trojan spy win 32 zbot ikh

maccuc · Příspěvekod **maccuc** » 17 říj 2009 18:27

dobry den vcera se mi nejak dostal do pc tento vir hodilo to obrazovku s blabolama ze musim poslat sms a dostanu kod pres ktery se do systemu dostanu restartoval jsem pc a objevili se nejake chybove hlasky ale s pc slo pracovat prohledal jsem tedy pc programem Malwarebytes anti-malware a smazal infikovane soubory nyni uz se nezobrazuje ani obrazovka s odeslanim sms a ani chybove hlasky ale stale nemuzu spustit spravce uloh.Vim ze uz se to tu nekde resilo ale nikde jsem nenalezl odpoved na muj problem dekuji za jakkoukoliv pomoc

Reklama

Damned · Příspěvekod **Damned** » 17 říj 2009 18:57

Vítám tě.
Stáhni si z mého podpisu HijackThis, podle návodu udělej log a vlož mi ho sem.

maccuc · Příspěvekod **maccuc** » 17 říj 2009 19:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:48, on 17.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F3 - REG:win.ini: run=C:\Windows\system32\portmap.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9eab5276f1020) (gupdate1c9eab5276f1020) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10269 bytes

Damned · Příspěvekod **Damned** » 17 říj 2009 19:19

Odinstaluj ICQ6Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F3 - REG:win.ini: run=C:\Windows\system32\portmap.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

maccuc · Příspěvekod **maccuc** » 18 říj 2009 13:37

ComboFix 09-10-17.01 - Tom 18.10.2009 13:21.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.2327 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\users\Tom\AppData\Roaming\Desktopicon
c:\users\Tom\AppData\Roaming\Desktopicon\config.ini
c:\windows\Installer\30eed.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-18 do 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-18 11:32 . 2009-10-18 11:32 -------- d-----w- c:\users\Tom\AppData\Local\temp
2009-10-18 11:32 . 2009-10-18 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-17 17:06 . 2009-10-17 17:06 -------- d-----w- c:\program files\Trend Micro
2009-10-17 17:06 . 2009-10-17 17:06 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
2009-10-17 12:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\programdata\Malwarebytes
2009-10-17 12:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:36 . 2009-10-17 12:36 4045528 ----a-w- C:\mbam-setup-1.41.exe
2009-10-16 17:40 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 17:40 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 17:40 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 17:40 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 17:38 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 17:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 13:01 . 2009-10-15 17:51 -------- d-----w- c:\programdata\DassaultSystemes
2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DassaultSystemes
2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\users\Tom\AppData\Local\DassaultSystemes
2009-10-13 14:16 . 2009-10-13 14:16 -------- d-----w- C:\TC15
2009-10-13 14:16 . 2009-10-13 14:16 -------- d-----w- C:\totalcmd
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\programdata\IMSIDesign
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\program files\IMSIDesign
2009-10-13 13:34 . 2009-10-13 13:34 -------- d-----w- c:\users\Tom\AppData\Roaming\IMSIDesign
2009-10-13 13:33 . 2009-10-13 13:45 -------- d-----w- c:\program files\TurboCAD Professional 15 Setup
2009-10-13 13:32 . 2009-10-13 13:33 -------- d-----w- C:\turbo cad
2009-10-03 05:55 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 05:49 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 05:49 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 05:49 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 05:49 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 05:49 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 05:49 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 05:49 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 05:49 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 05:49 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-19 14:49 . 2009-09-19 14:50 -------- d-----w- C:\models
2009-09-19 14:45 . 2009-09-19 14:46 443745 ----a-w- C:\GTASA_Garage_Mod_Manager(2).zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 11:22 . 2008-04-17 10:34 602086 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 11:22 . 2008-04-17 10:34 116182 ----a-w- c:\windows\system32\perfc005.dat
2009-10-18 11:15 . 2009-03-04 23:32 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-10-18 11:14 . 2009-03-04 20:24 4268 ----a-w- c:\windows\bthservsdp.dat
2009-10-16 19:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 18:55 . 2009-03-04 20:32 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 13:09 . 2009-09-24 15:43 1032 ----a-w- c:\windows\_profsect_0001.tmp
2009-10-15 12:49 . 2009-06-05 17:16 -------- d-----w- c:\programdata\IMSI
2009-10-15 12:49 . 2009-06-05 17:16 -------- d-----w- c:\program files\IMSI
2009-10-15 12:48 . 2009-06-05 17:27 -------- d-----w- c:\users\Tom\AppData\Roaming\IMSI
2009-09-17 17:53 . 2009-06-07 10:58 -------- d-----w- c:\program files\EA SPORTS
2009-09-17 17:39 . 2009-09-17 17:39 -------- d-----w- c:\users\Tom\AppData\Roaming\Leadertech
2009-09-11 11:06 . 2009-07-28 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 20:36 . 2009-09-04 20:36 -------- d-----w- c:\program files\VersalSoft
2009-09-04 20:36 . 2009-09-04 20:36 -------- d-----w- c:\program files\Universal
2009-09-04 20:34 . 2009-09-04 20:34 3521072 ----a-w- C:\UFileDownloadTrial.EXE
2009-09-04 14:54 . 2009-09-04 14:54 -------- d-----w- c:\users\Tom\AppData\Roaming\Media Player Classic
2009-09-04 14:54 . 2009-09-04 14:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-04 14:53 . 2009-09-04 14:53 12352387 ----a-w- C:\K-LiteCodecPack510Full.exe
2009-09-04 14:47 . 2009-06-05 19:59 -------- d-----w- c:\program files\QuickTime
2009-09-03 07:22 . 2009-06-13 16:29 -------- d-----w- c:\users\Tom\AppData\Roaming\PC Suite
2009-09-01 16:02 . 2009-09-01 16:02 4179293 ----a-w- C:\everesthome220.exe
2009-08-29 00:27 . 2009-09-02 20:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-21 15:08 . 2009-06-05 20:01 -------- d-----w- c:\users\Tom\AppData\Roaming\Apple Computer
2009-08-20 20:11 . 2009-08-20 20:11 -------- d-----w- c:\program files\iTunes
2009-08-20 20:11 . 2009-08-20 20:11 -------- d-----w- c:\program files\iPod
2009-08-20 20:11 . 2009-06-05 19:57 -------- d-----w- c:\program files\Common Files\Apple
2009-08-20 19:59 . 2009-06-05 19:57 -------- d-----w- c:\programdata\Apple
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 09:46 . 2009-08-17 09:46 308160 ----a-w- C:\avast_home_setup.exe
2009-08-16 15:08 . 2009-09-04 14:53 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-15 19:17 . 2009-06-13 10:39 680 ----a-w- c:\users\Tom\AppData\Local\d3d9caps.dat
2009-08-14 16:27 . 2009-09-10 15:29 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 15:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 15:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 15:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 15:29 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 15:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 15:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 15:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 15:29 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 15:29 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 15:29 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 22:54 . 2009-08-12 22:54 10583362 ----a-w- C:\pspvideo9-408-setup.exe
2009-08-11 18:14 . 2009-08-11 18:14 3615443 ----a-w- C:\Holiday_Dancer.exe
2009-08-11 16:52 . 2009-08-11 16:44 3 ----a-w- c:\windows\sbacknt.bin
2009-08-11 16:44 . 2009-08-11 16:44 152904 ----a-w- c:\windows\system32\vghd.scr
2009-08-06 22:59 . 2009-08-06 22:59 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-01 18:37 . 2009-08-01 18:37 3605303 ----a-w- C:\uiso9_pe.exe
2009-07-28 10:29 . 2009-05-14 15:26 129880 ----a-w- c:\users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-08-01 15:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 15:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 15:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 15:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-03-04 47672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):dd,a8,0b,fa,97,0f,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A347E5B-BB8F-4F3D-A8C2-91F2A2A5BFC8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8C1B309D-CAB4-45A7-A682-EA7198E2C73E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B4B10B75-1223-4916-96C8-5B71AD557C7A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CF749964-DDDC-4103-8BDC-A5A827E3BD13}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{11FECEFE-DAEB-43D0-AA04-A425C64BABF2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EF586725-5EA6-419B-B8DA-A66B1A794353}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{849D0E4A-325B-454F-8725-C3CC709162CB}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{6A29F7A9-CB3E-4BF7-8C36-53E591EF75A9}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{50F23E9E-CF89-4826-82E1-3872E364C3AA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8F879A6F-D369-495E-BECE-AB753A8AB067}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D31FEE14-7494-4A75-8173-662BE9A94546}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{EBB8073D-69DE-4451-9152-8C2FDC8BF497}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{A5798138-E3B3-451B-B2BB-92D5A00CC6F4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{31A9D394-704B-4F05-91E9-AAB363B8C0ED}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D2C4A8F8-3CDA-4FF4-A247-EB3CAD29AEBE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3F553E1E-A0A6-4D08-A93A-F526A23B73CF}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A96AA188-1744-462C-AC45-5BD2E80CE034}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F445901E-94C2-4B86-816A-CE0727640166}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{38B675F5-8C90-494A-89A6-8CF224C2BDDA}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6C9A1EA7-4541-410C-BB62-E08937F4283B}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{CD49A41B-C574-4D9C-A0EB-6A93EFB35D06}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{29618AA5-A58A-41CA-BB0A-702C59AD8908}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{05F54E38-583D-4832-9506-7660B7CF94C2}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{54760FD4-08E4-45AD-9A9D-E54C2EA0B160}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{98BC23FA-625D-4C3E-A5A8-99B7B72667D9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{46BDB519-8FD3-42F7-8386-EF97AACB0514}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{BEEB02E3-511E-4CF7-BEBA-F2917E23FA81}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{6C66DF91-7D7D-460D-8083-C0872D5D6AEC}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{2A46D3D1-52D9-4440-98DA-B888B568D7B9}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{510635F7-719C-4CA8-8ACE-D27A68F6B78F}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{7198DA2C-AEBF-4319-BAE9-410394220D8A}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{12368DAC-55FB-48E3-AB9B-EA7EC1790938}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{8F868158-4823-4852-B93B-EA8C35D72AF5}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{F0EF7139-4AB5-4651-A4F4-37C7B83F79A3}c:\\program files\\left4dead\\hl2.exe"= UDP:c:\program files\left4dead\hl2.exe:hl2
"UDP Query User{1ED90140-8E50-4C0A-8AFE-10B33CACD7C8}c:\\program files\\left4dead\\hl2.exe"= TCP:c:\program files\left4dead\hl2.exe:hl2
"{8B252D2F-D2E6-469E-BA63-7309CDDED3FD}"= UDP:d:\ea games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{5F2EBAF2-A315-4E99-87D9-B70790F77D93}"= TCP:d:\ea games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"TCP Query User{A8B046AB-B14D-421C-B52C-B0EBDE4C8912}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{AC142B78-3865-4587-B210-47CA44666CC4}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{10EE54B7-4BEE-4B4E-A200-E0E53BF9A323}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{93FBA2B7-5BEA-462C-8FA2-B18507FA8001}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [5.3.2009 1:21 15416]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17.8.2009 12:49 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17.8.2009 12:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17.8.2009 12:49 51792]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [5.3.2009 0:58 29736]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [5.3.2009 0:37 22072]
S2 gupdate1c9eab5276f1020;Služba Google Update (gupdate1c9eab5276f1020);c:\program files\Google\Update\GoogleUpdate.exe [11.6.2009 18:53 133104]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [7.4.2008 8:00 6656]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14.5.2009 17:35 55264]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.3.2009 0:15 30192]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.6.2009 12:20 222456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 16:53]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 16:53]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{8AA94CD0-9F7D-4FEA-96C7-73BB69854228}.job
- c:\windows\system32\msfeedssync.exe [2009-08-01 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {00147ADE-8525-4EB9-B689-AC1CDF8EFA5E} = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-vghd - c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
AddRemove-{50D42071-5C68-4FE7-80A8-C8BB11E7AFCE} - d:\hitman contracts\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 13:32
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-10-18 13:35
ComboFix-quarantined-files.txt 2009-10-18 11:35

Před spuštěním: Volných bajtů: 13 324 701 696
Po spuštění: Volných bajtů: 14 274 924 544

294 --- E O F --- 2009-10-16 18:56

maccuc · Příspěvekod **maccuc** » 18 říj 2009 13:46

tak spravce uloh uz mi funguje :) je potreba jeste neco udelat?a to icq si muzu nainstalovat znovu?

Příspěvekod **jaro3** » 18 říj 2009 14:49

Ještě ne.
Zaskočím..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\acovcnt.exe
c:\windows\bthservsdp.dat
c:\windows\_profsect_0001.tmp
c:\users\Tom\AppData\Local\d3d9caps.dat

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

maccuc · Příspěvekod **maccuc** » 18 říj 2009 16:22

ComboFix 09-10-17.01 - Tom 18.10.2009 15:42.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.2113 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tom\Desktop\CFScript.txt

FILE ::
"c:\users\Tom\AppData\Local\d3d9caps.dat"
"c:\windows\_profsect_0001.tmp"
"c:\windows\bthservsdp.dat"
"c:\windows\system32\acovcnt.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tom\AppData\Local\d3d9caps.dat
c:\windows\_profsect_0001.tmp
c:\windows\bthservsdp.dat
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-18 do 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-18 13:50 . 2009-10-18 13:53 -------- d-----w- c:\users\Tom\AppData\Local\temp
2009-10-18 13:50 . 2009-10-18 13:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-18 13:50 . 2009-10-18 13:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-18 12:18 . 2009-10-18 12:20 -------- d-----w- c:\program files\ICQ6.5
2009-10-18 12:02 . 2009-10-18 12:02 16918824 ----a-w- C:\install_icq65.exe
2009-10-17 17:06 . 2009-10-17 17:06 -------- d-----w- c:\program files\Trend Micro
2009-10-17 17:06 . 2009-10-17 17:06 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
2009-10-17 12:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 12:36 . 2009-10-17 12:36 -------- d-----w- c:\programdata\Malwarebytes
2009-10-17 12:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 12:36 . 2009-10-17 12:36 4045528 ----a-w- C:\mbam-setup-1.41.exe
2009-10-16 17:40 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 17:40 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 17:40 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 17:40 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 17:38 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 17:38 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 13:01 . 2009-10-15 17:51 -------- d-----w- c:\programdata\DassaultSystemes
2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\users\Tom\AppData\Roaming\DassaultSystemes
2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\users\Tom\AppData\Local\DassaultSystemes
2009-10-13 14:16 . 2009-10-13 14:16 -------- d-----w- C:\TC15
2009-10-13 14:16 . 2009-10-13 14:16 -------- d-----w- C:\totalcmd
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\programdata\IMSIDesign
2009-10-13 13:35 . 2009-10-13 13:35 -------- d-----w- c:\program files\IMSIDesign
2009-10-13 13:34 . 2009-10-13 13:34 -------- d-----w- c:\users\Tom\AppData\Roaming\IMSIDesign
2009-10-13 13:33 . 2009-10-13 13:45 -------- d-----w- c:\program files\TurboCAD Professional 15 Setup
2009-10-13 13:32 . 2009-10-13 13:33 -------- d-----w- C:\turbo cad
2009-10-03 05:55 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 05:49 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 05:49 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 05:49 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 05:49 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 05:49 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 05:49 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 05:49 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 05:49 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 05:49 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-19 14:49 . 2009-09-19 14:50 -------- d-----w- C:\models
2009-09-19 14:45 . 2009-09-19 14:46 443745 ----a-w- C:\GTASA_Garage_Mod_Manager(2).zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 13:36 . 2008-04-17 10:34 602086 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 13:36 . 2008-04-17 10:34 116182 ----a-w- c:\windows\system32\perfc005.dat
2009-10-18 12:20 . 2009-06-06 10:20 -------- d-----w- c:\program files\ICQ6Toolbar
2009-10-18 12:20 . 2009-06-06 10:20 -------- d-----w- c:\programdata\ICQ
2009-10-16 19:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 18:55 . 2009-03-04 20:32 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 12:49 . 2009-06-05 17:16 -------- d-----w- c:\programdata\IMSI
2009-10-15 12:49 . 2009-06-05 17:16 -------- d-----w- c:\program files\IMSI
2009-10-15 12:48 . 2009-06-05 17:27 -------- d-----w- c:\users\Tom\AppData\Roaming\IMSI
2009-09-17 17:53 . 2009-06-07 10:58 -------- d-----w- c:\program files\EA SPORTS
2009-09-17 17:39 . 2009-09-17 17:39 -------- d-----w- c:\users\Tom\AppData\Roaming\Leadertech
2009-09-11 11:06 . 2009-07-28 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 20:36 . 2009-09-04 20:36 -------- d-----w- c:\program files\VersalSoft
2009-09-04 20:36 . 2009-09-04 20:36 -------- d-----w- c:\program files\Universal
2009-09-04 20:34 . 2009-09-04 20:34 3521072 ----a-w- C:\UFileDownloadTrial.EXE
2009-09-04 14:54 . 2009-09-04 14:54 -------- d-----w- c:\users\Tom\AppData\Roaming\Media Player Classic
2009-09-04 14:54 . 2009-09-04 14:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-04 14:53 . 2009-09-04 14:53 12352387 ----a-w- C:\K-LiteCodecPack510Full.exe
2009-09-04 14:47 . 2009-06-05 19:59 -------- d-----w- c:\program files\QuickTime
2009-09-03 07:22 . 2009-06-13 16:29 -------- d-----w- c:\users\Tom\AppData\Roaming\PC Suite
2009-09-01 16:02 . 2009-09-01 16:02 4179293 ----a-w- C:\everesthome220.exe
2009-08-29 00:27 . 2009-09-02 20:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-21 15:08 . 2009-06-05 20:01 -------- d-----w- c:\users\Tom\AppData\Roaming\Apple Computer
2009-08-20 20:11 . 2009-08-20 20:11 -------- d-----w- c:\program files\iTunes
2009-08-20 20:11 . 2009-08-20 20:11 -------- d-----w- c:\program files\iPod
2009-08-20 20:11 . 2009-06-05 19:57 -------- d-----w- c:\program files\Common Files\Apple
2009-08-20 19:59 . 2009-06-05 19:57 -------- d-----w- c:\programdata\Apple
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 09:46 . 2009-08-17 09:46 308160 ----a-w- C:\avast_home_setup.exe
2009-08-16 15:08 . 2009-09-04 14:53 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-14 16:27 . 2009-09-10 15:29 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 15:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 15:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 15:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 15:29 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 15:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 15:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 15:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 15:29 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 15:29 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 15:29 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 22:54 . 2009-08-12 22:54 10583362 ----a-w- C:\pspvideo9-408-setup.exe
2009-08-11 18:14 . 2009-08-11 18:14 3615443 ----a-w- C:\Holiday_Dancer.exe
2009-08-11 16:52 . 2009-08-11 16:44 3 ----a-w- c:\windows\sbacknt.bin
2009-08-11 16:44 . 2009-08-11 16:44 152904 ----a-w- c:\windows\system32\vghd.scr
2009-08-06 22:59 . 2009-08-06 22:59 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-01 18:37 . 2009-08-01 18:37 3605303 ----a-w- C:\uiso9_pe.exe
2009-07-28 10:29 . 2009-05-14 15:26 129880 ----a-w- c:\users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-08-01 15:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 15:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 15:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 15:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-10-18_11.33.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-18 13:54 47002 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-05-19 17:02 . 2009-10-18 13:54 11170 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1985422357-461227371-3744217517-1000_UserData.bin
- 2009-05-14 15:22 . 2009-10-18 11:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-14 15:22 . 2009-10-18 13:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-14 15:22 . 2009-10-18 11:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-14 15:22 . 2009-10-18 13:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-14 15:22 . 2009-10-18 13:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-14 15:22 . 2009-10-18 11:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-18 13:52 . 2009-10-18 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-18 11:15 . 2009-10-18 11:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-18 13:52 . 2009-10-18 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-18 11:15 . 2009-10-18 11:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-10-18 13:54 115026 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-10-18 13:36 590082 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-18 11:22 590082 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-18 13:36 102094 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-18 11:22 102094 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-03-04 47672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):dd,a8,0b,fa,97,0f,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A347E5B-BB8F-4F3D-A8C2-91F2A2A5BFC8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8C1B309D-CAB4-45A7-A682-EA7198E2C73E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B4B10B75-1223-4916-96C8-5B71AD557C7A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CF749964-DDDC-4103-8BDC-A5A827E3BD13}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{11FECEFE-DAEB-43D0-AA04-A425C64BABF2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EF586725-5EA6-419B-B8DA-A66B1A794353}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{849D0E4A-325B-454F-8725-C3CC709162CB}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{6A29F7A9-CB3E-4BF7-8C36-53E591EF75A9}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{50F23E9E-CF89-4826-82E1-3872E364C3AA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8F879A6F-D369-495E-BECE-AB753A8AB067}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D31FEE14-7494-4A75-8173-662BE9A94546}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{EBB8073D-69DE-4451-9152-8C2FDC8BF497}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{A5798138-E3B3-451B-B2BB-92D5A00CC6F4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{31A9D394-704B-4F05-91E9-AAB363B8C0ED}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D2C4A8F8-3CDA-4FF4-A247-EB3CAD29AEBE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3F553E1E-A0A6-4D08-A93A-F526A23B73CF}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A96AA188-1744-462C-AC45-5BD2E80CE034}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F445901E-94C2-4B86-816A-CE0727640166}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{38B675F5-8C90-494A-89A6-8CF224C2BDDA}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6C9A1EA7-4541-410C-BB62-E08937F4283B}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{CD49A41B-C574-4D9C-A0EB-6A93EFB35D06}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{29618AA5-A58A-41CA-BB0A-702C59AD8908}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{05F54E38-583D-4832-9506-7660B7CF94C2}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{54760FD4-08E4-45AD-9A9D-E54C2EA0B160}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{98BC23FA-625D-4C3E-A5A8-99B7B72667D9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{46BDB519-8FD3-42F7-8386-EF97AACB0514}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{BEEB02E3-511E-4CF7-BEBA-F2917E23FA81}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{6C66DF91-7D7D-460D-8083-C0872D5D6AEC}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{2A46D3D1-52D9-4440-98DA-B888B568D7B9}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{510635F7-719C-4CA8-8ACE-D27A68F6B78F}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{7198DA2C-AEBF-4319-BAE9-410394220D8A}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{12368DAC-55FB-48E3-AB9B-EA7EC1790938}"= UDP:d:\burnout(tm) paradise the ultimate box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{8F868158-4823-4852-B93B-EA8C35D72AF5}"= TCP:d:\burnout(tm) paradise the ultimate box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{F0EF7139-4AB5-4651-A4F4-37C7B83F79A3}c:\\program files\\left4dead\\hl2.exe"= UDP:c:\program files\left4dead\hl2.exe:hl2
"UDP Query User{1ED90140-8E50-4C0A-8AFE-10B33CACD7C8}c:\\program files\\left4dead\\hl2.exe"= TCP:c:\program files\left4dead\hl2.exe:hl2
"{8B252D2F-D2E6-469E-BA63-7309CDDED3FD}"= UDP:d:\ea games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{5F2EBAF2-A315-4E99-87D9-B70790F77D93}"= TCP:d:\ea games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"TCP Query User{A8B046AB-B14D-421C-B52C-B0EBDE4C8912}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{AC142B78-3865-4587-B210-47CA44666CC4}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{10EE54B7-4BEE-4B4E-A200-E0E53BF9A323}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{93FBA2B7-5BEA-462C-8FA2-B18507FA8001}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [5.3.2009 1:21 15416]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17.8.2009 12:49 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17.8.2009 12:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17.8.2009 12:49 51792]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.6.2009 12:20 222968]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [5.3.2009 0:58 29736]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [5.3.2009 0:37 22072]
S2 gupdate1c9eab5276f1020;Služba Google Update (gupdate1c9eab5276f1020);c:\program files\Google\Update\GoogleUpdate.exe [11.6.2009 18:53 133104]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [7.4.2008 8:00 6656]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14.5.2009 17:35 55264]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.3.2009 0:15 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 16:53]

