Kontrola logu v HijackThis

slaavek · Příspěvekod **slaavek** » 30 srp 2009 13:59

Moc prosím o kontrolu logu v HijackThis. Moc děkuji.
Logfile of HijackThis v1.99.1
Scan saved at 13:53:39, on 30.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3D3CCE-D4C6-45B6-A85C-952672CC26EB}: NameServer = 10.0.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

Reklama

Damned · Příspěvekod **Damned** » 30 srp 2009 14:10

Odinstaluj si ICQ Toolbar. Z mého podpisu si stáhni nový HJT (verzi 2.0.2) a pak udělej nový log a vlož ho sem.

slaavek · Příspěvekod **slaavek** » 30 srp 2009 18:57

Takže zde to je.Děkuji.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:28, on 30.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3D3CCE-D4C6-45B6-A85C-952672CC26EB}: NameServer = 10.0.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5921 bytes

Damned · Příspěvekod **Damned** » 30 srp 2009 19:10

Odinstaluj si ještě Logitech desktop Manager.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: - - - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

slaavek · Příspěvekod **slaavek** » 30 srp 2009 19:29

Takže jsem vše provedl a zde jsou poslední výsledky:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2718
Windows 5.1.2600 Service Pack 3

30.8.2009 19:28:28
mbam-log-2009-08-30 (19-28-28).txt

Typ skenu: Rychlý sken
Objektu skenováno: 92308
Uplynulý cas: 4 minute(s), 32 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Damned · Příspěvekod **Damned** » 30 srp 2009 19:35

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

slaavek · Příspěvekod **slaavek** » 30 srp 2009 20:16

Zde to je.Díky moc.:
ComboFix 09-08-29.01 - Administrator 30.08.2009 20:00.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.532 [GMT 2:00]
Spuštěný z: c:\z internetu\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\173173.msi
c:\windows\Installer\1dafec1.msp
c:\windows\Installer\216d000.msi
c:\windows\Installer\216d015.msi
c:\windows\Installer\2f23ee.msp
c:\windows\Installer\30959f.msp
c:\windows\Installer\4df14.msp
c:\windows\Installer\4df16.msp
c:\windows\Installer\5119a.msi
c:\windows\Installer\5cf0b9.msp
c:\windows\Installer\5ff37.msp
c:\windows\Installer\697561.msi
c:\windows\Installer\70ae6f.msp
c:\windows\Installer\71555.msi
c:\windows\Installer\79d4b.msi
c:\windows\Installer\79e5f.msi
c:\windows\Installer\81fc00.msp
c:\windows\Installer\88bd09.msi
c:\windows\Installer\9bebf8.msi
c:\windows\Installer\9efb5b.msi
c:\windows\Installer\9f6fac.msp
c:\windows\Installer\b26e96.msp
c:\windows\Installer\e1147c.msp
c:\windows\Installer\e1147d.msp
c:\windows\Installer\e1147e.msp
c:\windows\Installer\e1147f.msp
c:\windows\Installer\e11480.msp
c:\windows\Installer\e11481.msp
c:\windows\Installer\e11482.msp
c:\windows\Installer\e11483.msp
c:\windows\Installer\e11484.msp
c:\windows\Installer\e4fcb1.msp
c:\windows\Installer\e4fcb2.msp
c:\windows\Installer\e4fcb3.msp
c:\windows\Installer\e4fcb4.msp
c:\windows\Installer\e4fcb5.msp
c:\windows\Installer\e4fcb6.msp
c:\windows\Installer\e4fcb7.msp
c:\windows\Installer\e4fcb8.msp
c:\windows\Installer\e4fcb9.msp
c:\windows\Installer\e4fcba.msp
c:\windows\Installer\e68cc3.msp
c:\windows\Installer\e68cc5.msp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-28 do 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 17:01 . 2009-08-30 17:04 -------- d-----w- c:\program files\FCleaner
2009-08-30 16:57 . 2009-08-30 16:57 -------- d-----w- c:\program files\Trend Micro
2009-08-30 12:12 . 2009-08-30 12:31 -------- d-----w- c:\program files\Vietcong
2009-08-30 10:45 . 2009-08-30 10:47 -------- d-----w- c:\program files\Hugo - Dobrodružství v džungli
2009-08-30 06:23 . 2008-08-20 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-30 06:23 . 2008-08-21 01:50 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2009-08-30 06:23 . 2008-08-21 02:19 425984 ----a-r- c:\windows\system32\ATIDEMGX.dll
2009-08-30 06:23 . 2008-08-21 01:37 887724 ----a-r- c:\windows\system32\ativva6x.dat
2009-08-30 06:23 . 2008-08-21 01:37 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-08-30 06:23 . 2008-08-21 01:37 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-08-30 06:23 . 2008-07-17 12:23 174818 ----a-r- c:\windows\system32\atiicdxx.dat
2009-08-30 06:23 . 2009-08-30 06:28 -------- d-----w- c:\program files\ATI Technologies
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\program files\CDBurnerXP
2009-08-27 11:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 11:16 . 2009-08-27 11:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 11:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 11:28 . 2009-08-25 11:28 -------- d-----w- c:\program files\HannahMontanaScrapbook
2009-08-25 11:28 . 2009-08-25 11:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\program files\ABC
2009-08-21 11:47 . 2009-08-30 17:59 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-21 11:36 . 2009-08-21 20:22 -------- d-----w- c:\program files\Burrrn
2009-08-20 17:44 . 2009-08-20 17:44 -------- d-----w- c:\program files\AudioLabel
2009-08-19 17:35 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-19 17:35 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-19 17:31 . 2009-08-19 17:37 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-19 17:19 . 2009-08-19 17:19 -------- d-----w- c:\program files\Nero
2009-08-15 10:52 . 2009-08-25 09:40 -------- d-----w- C:\a4fe7ded47b21c9dfd84aab989
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\program files\Ashampoo
2009-08-14 18:22 . 1998-07-13 16:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2009-08-14 18:22 . 2005-02-24 12:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-08-14 18:22 . 2005-02-24 11:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-08-14 18:22 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-08-14 18:22 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-08-14 18:22 . 2000-10-01 17:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-14 18:22 . 1999-03-25 17:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-08-14 18:22 . 1998-07-12 21:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-08-14 18:22 . 1998-07-12 21:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-14 18:22 . 1998-07-12 17:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-08-14 18:22 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-14 08:00 . 2009-08-14 08:00 -------- d-----w- c:\program files\CCleaner
2009-08-12 10:18 . 2009-08-12 10:18 -------- d-----w- c:\program files\DVDFab 6
2009-08-12 05:20 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 05:17 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-06 14:53 . 2009-08-06 14:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-08-05 17:50 . 2009-08-05 17:50 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 17:50 . 2009-08-05 17:50 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-04 19:46 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-04 19:46 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-04 19:46 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-04 19:46 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-04 19:46 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-04 19:46 . 2009-08-19 17:35 -------- d-----w- c:\program files\VSO
2009-08-04 17:35 . 2008-02-20 14:49 495104 ----a-w- c:\windows\Spořič Twister Magic World 05.exe
2009-08-04 17:35 . 2009-08-04 17:35 -------- d-----w- c:\windows\Spořič Twister Magic World 05 Uninstaller
2009-08-04 17:35 . 2008-02-20 14:50 903680 ----a-w- c:\windows\Spořič Twister Magic World 05.scr
2009-08-03 19:29 . 2009-08-13 20:01 -------- d-----w- c:\program files\Half-Life 2 Ultimate Edition 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 17:19 . 2008-12-21 15:16 -------- d-----w- c:\program files\Logitech
2009-08-30 16:56 . 2009-04-17 17:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-30 11:34 . 2008-12-18 15:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-30 06:46 . 2008-12-18 17:19 -------- d-----w- c:\program files\1C
2009-08-30 06:45 . 2008-12-18 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 08:33 . 2009-07-28 07:23 -------- d-----w- c:\program files\Empire Interactive
2009-08-19 17:35 . 2008-12-19 11:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 17:33 . 2001-09-20 12:00 97578 ----a-w- c:\windows\system32\perfc005.dat
2009-08-19 17:33 . 2001-09-20 12:00 466408 ----a-w- c:\windows\system32\perfh005.dat
2009-08-14 15:21 . 2009-02-19 18:18 -------- d-----w- c:\program files\MotoGP2
2009-08-14 15:14 . 2009-07-21 14:51 -------- d-----w- c:\program files\ESET
2009-08-12 10:21 . 2008-12-19 21:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 07:07 . 2009-01-03 18:42 -------- d-----w- c:\program files\Call of Duty
2009-08-05 13:00 . 2009-01-13 08:23 -------- d-----w- c:\program files\IObit
2009-08-05 12:58 . 2009-03-28 07:14 -------- d-----w- c:\program files\CENEGA
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 13:57 . 2009-02-14 21:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-31 09:03 . 2009-07-31 09:03 -------- d-----w- c:\program files\KONAMI
2009-07-28 07:55 . 2009-07-28 07:55 -------- d-----w- c:\program files\NovaLogic
2009-07-25 16:16 . 2009-07-25 16:11 -------- d-----w- c:\program files\FlatOut2
2009-07-22 12:38 . 2009-07-22 12:38 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-21 19:45 . 2008-12-21 18:52 -------- d-----r- c:\program files\Skype
2009-07-21 19:10 . 2008-12-22 13:17 -------- d-----w- c:\program files\VDOWNLOADER
2009-07-21 17:04 . 2009-07-21 17:04 -------- d-----w- c:\program files\Opera
2009-07-20 20:28 . 2009-07-20 20:28 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-07-20 20:02 . 2008-12-29 12:19 -------- d-----w- c:\program files\MP4Tool
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 09:33 . 2009-03-12 06:43 -------- d-----w- c:\program files\EA Sports
2009-07-14 07:02 . 2009-01-14 12:04 -------- d-----w- c:\program files\Electronic Arts
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 19:13 . 2009-07-07 19:13 -------- d-----w- c:\program files\DVD Photo Slideshow Professional
2009-07-05 19:38 . 2009-01-04 16:46 -------- d-----w- c:\program files\MagicDisc
2009-07-04 17:06 . 2009-07-04 17:06 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 07:15 . 2009-07-03 07:13 -------- d-----w- c:\program files\Zvířecí salón krásy
2009-06-29 16:00 . 2004-08-17 13:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-09-20 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 13:49 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-12-18 13:55 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 13:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31.3.2009 18:21 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [22.1.2009 17:01 89600]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31.3.2009 18:21 65576]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-30 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-04 13:35]

