trojan.Spy.Win32.Zbot.ikh

[jakub123]

Zdravím, přes icq jsem dostal tento vir trojan.Spy.Win32.Zbot.ikh tak jsem udělal sken v Malwarebytes' Anti-Malware, kde jsem vymazal viry a restartoval počítač, ted už se mě neobjevuje bílá plocha s tím, že mám v počítači vir, ale pořád mi nejde se přihlásit k icq.

Tady je log z Combofix a díky za rady





ComboFix 09-10-13.01 - WinXP 14.10.2009 17:02.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2571 [GMT 2:00]
Spuštěný z: c:\documents and settings\WinXP\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2398e1.msi
c:\windows\Installer\5348fb.msi
c:\windows\Installer\b97fa8.msi
c:\windows\system32\ieuinit.inf
D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-14 do 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 14:55 . 2009-10-14 14:55 -------- d-----w- c:\program files\ICQ6Toolbar
2009-10-14 14:53 . 2009-10-14 14:56 -------- d-----w- c:\program files\ICQ6.5
2009-10-14 14:34 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 14:34 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 14:34 . 2009-10-14 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 19:46 . 2009-10-10 19:46 -------- d-----w- C:\Team17
2009-10-06 17:43 . 2009-10-06 17:43 491520 ----a-w- c:\windows\WebIE.dll
2009-10-06 17:43 . 2009-10-06 17:43 294912 ----a-w- c:\windows\TrnWord.dll
2009-10-06 17:43 . 2009-10-06 17:43 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-10-06 17:43 . 2009-10-06 17:43 356352 ----a-w- c:\windows\TrnOutl.dll
2009-10-06 17:43 . 2009-10-06 17:43 26624 ----a-w- c:\windows\OETRN.EXE
2009-10-06 17:43 . 2009-10-06 17:43 200704 ----a-w- c:\windows\TRNOET.DLL
2009-10-03 14:55 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\windows\SHELLNEW
2009-10-03 11:33 . 2009-10-03 11:33 -------- d-----w- c:\documents and settings\WinXP\AbiSuite
2009-10-03 11:31 . 2009-10-03 11:31 -------- d-----w- c:\program files\AbiWord
2009-10-03 11:17 . 2009-10-03 11:17 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 11:15 . 2009-10-03 11:15 -------- d-----r- C:\MSOCache
2009-10-03 10:40 . 2009-10-03 10:40 -------- d-----w- C:\ŠKOLNÍ ŠABLONY
2009-10-01 15:54 . 2009-10-01 15:57 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-10-01 15:53 . 2009-10-01 15:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-01 15:53 . 2009-10-01 15:53 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-01 15:53 . 2009-10-01 16:01 -------- d-----w- c:\program files\SolidWorks Corp
2009-10-01 15:52 . 2009-10-01 15:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-01 15:51 . 2009-10-01 15:51 -------- d-----w- c:\program files\MSECache
2009-10-01 15:50 . 2009-10-01 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-01 15:50 . 2009-10-01 15:50 -------- d-----w- c:\program files\Microsoft.NET
2009-10-01 15:49 . 2009-10-03 12:16 -------- d-----w- C:\SolidWorks Data
2009-10-01 15:48 . 2009-10-01 15:48 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2009-10-01 15:48 . 2009-10-01 15:49 -------- d-----w- c:\windows\SolidWorks
2009-09-28 02:42 . 2009-09-28 02:42 -------- d-----w- c:\program files\WinXMedia
2009-09-25 11:46 . 2009-09-25 11:46 -------- d-----w- c:\program files\Activision
2009-09-20 20:25 . 2009-09-20 20:24 737280 ----a-w- c:\windows\iun6002.exe
2009-09-20 20:25 . 2009-09-20 20:25 -------- d-----w- c:\program files\Codec Pack - All In 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 14:42 . 2009-07-23 16:32 16608 ----a-w- c:\windows\gdrv.sys
2009-10-10 21:11 . 2009-08-28 17:07 -------- d-----w- c:\program files\Hamachi
2009-10-10 19:51 . 2009-08-28 17:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-10-10 19:46 . 2009-07-23 16:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 10:44 . 2001-10-25 12:00 90816 ----a-w- c:\windows\system32\perfc005.dat
