeap, WritePrivateProfileStringW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, InterlockedCompareExchange, InterlockedExchange, SetThreadPriority, ResetEvent, lstrcpyW, LoadLibraryW, GetSystemDefaultLangID, MultiByteToWideChar, GlobalAlloc, lstrcmpiW, OpenFileMappingW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetCurrentThreadId, LocalFree, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, lstrcatW, CreateMutexW, WaitForMultipleObjects, FreeLibrary, GetProcAddress, GetModuleHandleW, ReleaseMutex, WaitForSingleObject, GlobalFree, lstrcmpW, lstrlenW, GetLastError, GetTickCount, Sleep, GetVersionExW, lstrcpynA, lstrlenA, lstrcmpA, SetLastError, lstrcpynW, CloseHandle, SetEvent, WriteFile, CreateFileW, LeaveCriticalSection, EnterCriticalSection, WideCharToMultiByte, CreateMailslotW, GetOverlappedResult, CancelIo, ReadFile, CreateThread, CreateEventW, GetComputerNameW, CreateProcessW, OpenProcess
> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateProcessAsUserW, DuplicateTokenEx, OpenProcessToken, GetUserNameW, RegCloseKey
> USER32.dll: CharLowerW, LoadStringW, CharUpperBuffA, CharLowerBuffW, wsprintfW
> SPOOLSS.DLL: GetPrinterDataW, SetPrinterDataW, SetJobW, SetPortW, GetJobW, OpenPrinterW, ClosePrinter, GetPrinterW, GetPrinterDriverW, RevertToPrinterSelf, ImpersonatePrinterClient, GetPrinterDriverDirectoryW
> PSAPI.DLL: GetModuleBaseNameW, EnumProcessModules, EnumProcesses
> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
> SHELL32.dll: SHGetFolderPathW

( 2 exports )
DllMain, InitializePrintMonitor2

PDFiD.: -
RDS...: NSRL Reference Data Set

[Radinoo]

c:\windows\system32\ChCfg.exe

a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1337 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 Win32.Banker
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.15 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 -
McAfee-GW-Edition 6.7.6 2009.06.15 -
Microsoft 1.4701 2009.06.15 -
NOD32 4156 2009.06.15 -
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.15 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.15 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
Rozšiřující informace
File size: 49152 bytes
MD5...: 43c3571eada5bc1edead7ca22ad66f30
SHA1..: 9a9391351c27fcc7eeb4b67f911a0b92abc6e188
SHA256: 06157bb00da0a23b9e75745e04e4c3e8d3d588be207c827de6a1e2a9841c2fa1
ssdeep: -

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x29ba
timedatestamp.....: 0x44cfcf77 (Tue Aug 01 22:02:31 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x59be 0x6000 6.35 dc61e0588ceaa28cabc9468f9949e884
.rdata 0x7000 0x12ac 0x2000 3.43 76778a30fd19e20df8ec53e94c14e727
.data 0x9000 0x2f58 0x2000 3.78 1ed0f8148661bb0e402fc5ac06ff6773
.sxdata 0xc000 0x18 0x1000 0.02 4f170b67f649c82d60cda85f390c2d7d

( 5 imports )
> DSOUND.dll: -, -
> KERNEL32.dll: CreateFileA, FlushFileBuffers, InterlockedExchange, RtlUnwind, CloseHandle, DeviceIoControl, LocalAlloc, LocalFree, GetLastError, SetFilePointer, HeapReAlloc, VirtualAlloc, LoadLibraryA, VirtualQuery, GetSystemInfo, VirtualProtect, Sleep, ExitProcess, GetProcAddress, GetModuleHandleA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetACP, GetOEMCP, GetCPInfo, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle
> USER32.dll: RegisterWindowMessageA, SendMessageA, GetWindowTextA, EnumWindows
> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyA
> SETUPAPI.dll: SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetDeviceInstanceIdA, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=43c3571eada5bc1edead7ca22ad66f30' target='_blank'>http://www.threatexpert.com/report.aspx?md5=43c3571eada5bc1edead7ca22ad66f30</a>

[Radinoo]

Můžeš mi říct proč to je napsane modře ta jedna složka?

[Damned]

Modrá je dobrá (prej) já radši Lak na rakve.
Komprimovaná složka systémem NTFS. Změnit to lze: Vlastnosti, Upřesnit.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\ativpsrm.bin
c:\windows\system32\ChCfg.exe

DirLook::
C:\ProgramData
c:\program files\NOS
c:\windows\system32\URTTEMP



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT



Jinak tam máš nějak poškozený drivery na NOD.

[Radinoo]

Toho Noda jsem odinstaloval.Mam tam avg free edition





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:42:44, on 16.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Služba Google Update (gupdate1c9e8785c7aa73e) (gupdate1c9e8785c7aa73e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8490 bytes

[Damned]

Odindtaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Potom si stáhni nový ComboFix.

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah