M4RTY: Prosím o kontrolu logu Vyřešeno

[M4RTY]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:46, on 23.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe
C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergency.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\Nová složka (2)\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FIFA 09 Registration.lnk = C:\Martin\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Startup: NHL® 09 Registration.lnk = C:\Martin\EA Sports\NHL 09\Support\EAregister.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6659 bytes

[Reklama]

[jaro3]

Máš mít jen jeden antivir + jeden antispyware -ostatní odinstaluj.


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[M4RTY]

takze HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:08, on 23.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\Nová složka (2)\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-448539723-926492609-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ostatní')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FIFA 09 Registration.lnk = C:\Martin\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Startup: NHL® 09 Registration.lnk = C:\Martin\EA Sports\NHL 09\Support\EAregister.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6825 bytes


a Malwares´


Malwarebytes' Anti-Malware 1.40
Verze databáze: 2565
Windows 5.1.2600 Service Pack 3

23.8.2009 20:00:50
mbam-log-2009-08-23 (20-00-44).txt

Typ skenu: Rychlý sken
Objektu skenováno: 138220
Uplynulý cas: 6 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\Spy Emergency 2009 (serial, keygen, cd-klic, registracni cislo.ZDARMA_max51.exe (Malware.Tool) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.


vypni rez. ochranu u antiviru a antispywaru

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[M4RTY]

promin spatne sem neco pochopil , az ted me to napadlo (udelal sem to ale neodpojil sem se pritom od netu )



Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Ja jsem myslel ze je to scan takze sem udelal scan potom sem se odpojil od netu atf cleaner atd..... potom sem zapl ten Malware potom vypl ochranu antiviru spustil combo fix a ted ty logy

Malwares´

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2565
Windows 5.1.2600 Service Pack 3

23.8.2009 21:30:48
mbam-log-2009-08-23 (21-30-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 138654
Uplynulý cas: 6 minute(s), 8 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\Spy Emergency 2009 (serial, keygen, cd-klic, registracni cislo.ZDARMA_max51.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.


ComboFix

ComboFix 09-08-22.06 - Martin 23.08.2009 21:47.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1437 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1214440339-1801674531-1004