2009-08-30 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-04 08:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: {5D3D3CCE-D4C6-45B6-A85C-952672CC26EB} = 10.0.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 20:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-1993962763-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:ba,e2,32,2b,da,c1,7a,30,f4,a9,af,1d,8c,91,bf,a0,f2,6c,55,2d,c0,
8f,af,90,81,51,a7,98,cd,e2,75,96,ff,03,ce,23,fe,60,1c,c2,98,2c,5a,d9,7c,ec,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Celkový čas: 2009-08-30 20:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-30 18:15

Před spuštěním: Volných bajtů: 31 326 781 440
Po spuštění: Volných bajtů: 31 239 471 104

268 --- E O F --- 2009-08-26 11:41

Damned · Příspěvekod **Damned** » 30 srp 2009 20:29

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
d:\NTGLM7X.sys

Folder::
c:\program files\ICQ6Toolbar
c:\windows\SxsCaPendDel

DirLook::
c:\program files\1C

Driver::
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

slaavek · Příspěvekod **slaavek** » 30 srp 2009 20:54

zde to je:
ComboFix 09-08-29.01 - Administrator 30.08.2009 20:36.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.560 [GMT 2:00]
Spuštěný z: c:\z internetu\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"d:\NTGLM7X.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\windows\SxsCaPendDel