2009-10-02 10:44 . 2001-10-25 12:00 458200 ----a-w- c:\windows\system32\perfh005.dat
2009-09-15 07:19 . 2009-09-09 19:44 -------- d-----w- c:\program files\AudioCommander
2009-09-14 17:38 . 2009-07-25 13:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-14 17:38 . 2009-07-25 13:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-12 11:00 . 2009-07-26 11:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-09 19:40 . 2009-09-09 19:40 -------- d-----w- c:\program files\Xilisoft
2009-09-09 19:37 . 2009-09-09 19:37 -------- d-----w- c:\program files\AnvSoft
2009-09-09 14:39 . 2009-09-09 14:39 -------- d-----w- c:\program files\Acala 3GP Movies Free
2009-09-09 14:37 . 2009-09-09 14:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-06 19:04 . 2009-09-06 19:04 -------- d-----w- c:\program files\DsNET Corp
2009-09-06 19:00 . 2009-07-25 12:28 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-06 18:56 . 2009-07-26 10:03 -------- d-----w- c:\program files\Opera
2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\program files\OPERA 1
2009-09-06 16:42 . 2009-09-06 16:42 -------- d-----w- c:\program files\Codemasters
2009-09-06 16:40 . 2009-09-06 16:40 -------- d-----w- c:\program files\Racedriver GRID
2009-09-06 16:40 . 2009-09-02 18:21 -------- d-----w- c:\program files\Activision(2)
2009-09-06 16:39 . 2009-09-06 16:39 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-29 01:23 . 2009-08-29 01:23 -------- d-----w- c:\program files\LS
2009-08-28 11:17 . 2009-08-28 11:16 -------- d-----w- c:\program files\The KMPlayer
2009-08-28 10:23 . 2009-08-28 10:23 -------- d-----w- c:\program files\ICQ 6 Password Hasher
2009-08-14 14:23 . 2009-08-14 14:23 4096 ----a-w- c:\windows\d3dx.dat
2009-08-05 09:07 . 2004-08-17 14:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:13 . 2009-08-03 12:13 7702 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-02 20:42 . 2009-07-28 16:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-26 13:33 . 2009-07-25 13:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 13:33 . 2009-07-26 13:33 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-25 16:00 . 2009-07-25 16:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-25 16:00 . 2009-07-25 16:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-25 12:35 . 2009-07-25 12:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-23 16:22 . 2009-07-23 16:22 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-23 10:48 . 2009-07-23 10:48 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-17 18:57 . 2004-08-17 14:49 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2009-04-16 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-20 200704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-24 113664]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Racedriver GRID\\GridGameFiles\\GRID.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\motogp 08\\Launcher.exe"=
"d:\\HRY\\street fighter IV\\StreetFighterIV.exe"=
"d:\\HRY\\gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\call of duty 5\\CoDWaWmp.exe"=
"d:\\HRY\\call of duty 5\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.8.2009 15:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.8.2009 15:56 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [23.7.2009 18:33 68136]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.10.2009 16:55 222968]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [23.7.2009 12:42 93184]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [19.3.2009 11:31 83240]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ICQ_SERVICE
.
Obsah adresáře 'Naplánované úlohy'

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-OEXPRESS - (no file)
AddRemove-FlatOut Ultimate Carnage - d:\rld\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-Vypínač na dobrou noc_is1 - c:\program files\Vypínač na dobrou noc\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 17:05
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2147127641-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:95,9b,d1,42,e3,44,a9,a2,7e,93,bb,90,fe,01,c8,50,62,8e,39,1d,c8,
d7,0f,dd,69,03,bc,24,57,b3,a8,f3,bc,58,05,88,a0,f3,44,b0,bb,ac,77,e5,b6,5c,\
"rkeysecu"=hex:11,fe,7a,72,b0,31,f0,22,b0,47,ae,24,2f,73,6d,61

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-14 17:06
ComboFix-quarantined-files.txt 2009-10-14 15:06

Před spuštěním: 8 875 102 208
Po spuštění: 9 224 118 272

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

210 --- E O F --- 2009-10-06 20:02

[Reklama]

[pitimir]

Zdar...

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Restore::
c:\windows\system32\sfcfiles.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

DDS::
uStart Page = hxxp://start.icq.com/

Folder::
c:\program files\ICQ6Toolbar

Driver::
ICQ Service

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[jakub123]

ComboFix 09-10-13.01 - WinXP 14.10.2009 19:11.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3070.2531 [GMT 2:00]
Spuštěný z: c:\documents and settings\WinXP\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\WinXP\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

c:\windows\system32\sfcfiles.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-14 do 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 14:53 . 2009-10-14 14:56 -------- d-----w- c:\program files\ICQ6.5
2009-10-14 14:34 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 14:34 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 14:34 . 2009-10-14 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 19:46 . 2009-10-10 19:46 -------- d-----w- C:\Team17
2009-10-06 17:43 . 2009-10-06 17:43 491520 ----a-w- c:\windows\WebIE.dll
2009-10-06 17:43 . 2009-10-06 17:43 294912 ----a-w- c:\windows\TrnWord.dll
2009-10-06 17:43 . 2009-10-06 17:43 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-10-06 17:43 . 2009-10-06 17:43 356352 ----a-w- c:\windows\TrnOutl.dll
2009-10-06 17:43 . 2009-10-06 17:43 26624 ----a-w- c:\windows\OETRN.EXE
2009-10-06 17:43 . 2009-10-06 17:43 200704 ----a-w- c:\windows\TRNOET.DLL
2009-10-03 14:55 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\windows\SHELLNEW
2009-10-03 11:33 . 2009-10-03 11:33 -------- d-----w- c:\documents and settings\WinXP\AbiSuite
2009-10-03 11:31 . 2009-10-03 11:31 -------- d-----w- c:\program files\AbiWord
2009-10-03 11:17 . 2009-10-03 11:17 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 11:15 . 2009-10-03 11:15 -------- d-----r- C:\MSOCache
2009-10-03 10:40 . 2009-10-03 10:40 -------- d-----w- C:\ŠKOLNÍ ŠABLONY
2009-10-01 15:54 . 2009-10-01 15:57 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-10-01 15:53 . 2009-10-01 15:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-01 15:53 . 2009-10-01 15:53 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-01 15:53 . 2009-10-01 16:01 -------- d-----w- c:\program files\SolidWorks Corp
2009-10-01 15:52 . 2009-10-01 15:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-01 15:51 . 2009-10-01 15:51 -------- d-----w- c:\program files\MSECache
2009-10-01 15:50 . 2009-10-01 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-01 15:50 . 2009-10-01 15:50 -------- d-----w- c:\program files\Microsoft.NET
2009-10-01 15:49 . 2009-10-03 12:16 -------- d-----w- C:\SolidWorks Data
2009-10-01 15:48 . 2009-10-01 15:48 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2009-10-01 15:48 . 2009-10-01 15:49 -------- d-----w- c:\windows\SolidWorks
2009-09-28 02:42 . 2009-09-28 02:42 -------- d-----w- c:\program files\WinXMedia
2009-09-25 11:46 . 2009-09-25 11:46 -------- d-----w- c:\program files\Activision
2009-09-20 20:25 . 2009-09-20 20:24 737280 ----a-w- c:\windows\iun6002.exe
2009-09-20 20:25 . 2009-09-20 20:25 -------- d-----w- c:\program files\Codec Pack - All In 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 17:15 . 2009-07-23 16:32 16608 ----a-w- c:\windows\gdrv.sys
2009-10-10 21:11 . 2009-08-28 17:07 -------- d-----w- c:\program files\Hamachi
2009-10-10 19:51 . 2009-08-28 17:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-10-10 19:46 . 2009-07-23 16:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 10:44 . 2001-10-25 12:00 90816 ----a-w- c:\windows\system32\perfc005.dat
2009-10-02 10:44 . 2001-10-25 12:00 458200 ----a-w- c:\windows\system32\perfh005.dat
2009-09-15 07:19 . 2009-09-09 19:44 -------- d-----w- c:\program files\AudioCommander
2009-09-14 17:38 . 2009-07-25 13:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-14 17:38 . 2009-07-25 13:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-12 11:00 . 2009-07-26 11:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-09 19:40 . 2009-09-09 19:40 -------- d-----w- c:\program files\Xilisoft
2009-09-09 19:37 . 2009-09-09 19:37 -------- d-----w- c:\program files\AnvSoft
2009-09-09 14:39 . 2009-09-09 14:39 -------- d-----w- c:\program files\Acala 3GP Movies Free
2009-09-09 14:37 . 2009-09-09 14:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-06 19:04 . 2009-09-06 19:04 -------- d-----w- c:\program files\DsNET Corp
2009-09-06 19:00 . 2009-07-25 12:28 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-06 18:56 . 2009-07-26 10:03 -------- d-----w- c:\program files\Opera
2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\program files\OPERA 1
2009-09-06 16:42 . 2009-09-06 16:42 -------- d-----w- c:\program files\Codemasters
2009-09-06 16:40 . 2009-09-06 16:40 -------- d-----w- c:\program files\Racedriver GRID
2009-09-06 16:40 . 2009-09-02 18:21 -------- d-----w- c:\program files\Activision(2)
2009-09-06 16:39 . 2009-09-06 16:39 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-29 01:23 . 2009-08-29 01:23 -------- d-----w- c:\program files\LS
2009-08-28 11:17 . 2009-08-28 11:16 -------- d-----w- c:\program files\The KMPlayer
2009-08-28 10:23 . 2009-08-28 10:23 -------- d-----w- c:\program files\ICQ 6 Password Hasher
2009-08-14 14:23 . 2009-08-14 14:23 4096 ----a-w- c:\windows\d3dx.dat
2009-08-05 09:07 . 2004-08-17 14:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:13 . 2009-08-03 12:13 7702 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-02 20:42 . 2009-07-28 16:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-26 13:33 . 2009-07-25 13:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 13:33 . 2009-07-26 13:33 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-25 16:00 . 2009-07-25 16:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-25 16:00 . 2009-07-25 16:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-25 12:35 . 2009-07-25 12:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-23 16:22 . 2009-07-23 16:22 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-23 10:48 . 2009-07-23 10:48 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-17 18:57 . 2004-08-17 14:49 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2009-04-16 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-14_15.05.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-14 17:16 . 2009-10-14 17:16 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2009-10-14 17:15 . 2009-10-14 17:15 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2009-10-14 17:07 . 2009-10-14 17:07 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-20 200704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-24 113664]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Racedriver GRID\\GridGameFiles\\GRID.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\motogp 08\\Launcher.exe"=
"d:\\HRY\\street fighter IV\\StreetFighterIV.exe"=
"d:\\HRY\\gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\call of duty 5\\CoDWaWmp.exe"=
"d:\\HRY\\call of duty 5\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.8.2009 15:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.8.2009 15:56 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [23.7.2009 18:33 68136]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [23.7.2009 12:42 93184]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [19.3.2009 11:31 83240]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 19:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2147127641-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:95,9b,d1,42,e3,44,a9,a2,7e,93,bb,90,fe,01,c8,50,62,8e,39,1d,c8,
d7,0f,dd,69,03,bc,24,57,b3,a8,f3,bc,58,05,88,a0,f3,44,b0,bb,ac,77,e5,b6,5c,\
"rkeysecu"=hex:11,fe,7a,72,b0,31,f0,22,b0,47,ae,24,2f,73,6d,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2336)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Manac:\program files\DAEMON Tools Lite\daemon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Celkový čas: 2009-10-14 19:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-14 17:18
ComboFix2.txt 2009-10-14 17:01
ComboFix3.txt 2009-10-14 15:06