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-23 do 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 15:45 . 2009-08-23 15:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-23 15:43 . 2009-08-23 15:43 -------- d-----w- c:\program files\Common Files\Skype
2009-08-23 15:43 . 2009-08-23 15:43 -------- d-----r- c:\program files\Skype
2009-08-23 13:36 . 2009-04-21 15:55 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2009-08-23 13:36 . 2009-02-04 16:42 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2009-08-23 13:36 . 2009-02-04 16:42 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2009-08-23 13:36 . 2009-08-23 13:36 -------- d-----w- c:\program files\NETGATE
2009-08-22 21:01 . 2009-08-22 21:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-22 21:00 . 2009-08-22 21:00 -------- d-----w- c:\program files\DVDFab 6
2009-08-22 12:26 . 2009-08-22 13:02 -------- d-----w- c:\program files\Vietcong2
2009-08-22 10:57 . 2009-08-22 10:57 737280 ----a-w- c:\windows\iun6002.exe
2009-08-22 10:57 . 2009-08-22 10:57 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-08-22 09:39 . 2009-08-22 09:39 -------- d-----w- c:\windows\UfdApp
2009-08-22 09:33 . 2009-08-22 09:33 -------- d-----w- c:\program files\Windows Sidebar
2009-08-22 09:21 . 2009-08-22 09:32 -------- d-----w- c:\program files\Nero
2009-08-22 09:20 . 2009-08-22 09:26 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 12:49 . 2009-08-21 12:54 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-08-20 13:03 . 2009-08-20 17:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-20 13:02 . 2009-08-20 13:02 -------- d-----w- c:\windows\system32\drivers\umdf
2009-08-20 13:01 . 2009-08-20 13:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-20 13:01 . 2009-08-20 13:01 -------- d-----w- c:\windows\system32\xlive
2009-08-18 13:23 . 2009-08-18 13:23 -------- d-----w- c:\documents and settings\Ostatní
2009-08-15 20:54 . 2009-08-15 20:54 -------- d-----w- C:\a8ad30fbc72f1e633f
2009-08-13 18:46 . 2009-08-13 18:46 -------- d-----w- c:\program files\Game Cam V2
2009-08-09 15:07 . 2009-08-09 15:07 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-09 14:07 . 2009-08-09 14:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-09 14:07 . 2009-08-09 14:10 -------- d-----w- c:\program files\DivX
2009-08-09 11:50 . 2009-08-09 11:50 -------- d-----w- C:\Pancake Luigi
2009-08-08 20:05 . 2009-08-08 20:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-08 20:05 . 2009-08-08 20:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-08 20:05 . 2009-08-08 20:05 -------- d-----w- c:\program files\Real
2009-08-08 20:05 . 2009-08-08 20:05 -------- d-----w- c:\program files\Common Files\Real
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 12:44 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-08-07 12:44 . 2009-08-07 12:44 -------- d-----w- c:\windows\SHELLNEW
2009-08-07 12:44 . 2009-08-07 12:44 -------- d-----w- c:\program files\Microsoft.NET
2009-08-07 12:43 . 2009-08-07 12:43 -------- d--h--r- C:\MSOCache
2009-08-07 12:29 . 2009-08-07 12:29 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-07 12:29 . 2009-08-07 12:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-06 07:12 . 2009-08-06 07:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 21:10 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 21:10 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 21:10 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 20:13 . 2009-08-05 20:13 -------- d-----w- c:\program files\Windows Doctor
2009-08-05 20:09 . 2009-08-05 20:09 -------- d-----w- c:\program files\ToniArts
2009-08-05 16:11 . 2009-08-05 16:11 -------- d-----w- c:\program files\RocketDock
2009-08-04 20:14 . 2009-08-04 20:14 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-04 20:14 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-04 20:14 . 2009-08-04 20:14 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-04 20:14 . 2009-08-04 20:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\program files\Acoustica CD Label Maker
2009-08-04 11:48 . 2009-08-04 11:48 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\dwhelper
2009-08-03 07:47 . 2009-08-03 07:47 -------- d-----w- c:\program files\Common Files\Xing Shared
2009-08-03 07:47 . 1998-12-16 10:08 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-08-03 07:47 . 2009-08-03 07:47 -------- d-----w- c:\program files\Xing
2009-08-01 18:26 . 2009-08-01 18:26 -------- d-----w- c:\program files\Bonjour
2009-08-01 18:21 . 2009-08-01 18:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-01 17:53 . 2009-08-01 17:53 -------- d-----w- c:\program files\Game Graphic Studio
2009-08-01 16:22 . 2009-08-01 18:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-01 14:08 . 2009-08-20 11:28 -------- d-----w- c:\program files\Fifa Master
2009-07-30 18:11 . 2009-07-30 18:11 -------- d-----w- c:\program files\Ashampoo
2009-07-30 10:25 . 2009-07-30 10:25 -------- d-----w- c:\program files\OEdit
2009-07-30 07:15 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-30 07:15 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-30 07:14 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-29 21:35 . 2009-08-13 09:37 -------- d--h--w- c:\windows\$hf_mig$
2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\program files\SopCast
2009-07-29 13:27 . 2009-07-29 13:27 45 ---h--w- c:\windows\dmís0535.dat
2009-07-29 13:27 . 2009-07-29 13:28 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-07-29 12:37 . 2009-07-29 12:37 -------- d-----w- c:\program files\CCleaner