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-28 do 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 17:01 . 2009-08-30 17:04 -------- d-----w- c:\program files\FCleaner
2009-08-30 16:57 . 2009-08-30 16:57 -------- d-----w- c:\program files\Trend Micro
2009-08-30 12:12 . 2009-08-30 12:31 -------- d-----w- c:\program files\Vietcong
2009-08-30 10:45 . 2009-08-30 10:47 -------- d-----w- c:\program files\Hugo - Dobrodružství v džungli
2009-08-30 06:23 . 2008-08-20 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-30 06:23 . 2008-08-21 01:50 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2009-08-30 06:23 . 2008-08-21 02:19 425984 ----a-r- c:\windows\system32\ATIDEMGX.dll
2009-08-30 06:23 . 2008-08-21 01:37 887724 ----a-r- c:\windows\system32\ativva6x.dat
2009-08-30 06:23 . 2008-08-21 01:37 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-08-30 06:23 . 2008-08-21 01:37 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-08-30 06:23 . 2008-07-17 12:23 174818 ----a-r- c:\windows\system32\atiicdxx.dat
2009-08-30 06:23 . 2009-08-30 06:28 -------- d-----w- c:\program files\ATI Technologies
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\program files\CDBurnerXP
2009-08-27 11:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 11:16 . 2009-08-27 11:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 11:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 11:28 . 2009-08-25 11:28 -------- d-----w- c:\program files\HannahMontanaScrapbook
2009-08-25 11:28 . 2009-08-25 11:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\program files\ABC
2009-08-21 11:47 . 2009-08-30 18:36 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-21 11:36 . 2009-08-21 20:22 -------- d-----w- c:\program files\Burrrn
2009-08-20 17:44 . 2009-08-20 17:44 -------- d-----w- c:\program files\AudioLabel
2009-08-19 17:35 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-19 17:35 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-19 17:19 . 2009-08-19 17:19 -------- d-----w- c:\program files\Nero
2009-08-15 10:52 . 2009-08-25 09:40 -------- d-----w- C:\a4fe7ded47b21c9dfd84aab989
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\program files\Ashampoo
2009-08-14 18:22 . 1998-07-13 16:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2009-08-14 18:22 . 2005-02-24 12:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-08-14 18:22 . 2005-02-24 11:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-08-14 18:22 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-08-14 18:22 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-08-14 18:22 . 2000-10-01 17:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-14 18:22 . 1999-03-25 17:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-08-14 18:22 . 1998-07-12 21:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-08-14 18:22 . 1998-07-12 21:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-14 18:22 . 1998-07-12 17:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-08-14 18:22 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-14 08:00 . 2009-08-14 08:00 -------- d-----w- c:\program files\CCleaner
2009-08-12 10:18 . 2009-08-12 10:18 -------- d-----w- c:\program files\DVDFab 6
2009-08-12 05:20 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-12 05:17 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-06 14:53 . 2009-08-06 14:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-08-05 17:50 . 2009-08-05 17:50 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 17:50 . 2009-08-05 17:50 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-04 19:46 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-04 19:46 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-04 19:46 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-04 19:46 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-04 19:46 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-04 19:46 . 2009-08-19 17:35 -------- d-----w- c:\program files\VSO
2009-08-04 17:35 . 2008-02-20 14:49 495104 ----a-w- c:\windows\Spořič Twister Magic World 05.exe
2009-08-04 17:35 . 2009-08-04 17:35 -------- d-----w- c:\windows\Spořič Twister Magic World 05 Uninstaller
2009-08-04 17:35 . 2008-02-20 14:50 903680 ----a-w- c:\windows\Spořič Twister Magic World 05.scr
2009-08-03 19:29 . 2009-08-13 20:01 -------- d-----w- c:\program files\Half-Life 2 Ultimate Edition 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 17:19 . 2008-12-21 15:16 -------- d-----w- c:\program files\Logitech
2009-08-30 11:34 . 2008-12-18 15:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-30 06:46 . 2008-12-18 17:19 -------- d-----w- c:\program files\1C
2009-08-30 06:45 . 2008-12-18 14:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 08:33 . 2009-07-28 07:23 -------- d-----w- c:\program files\Empire Interactive
2009-08-19 17:35 . 2008-12-19 11:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 17:33 . 2001-09-20 12:00 97578 ----a-w- c:\windows\system32\perfc005.dat
2009-08-19 17:33 . 2001-09-20 12:00 466408 ----a-w- c:\windows\system32\perfh005.dat
2009-08-14 15:21 . 2009-02-19 18:18 -------- d-----w- c:\program files\MotoGP2
2009-08-14 15:14 . 2009-07-21 14:51 -------- d-----w- c:\program files\ESET
2009-08-12 10:21 . 2008-12-19 21:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 07:07 . 2009-01-03 18:42 -------- d-----w- c:\program files\Call of Duty
2009-08-05 13:00 . 2009-01-13 08:23 -------- d-----w- c:\program files\IObit
2009-08-05 12:58 . 2009-03-28 07:14 -------- d-----w- c:\program files\CENEGA
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 13:57 . 2009-02-14 21:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-31 09:03 . 2009-07-31 09:03 -------- d-----w- c:\program files\KONAMI
2009-07-28 07:55 . 2009-07-28 07:55 -------- d-----w- c:\program files\NovaLogic
2009-07-25 16:16 . 2009-07-25 16:11 -------- d-----w- c:\program files\FlatOut2
2009-07-22 12:38 . 2009-07-22 12:38 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-21 19:45 . 2008-12-21 18:52 -------- d-----r- c:\program files\Skype
2009-07-21 19:10 . 2008-12-22 13:17 -------- d-----w- c:\program files\VDOWNLOADER
2009-07-21 17:04 . 2009-07-21 17:04 -------- d-----w- c:\program files\Opera
2009-07-20 20:28 . 2009-07-20 20:28 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-07-20 20:02 . 2008-12-29 12:19 -------- d-----w- c:\program files\MP4Tool
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 09:33 . 2009-03-12 06:43 -------- d-----w- c:\program files\EA Sports
2009-07-14 07:02 . 2009-01-14 12:04 -------- d-----w- c:\program files\Electronic Arts
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 19:13 . 2009-07-07 19:13 -------- d-----w- c:\program files\DVD Photo Slideshow Professional
2009-07-05 19:38 . 2009-01-04 16:46 -------- d-----w- c:\program files\MagicDisc
2009-07-04 17:06 . 2009-07-04 17:06 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 07:15 . 2009-07-03 07:13 -------- d-----w- c:\program files\Zvířecí salón krásy
2009-06-29 16:00 . 2004-08-17 13:49 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-09-20 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 13:49 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-12-18 13:55 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 13:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\1C ----