Před spuštěním: 9 092 390 912
Po spuštění: 9 040 146 432

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
213 --- E O F --- 2009-10-06 20:02

[pitimir]

Ako som predpokladal...mas tam infikovany systemovy subor, skusime pohladat nejaku nahradu (upozornujem rovno - ak ju nenajdeme, bude nutne ju tam dostat inym sposobom - najlepsie bude doinstalovat SP3).

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
SRPeek::
c:\windows\system32\sfcfiles.dll

FixCSet::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[pajulij]

mam problem... pocitac mi napadl tento vir, ale vzhledem k tomu, že nejsem moc přes počítače tak té vaší konverzaci tady, co mám a co nemám udělat vůbec nerozumím.. nemohl by mi to někdo vysvětlit co s tím mám dělat abych to pochopila i ja..? díky

[pajulij]

ahojky.. pc i nakazil tento vir.. nwm co s tim dal..

ComboFix 09-10-25.02 - Administrator 26.10.2009 10:35.1.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.312 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\0001B9F4
c:\program files\MyWebSearch\bar\Cache\0002110D
c:\program files\MyWebSearch\bar\Cache\000248F6
c:\program files\MyWebSearch\bar\Cache\001864B0.bin
c:\program files\MyWebSearch\bar\Cache\0018679E.bin
c:\program files\MyWebSearch\bar\Cache\00186983.bin
c:\program files\MyWebSearch\bar\Cache\00472A04
c:\program files\MyWebSearch\bar\Cache\00476289.bin
c:\program files\MyWebSearch\bar\Cache\00476A97.bin
c:\program files\MyWebSearch\bar\Cache\00477054.bin
c:\program files\MyWebSearch\bar\Cache\0047767E.bin
c:\program files\MyWebSearch\bar\Cache\004D1287.bin
c:\program files\MyWebSearch\bar\Cache\01162A05.bin
c:\program files\MyWebSearch\bar\Cache\0116403D.bin
c:\program files\MyWebSearch\bar\Cache\01165115.bin
c:\program files\MyWebSearch\bar\Cache\01165E15.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\portmap.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-26 do 2009-10-26 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 07:12 . 2002-09-23 13:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-10-26 07:12 . 2002-09-23 13:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-10-26 07:11 . 2009-05-02 17:13 -------- d-----w- c:\program files\lg_fwupdate
2009-10-23 13:34 . 2008-02-17 19:05 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 17:18 . 2009-07-16 07:00 -------- d-----w- c:\program files\KwinzySrch
2009-09-11 14:19 . 2004-08-17 15:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 13:54 . 2009-09-03 13:54 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 15:51 . 2009-08-30 15:51 -------- d-----w- c:\program files\Ask.com
2009-08-30 15:50 . 2009-08-30 15:50 -------- d-----w- c:\program files\DsNET Corp
2009-08-29 07:31 . 2004-08-17 15:49 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:30 . 2004-08-17 15:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:30 . 2004-08-17 15:49 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2004-08-17 15:49 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-17 15:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2004-08-17 15:45 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:29 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
2009-07-20 22:10 815104 ----a-w- c:\program files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 16:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll" [2009-07-20 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-17 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pajˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-5-14 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-07 09:27 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\instalace(2)\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.5.2008 17:08 107272]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.5.2008 17:08 325128]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2.8.2008 15:14 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2.8.2008 15:14 231704]
S2 gupdate1ca071b8e26e7ca;Služba Google Update (gupdate1ca071b8e26e7ca);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2009 21:17 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 17:23 222968]
S2 KwinzySrch Service;KwinzySrch Service;c:\documents and settings\All Users\Data aplikací\KwinzySrch\kwinzy147.exe [21.10.2009 13:44 54760]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2.5.2009 16:43 2831232]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7021 v2.00\HwIOctl.sys --> c:\program files\Setup Files\MS-7021 v2.00\HwIOctl.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 20:16]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 20:16]

2009-10-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 16:11]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mah ... uncher.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\st8cuyqx.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-Easy CD Ripper - c:\program files\Kongsoft\Easy CD Ripper\uninst.exe
AddRemove-EVEREST Ultimate Edition_is1 - c:\program files\Lavalys\EVEREST Ultimate Edition\unins000.exe
AddRemove-G-Force - c:\program files\SoundSpectrum\G-Force\Uninstall.exe
AddRemove-Hamachi - c:\program files\Hamachi\uninstall.exe
AddRemove-KLiteCodecPack_is1 - d:\instalace(2)\K-Lite Codec Pack\unins000.exe
AddRemove-ObjectDock - c:\progra~1\Stardock\OBJECT~1\UNWISE.EXE
AddRemove-{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1 - c:\program files\ACE Mega CoDecS Pack\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 10:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\AlienGUIse\fastload.dll
.
Celkový čas: 2009-10-26 10:40
ComboFix-quarantined-files.txt 2009-10-26 09:40

Před spuštěním: 2 750 971 904
Po spuštění: 4 464 746 496

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FD9C8E23EE308BC96146168DADC31F00

[pajulij]

potřebuji radu prosím.....

[pajulij]

mam tu nejaky vysledek.. windows tak nejak jde ale mam vse sprehazene...