2009-07-29 12:36 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-29 12:36 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-29 12:36 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\windows\system32\AGEIA
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-29 12:31 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-29 12:31 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-29 12:31 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-29 12:31 . 2009-07-29 12:31 -------- d-----w- C:\NVIDIA
2009-07-29 08:58 . 2009-07-29 08:58 -------- d-----w- c:\program files\GamePark
2009-07-28 20:57 . 2009-07-28 20:57 -------- d-----w- c:\program files\Webteh
2009-07-28 20:22 . 2009-08-09 19:26 -------- d-----w- c:\program files\ICQ6.5
2009-07-28 19:51 . 2009-07-28 19:51 -------- d-----w- c:\program files\MSBuild
2009-07-28 19:49 . 2009-08-15 20:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-28 19:49 . 2009-07-28 19:49 -------- d-----w- c:\program files\Reference Assemblies
2009-07-28 19:49 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-28 19:49 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-28 18:19 . 2009-07-28 18:19 -------- d-----w- c:\program files\Opera
2009-07-28 18:01 . 2009-08-23 19:02 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 18:00 . 2009-08-23 19:02 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 18:00 . 2009-08-20 13:02 -------- d-----w- c:\windows\system32\LogFiles
2009-07-28 18:00 . 2009-07-29 09:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-28 17:59 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-07-28 17:58 . 2008-04-14 07:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-28 17:58 . 2008-04-14 00:06 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-07-28 17:58 . 2008-04-14 08:52 75264 ----a-w- c:\windows\system32\usbui.dll
2009-07-28 17:56 . 2009-08-23 15:43 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Data aplikací
2009-07-28 17:56 . 2009-07-28 17:57 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Data aplikací
2009-07-28 17:56 . 2009-08-23 19:45 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2009-07-28 17:56 . 2009-07-28 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2009-07-28 17:44 . 2009-07-28 17:44 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 17:38 . 2009-07-28 17:38 -------- d-sh--w- c:\windows\ftpcache
2009-07-28 17:35 . 2009-07-28 17:35 -------- d-----w- c:\program files\Alcohol Soft
2009-07-28 17:31 . 2009-07-28 17:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-28 17:05 . 2009-08-20 13:36 -------- d-----w- C:\Martin
2009-07-28 17:02 . 2009-07-29 15:31 -------- d-----w- C:\totalcmd
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 19:37 . 2008-04-14 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-08-23 19:37 . 2008-04-14 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-08-20 13:36 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 13:17 . 2009-07-28 15:13 -------- d-----w- c:\program files\ESET
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 13:06 . 2009-07-28 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-29 21:19 . 2009-07-28 16:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-29 21:19 . 2009-07-28 16:03 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-29 21:19 . 2009-07-28 16:03 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-07-28 17:35 . 2009-07-28 16:37 -------- d-----w- c:\program files\NOS
2009-07-28 16:50 . 2009-07-28 16:49 -------- d-----w- c:\program files\uTorrent
2009-07-28 16:31 . 2009-07-28 16:31 -------- d-----w- c:\program files\QIP
2009-07-28 16:16 . 2009-07-28 16:16 274432 ----a-w- c:\windows\system32\imon.dll
2009-07-28 16:16 . 2009-07-28 16:16 502368 ----a-w- c:\windows\system32\drivers\amon.sys
2009-07-14 11:35 . 2009-07-14 11:35 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-12 10:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 05:01 . 2009-07-28 16:08 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:27 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-07-28 16:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2008-04-14 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency 2009\SpyEmergency.exe" [2009-08-04 1944120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-28 921600]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin.MARTIN-PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FIFA 09 Registration.lnk - c:\martin\EA Sports\FIFA 09\Support\EAregister.exe [2008-8-13 4369408]
NHLR 09 Registration.lnk - c:\martin\EA Sports\NHL 09\Support\EAregister.exe [2008-12-12 4374792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\CSP2009.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Martin\\Football Superstars\\FSClientr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Martin\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Martin\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Martin\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [23.8.2009 15:36 12344]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe [23.8.2009 15:36 1817144]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [4.8.2009 22:14 604416]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [23.8.2009 15:36 14392]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [23.8.2009 15:36 18232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-08-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\o3uxdtne.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 21:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2712)
c:\program files\NETGATE\Spy Emergency 2009\webspam.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-08-23 21:50
ComboFix-quarantined-files.txt 2009-08-23 19:50