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-5 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31.3.2009 18:21 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [22.1.2009 17:01 89600]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31.3.2009 18:21 65576]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-30 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-04 13:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: {5D3D3CCE-D4C6-45B6-A85C-952672CC26EB} = 10.0.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 20:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-1993962763-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:ba,e2,32,2b,da,c1,7a,30,f4,a9,af,1d,8c,91,bf,a0,f2,6c,55,2d,c0,
8f,af,90,81,51,a7,98,cd,e2,75,96,ff,03,ce,23,fe,60,1c,c2,98,2c,5a,d9,7c,ec,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2552)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Celkový čas: 2009-08-30 20:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-30 18:50
ComboFix2.txt 2009-08-30 18:15

Před spuštěním: Volných bajtů: 31 248 171 008
Po spuštění: Volných bajtů: 31 191 621 632

234 --- E O F --- 2009-08-26 11:41

A druhý:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:08, on 30.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3D3CCE-D4C6-45B6-A85C-952672CC26EB}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5496 bytes

slaavek · Příspěvekod **slaavek** » 30 srp 2009 20:59

Zatím běží normálně,Jen mi nenaskočil firewal(sunbelt) ale to možná spraví restart.Jinak jsem zatím nic nenašel, ale ukáže čas.

Damned · Příspěvekod **Damned** » 30 srp 2009 21:09

Od Keria se nic nemazalo, spíš jen nanaskočila ikona, podle ComboFixu je spuštěn.

Složku: c:\program files\1C , smaž, je prázdná (pokud sis ji nevytvořil sám třeba pro stahování).

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: - - - (no file)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config NMIndexingService start= disabled
sc stop NMIndexingService
sc delete NMIndexingService

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp. A potom vlož ještě nový log z HJT.

slaavek · Příspěvekod **slaavek** » 30 srp 2009 21:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:39, on 30.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3D3CCE-D4C6-45B6-A85C-952672CC26EB}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5394 bytes

Kontrola logu v HijackThis Vyřešeno

Kontrola logu v HijackThis Vyřešeno

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Re: Kontrola logu v HijackThis

Kdo je online