ComboFix 09-10-25.02 - Administrator 26.10.2009 12:33.1.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.XYX-1BFF5F0C5B5\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.XYX-1BFF5F0C5B5\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\sfcfiles.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-26 do 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 09:51 . 2009-10-26 09:51 -------- dcsh--w- c:\documents and settings\Administrator.XYX-1BFF5F0C5B5\Cookies

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 11:39 . 2009-05-02 17:13 -------- d-----w- c:\program files\lg_fwupdate
2009-10-26 11:37 . 2009-10-26 09:50 786432 ---ha-w- c:\documents and settings\Administrator.XYX-1BFF5F0C5B5\NTUSER.DAT
2009-10-26 07:12 . 2002-09-23 13:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-10-26 07:12 . 2002-09-23 13:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-10-23 13:34 . 2008-02-17 19:05 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 17:18 . 2009-07-16 07:00 -------- d-----w- c:\program files\KwinzySrch
2009-09-11 14:19 . 2004-08-17 15:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 13:54 . 2009-09-03 13:54 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 15:51 . 2009-08-30 15:51 -------- d-----w- c:\program files\Ask.com
2009-08-30 15:50 . 2009-08-30 15:50 -------- d-----w- c:\program files\DsNET Corp
2009-08-29 07:31 . 2004-08-17 15:49 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:30 . 2004-08-17 15:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:30 . 2004-08-17 15:49 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2004-08-17 15:49 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-17 15:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2004-08-17 15:45 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:29 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
2009-07-20 22:10 815104 ----a-w- c:\program files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 16:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll" [2009-07-20 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.2\Video_Download_Toolbar.dll" [2009-07-20 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-22 68856]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-02-05 417528]
"Google Update"="c:\documents and settings\Pajík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-17 133104]
"ICQ"="d:\instalace(2)\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [BU]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-17 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"My Web Search Bar Search Scope Monitor"="c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [BU]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pajˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-5-14 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-07 09:27 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\instalace(2)\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.5.2008 17:08 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.5.2008 17:08 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2.8.2008 15:14 231704]
R2 KwinzySrch Service;KwinzySrch Service;c:\documents and settings\All Users\Data aplikací\KwinzySrch\kwinzy147.exe [21.10.2009 13:44 54760]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2.5.2009 16:43 2831232]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2.8.2008 15:14 875288]
S2 gupdate1ca071b8e26e7ca;Služba Google Update (gupdate1ca071b8e26e7ca);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2009 21:17 133104]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7021 v2.00\HwIOctl.sys --> c:\program files\Setup Files\MS-7021 v2.00\HwIOctl.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 20:16]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 20:16]

2009-10-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 16:11]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mah ... uncher.cab
FF - ProfilePath - c:\documents and settings\Pajík\Data aplikací\Mozilla\Firefox\Profiles\c3o1nyqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
HKCU-Run-Picasa Media Detector - d:\pája + péťa\Picasa2\PicasaMediaDetector.exe
HKCU-Run-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 12:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1220945662-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(1840)
c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
c:\program files\KwinzySrch\kwinzy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Zoner\Callisto 4\Program\fshex40.dll
c:\program files\Zoner\Callisto 4\Program\FShEx40Res.CZ
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\CursorFX\CurXP0.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\combofix\CF20614.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\devldr32.exe
c:\program files\KwinzySrch\kwinzy.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-26 12:43 - počítač byl restartován [Pajík]
ComboFix-quarantined-files.txt 2009-10-26 11:43

Před spuštěním: 4 446 842 880
Po spuštění: 3 807 105 024

- - End Of File - - C8945C13DB47AAEE1C6F9DBAEDC10923

[pajulij]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3034
Windows 5.1.2600 Service Pack 3

26.10.2009 13:01:29
mbam-log-2009-10-26 (13-01-29).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111711
Uplynulý čas: 4 minute(s), 51 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 63
Infikované hodnoty registru: 3
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Pajík\Nabídka Start\Programy\Po spuštění\Quick Office.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

[pajulij]

po čtyřech hodinách snažení jsem bez viru;-)

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3034
Windows 5.1.2600 Service Pack 3

26.10.2009 13:13:15
mbam-log-2009-10-26 (13-13-15).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111706
Uplynulý čas: 4 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[pitimir]

pajulij prosim ta do buducna...

1) zaloz si vlastny thread
2) nepouzivaj bezhlavo nastroje najdene na nete, mohli viac uskodit ako pomoct (mas sakra stastie)
3) to iste sa tyka aj toho scriptu - sakra prace, ved to musi byt jasne, ze tvoj PC a PC jakub123-a

Dufam, ze je to jasne