Před spuštěním: Volných bajtů: 147 763 953 664
Po spuštění: Volných bajtů: 150 834 020 352

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

333 --- E O F --- 2009-08-21 21:06

[jaro3]

Buď musíš odinstalovat Spy Emergency nebo ESET nod32+Spybot - Search & Destroy

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\ezsidmv.dat
c:\windows\dmís0535.dat
c:\windows\nsreg.dat

Folder::
c:\program files\DAEMON Tools Toolbar
c:\program files\NOS

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Pro odinstalaci ESET můžeš použít toto:
http://www.nod32.nl/download/tool/nod32removal.exe

[M4RTY]

ComboFix 09-08-22.06 - Martin 23.08.2009 22:38.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1617 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin.MARTIN-PC\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\dmís0535.dat"
"c:\windows\nsreg.dat"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\NOS
c:\windows\dmís0535.dat
c:\windows\nsreg.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-23 do 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 15:43 . 2009-08-23 15:43 -------- d-----w- c:\program files\Common Files\Skype
2009-08-23 15:43 . 2009-08-23 15:43 -------- d-----r- c:\program files\Skype
2009-08-22 21:01 . 2009-08-22 21:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-22 21:00 . 2009-08-22 21:00 -------- d-----w- c:\program files\DVDFab 6
2009-08-22 12:26 . 2009-08-22 13:02 -------- d-----w- c:\program files\Vietcong2
2009-08-22 10:57 . 2009-08-22 10:57 737280 ----a-w- c:\windows\iun6002.exe
2009-08-22 10:57 . 2009-08-22 10:57 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-08-22 09:39 . 2009-08-22 09:39 -------- d-----w- c:\windows\UfdApp
2009-08-22 09:33 . 2009-08-22 09:33 -------- d-----w- c:\program files\Windows Sidebar
2009-08-22 09:21 . 2009-08-22 09:32 -------- d-----w- c:\program files\Nero
2009-08-22 09:20 . 2009-08-22 09:26 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 12:49 . 2009-08-21 12:54 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-08-20 13:03 . 2009-08-20 17:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-20 13:02 . 2009-08-20 13:02 -------- d-----w- c:\windows\system32\drivers\umdf
2009-08-20 13:01 . 2009-08-20 13:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-20 13:01 . 2009-08-20 13:01 -------- d-----w- c:\windows\system32\xlive
2009-08-18 13:23 . 2009-08-18 13:23 -------- d-----w- c:\documents and settings\Ostatní
2009-08-15 20:54 . 2009-08-15 20:54 -------- d-----w- C:\a8ad30fbc72f1e633f
2009-08-13 18:46 . 2009-08-13 18:46 -------- d-----w- c:\program files\Game Cam V2
2009-08-09 15:07 . 2009-08-09 15:07 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-09 14:07 . 2009-08-09 14:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-09 14:07 . 2009-08-09 14:10 -------- d-----w- c:\program files\DivX
2009-08-09 11:50 . 2009-08-09 11:50 -------- d-----w- C:\Pancake Luigi
2009-08-08 20:05 . 2009-08-08 20:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-08 20:05 . 2009-08-08 20:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-08 20:05 . 2009-08-08 20:05 -------- d-----w- c:\program files\Real
2009-08-08 20:05 . 2009-08-08 20:05 -------- d-----w- c:\program files\Common Files\Real
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 12:44 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-08-07 12:44 . 2009-08-07 12:44 -------- d-----w- c:\windows\SHELLNEW
2009-08-07 12:44 . 2009-08-07 12:44 -------- d-----w- c:\program files\Microsoft.NET
2009-08-07 12:43 . 2009-08-07 12:43 -------- d--h--r- C:\MSOCache
2009-08-07 12:29 . 2009-08-07 12:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-06 07:12 . 2009-08-06 07:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 21:10 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 21:10 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 21:10 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 20:13 . 2009-08-05 20:13 -------- d-----w- c:\program files\Windows Doctor
2009-08-05 20:09 . 2009-08-05 20:09 -------- d-----w- c:\program files\ToniArts
2009-08-05 16:11 . 2009-08-05 16:11 -------- d-----w- c:\program files\RocketDock
2009-08-04 20:14 . 2009-08-04 20:14 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-04 20:14 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-04 20:14 . 2009-08-04 20:14 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-04 20:14 . 2009-08-04 20:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\program files\Acoustica CD Label Maker
2009-08-04 11:48 . 2009-08-04 11:48 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\dwhelper
2009-08-03 07:47 . 2009-08-03 07:47 -------- d-----w- c:\program files\Common Files\Xing Shared
2009-08-03 07:47 . 1998-12-16 10:08 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-08-03 07:47 . 2009-08-03 07:47 -------- d-----w- c:\program files\Xing
2009-08-01 18:26 . 2009-08-01 18:26 -------- d-----w- c:\program files\Bonjour
2009-08-01 18:21 . 2009-08-01 18:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-01 17:53 . 2009-08-01 17:53 -------- d-----w- c:\program files\Game Graphic Studio
2009-08-01 16:22 . 2009-08-01 18:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-01 14:08 . 2009-08-20 11:28 -------- d-----w- c:\program files\Fifa Master
2009-07-30 18:11 . 2009-07-30 18:11 -------- d-----w- c:\program files\Ashampoo
2009-07-30 10:25 . 2009-07-30 10:25 -------- d-----w- c:\program files\OEdit
2009-07-30 07:15 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-30 07:15 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-30 07:14 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-29 21:35 . 2009-08-13 09:37 -------- d--h--w- c:\windows\$hf_mig$