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 16:53]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{8AA94CD0-9F7D-4FEA-96C7-73BB69854228}.job
- c:\windows\system32\msfeedssync.exe [2009-08-01 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {00147ADE-8525-4EB9-B689-AC1CDF8EFA5E} = 192.168.2.1
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2344)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\system32\btmmhook.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\combofix\CF22980.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\mdm.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Celkový čas: 2009-10-18 16:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-18 14:00
ComboFix2.txt 2009-10-18 11:35

Před spuštěním: Volných bajtů: 14 219 112 448
Po spuštění: Volných bajtů: 13 997 522 944

326 --- E O F --- 2009-10-16 18:56

maccuc · Příspěvekod **maccuc** » 18 říj 2009 16:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:58, on 18.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\mdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{00147ADE-8525-4EB9-B689-AC1CDF8EFA5E}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9eab5276f1020) (gupdate1c9eab5276f1020) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9435 bytes

Příspěvekod **jaro3** » 18 říj 2009 16:35

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

je to vše.

maccuc · Příspěvekod **maccuc** » 18 říj 2009 17:14

Hotovo :) Moc jste mi pomohli dekuji za projevenou ochotu a pomoc.

trojan spy win 32 zbot ikh

trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Re: trojan spy win 32 zbot ikh

Kdo je online