2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\program files\SopCast
2009-07-29 13:27 . 2009-07-29 13:28 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-07-29 12:37 . 2009-07-29 12:37 -------- d-----w- c:\program files\CCleaner
2009-07-29 12:36 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-29 12:36 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-29 12:36 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\windows\system32\AGEIA
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 12:32 . 2009-07-29 12:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-29 12:31 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-29 12:31 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-29 12:31 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-29 12:31 . 2009-07-29 12:31 -------- d-----w- C:\NVIDIA
2009-07-29 08:58 . 2009-07-29 08:58 -------- d-----w- c:\program files\GamePark
2009-07-28 20:57 . 2009-07-28 20:57 -------- d-----w- c:\program files\Webteh
2009-07-28 20:22 . 2009-08-09 19:26 -------- d-----w- c:\program files\ICQ6.5
2009-07-28 19:51 . 2009-07-28 19:51 -------- d-----w- c:\program files\MSBuild
2009-07-28 19:49 . 2009-08-15 20:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-28 19:49 . 2009-07-28 19:49 -------- d-----w- c:\program files\Reference Assemblies
2009-07-28 19:49 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-28 19:49 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-28 18:19 . 2009-07-28 18:19 -------- d-----w- c:\program files\Opera
2009-07-28 18:01 . 2009-08-23 19:02 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 18:00 . 2009-08-23 19:02 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 18:00 . 2009-08-20 13:02 -------- d-----w- c:\windows\system32\LogFiles
2009-07-28 18:00 . 2009-07-29 09:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-28 17:59 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-07-28 17:58 . 2008-04-14 07:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-28 17:58 . 2008-04-14 00:06 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-07-28 17:58 . 2008-04-14 08:52 75264 ----a-w- c:\windows\system32\usbui.dll
2009-07-28 17:56 . 2009-08-23 20:32 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Data aplikací
2009-07-28 17:56 . 2009-07-28 17:57 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Data aplikací
2009-07-28 17:56 . 2009-08-23 19:45 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2009-07-28 17:56 . 2009-07-28 16:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2009-07-28 17:38 . 2009-07-28 17:38 -------- d-sh--w- c:\windows\ftpcache
2009-07-28 17:35 . 2009-07-28 17:35 -------- d-----w- c:\program files\Alcohol Soft
2009-07-28 17:31 . 2009-07-28 17:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-28 17:05 . 2009-08-20 13:36 -------- d-----w- C:\Martin
2009-07-28 17:02 . 2009-07-29 15:31 -------- d-----w- C:\totalcmd
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-28 17:02 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 19:37 . 2008-04-14 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-08-23 19:37 . 2008-04-14 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-08-20 13:36 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 13:17 . 2009-07-28 15:13 -------- d-----w- c:\program files\ESET
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 13:06 . 2009-07-28 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-29 21:19 . 2009-07-28 16:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-29 21:19 . 2009-07-28 16:03 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-29 21:19 . 2009-07-28 16:03 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-07-28 16:50 . 2009-07-28 16:49 -------- d-----w- c:\program files\uTorrent
2009-07-28 16:31 . 2009-07-28 16:31 -------- d-----w- c:\program files\QIP
2009-07-28 16:16 . 2009-07-28 16:16 274432 ----a-w- c:\windows\system32\imon.dll
2009-07-28 16:16 . 2009-07-28 16:16 502368 ----a-w- c:\windows\system32\drivers\amon.sys
2009-07-14 11:35 . 2009-07-14 11:35 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-12 10:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 05:01 . 2009-07-28 16:08 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-26 16:51 . 2008-04-14 12:00 667648 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:27 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-07-28 16:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2008-04-14 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-28 921600]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin.MARTIN-PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FIFA 09 Registration.lnk - c:\martin\EA Sports\FIFA 09\Support\EAregister.exe [2008-8-13 4369408]
NHLR 09 Registration.lnk - c:\martin\EA Sports\NHL 09\Support\EAregister.exe [2008-12-12 4374792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\CSP2009.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Martin\\Football Superstars\\FSClientr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Martin\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Martin\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Martin\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [4.8.2009 22:14 604416]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-08-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\o3uxdtne.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 22:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-23 22:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-23 20:45
ComboFix2.txt 2009-08-23 19:50

Před spuštěním: Volných bajtů: 151 136 104 448
Po spuštění: Volných bajtů: 151 088 238 592

335 --- E O F --- 2009-08-21 21:06

HijackThis....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:53, on 23.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin.MARTIN-PC\Plocha\Nová složka (2)\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FIFA 09 Registration.lnk = C:\Martin\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Startup: NHL® 09 Registration.lnk = C:\Martin\EA Sports\NHL 09\Support\EAregister.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6112 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Nainstaluj javu:
Java SE Runtime Environment 6u16
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u16-windows-i586-p.exe

Měl bys přejít z prohlížeče IE6 na IE7 nebo IE8.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.

[M4RTY]

mel sem ve Spy Emergence v kleci Win32.Malware a asktbar.....vymazat to neslo ptze sem me zkusebni verzi a kdyz sem to odinstaloval tak ty viry se nvratily zpatky do pc ???

cCleanerem to mam vycistit spustit a cistic??

takto asi : http://www.pc-help.cz/viewtopic.php?t=5130 ze??

a jeste neco delal sem si test bezpecnosti a mam podezreni na trojana :( viz. screen http://www.jpeg.cz/view-273_trojan.jpg.html

[jaro3]

Nic tam nezůstalo, takže by to mělo být pryč...
Jo , podle toho návodu použij CCleaner.
PC by mělo být čisté.

[M4RTY]

a jeste neco delal sem si test bezpecnosti a mam podezreni na trojana :( viz. screen http://www.jpeg.cz/view-273_trojan.jpg.html

[jaro3]

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

-Ve vistě musíš prohlížeč otevřít jako administrátor. K užití skeneru je třeba stáhnout a nainstalovat programové soubory a databázi.
-V Linuxu skener neskenuje RAM, boot. sektor a MBR, takže nemůže detekovat nákazy v těchto místech.
-Skener detekuje nákazy, které jsou již v PC, takže se potom dají manuálně smazat.
-Před skenem je vhodné vypnout rez. ochranu antiviru a antispywaru.
Klikni na Accept, k potvrzení podmínek.
Pokud se Ti objeví okno zabezpečení prostředí java- dej přijmout.
- Začne se stahovat databáze a program.
- Po jeho skončení klikni vlevo na pod Scan na My computer
Začne sken Tvého PC.
Sken může trvat i několik hodin.. Po ukončení skenu klikni na Scan Report.
Poté zvol Save a název zvol: KAV.
Obsah mi sem prosím zkopíruj.