prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

romankovarik31 · Příspěvekod **romankovarik31** » 02 led 2010 12:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:59, on 2.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ZSSnp211.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Users\Roman\AppData\Local\Temp\mexe.com
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Roman\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: Služba Google Update (gupdate1ca0b0d2c060b9c) (gupdate1ca0b0d2c060b9c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9096 bytes

Objekt "Conducent FlexPak Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "ClipGenie Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\fslauncher.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\gp.ocx". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "". Provedené akce: Ponecháno, neodstraněno!.

ComboFix 09-12-31.A1 - Roman 01.01.2010 23:33:54.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1471.771 [GMT 1:00]
Spuštěný z: c:\users\Roman\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\users\Roman\AppData\Roaming\EurekaLog
c:\users\Roman\AppData\Roaming\EurekaLog\EurekaLog.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 22:48 . 2010-01-01 22:48 -------- d-----w- c:\users\Roman\AppData\Local\temp
2010-01-01 22:48 . 2010-01-01 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 08:55 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\NAVENG.SYS
2010-01-01 08:55 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\NAVENG32.DLL
2010-01-01 08:55 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\NAVEX32A.DLL
2010-01-01 08:55 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\NAVEX15.SYS
2010-01-01 08:55 . 2009-12-10 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\CCERASER.DLL
2010-01-01 08:55 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\ECMSVR32.DLL
2010-01-01 08:55 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\EECTRL.SYS
2010-01-01 08:55 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091231.041\ERASER.SYS
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\rundll16.exe
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\logo1_.exe
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\logo_1.exe
2009-12-31 21:45 . 2009-12-31 21:45 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-31 21:45 . 2009-12-31 21:45 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-31 21:45 . 2009-12-31 21:45 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-31 21:45 . 2009-12-31 21:45 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-31 21:45 . 2009-12-31 21:45 -------- d-----w- c:\programdata\MicroWorld
2009-12-24 19:24 . 2009-12-24 19:24 -------- d-----w- c:\users\Roman\AppData\Local\Apple Computer
2009-12-22 21:00 . 2009-12-22 21:01 -------- d-----w- c:\users\Roman\AppData\Roaming\vlc
2009-12-22 20:58 . 2009-12-22 20:58 -------- d-----w- c:\users\Roman\vlc-1.0.3
2009-12-20 18:01 . 2009-12-20 18:01 -------- d-----w- C:\NVIDIA
2009-12-20 15:51 . 2009-12-20 15:51 3156992 --sh--w- c:\users\Roman\DocumentsIem0Gn_save2pc.exe
2009-12-20 13:09 . 2009-12-20 13:09 3156992 --sh--w- c:\users\Roman\DocumentsGcu7Eo_save2pc.exe
2009-12-20 13:05 . 2009-12-20 13:05 -------- d-----w- c:\program files\FDRLab
2009-12-20 12:25 . 2004-06-14 13:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-12-20 12:19 . 2009-12-20 12:19 -------- d-----w- c:\program files\Lavalys
2009-12-18 22:46 . 2009-12-18 22:48 -------- d-----w- c:\users\Roman\AppData\Roaming\FTWeak
2009-12-18 22:33 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 22:33 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 22:33 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 22:33 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 22:33 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-18 14:30 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\IDSvix86.sys
2009-12-18 14:30 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\IDSXpx86.sys
2009-12-18 14:30 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\Scxpx86.dll
2009-12-18 14:30 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\IDSxpx86.dll
2009-12-18 14:30 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\IDSviA64.sys
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\programdata\Monotea
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\users\Roman\AppData\Roaming\Monotea
2009-12-15 20:11 . 2006-03-03 08:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-12-15 20:11 . 2003-01-30 04:04 1500160 ----a-w- c:\windows\system32\cc3260mt.dll
2009-12-15 20:11 . 2002-02-01 14:00 22016 ----a-w- c:\windows\system32\borlndmm.dll
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\program files\SMS Zdarma 2
2009-12-14 08:41 . 2009-12-14 08:41 -------- d-----w- c:\programdata\IsolatedStorage
2009-12-14 08:41 . 2009-12-16 14:21 -------- d-----w- c:\users\Roman\AppData\Roaming\SMS posílač Treca
2009-12-10 20:08 . 2009-12-10 20:08 -------- d-----w- c:\program files\Kukej
2009-12-09 16:59 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 16:59 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:59 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 15:44 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 15:42 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 16:55 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-12-08 16:32 . 2009-12-08 16:33 -------- d-----w- c:\program files\FormatFactory
2009-12-05 16:42 . 2009-12-05 16:43 -------- d-----w- c:\users\Roman\AppData\Roaming\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 17:36 . 2009-08-28 19:47 -------- d-----w- c:\program files\Trend Micro
2009-12-31 21:39 . 2009-07-22 12:17 -------- d-----w- c:\program files\Spyware Doctor
2009-12-31 18:49 . 2009-07-22 11:28 -------- d-----w- c:\programdata\CanonIJPLM
2009-12-25 10:33 . 2007-01-08 21:09 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 10:33 . 2007-01-08 21:09 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-12-25 03:06 . 2009-07-22 08:13 -------- d-----w- c:\program files\Google
2009-12-24 18:31 . 2009-07-22 11:34 -------- d-----w- c:\users\Roman\AppData\Roaming\Ashampoo
2009-12-20 18:05 . 2009-07-22 05:55 -------- d-----w- c:\programdata\NVIDIA
2009-12-20 13:05 . 2009-07-22 19:41 -------- d-----w- c:\program files\Xvid
2009-12-19 22:37 . 2009-07-26 07:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-16 14:21 . 2009-12-14 08:41 -------- d-----w- c:\users\Roman\AppData\Roaming\SMS posílač Treca
2009-12-14 20:56 . 2009-07-22 19:17 -------- d-----w- c:\users\Roman\AppData\Roaming\Skype
2009-12-14 18:44 . 2009-07-22 19:18 -------- d-----w- c:\users\Roman\AppData\Roaming\skypePM
2009-12-12 08:04 . 2009-07-22 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 08:04 . 2009-08-08 10:51 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-09 17:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:02 . 2009-07-22 06:03 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 16:54 . 2009-07-22 11:33 -------- d-----w- c:\program files\Ashampoo
2009-12-08 16:48 . 2009-07-22 08:29 -------- d-----w- c:\program files\VS Revo Group
2009-12-03 15:14 . 2009-07-22 12:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-07-22 12:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 18:30 . 2009-11-21 18:26 -------- d-----w- c:\program files\ICQ6.5
2009-11-21 18:29 . 2009-07-22 10:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 06:40 . 2009-12-09 15:43 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 15:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 15:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 15:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 03:53 . 2009-10-25 08:49 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-08 12:08 . 2009-11-08 12:08 -------- d-----w- c:\programdata\SweetIM
2009-11-08 12:08 . 2009-11-07 08:46 -------- d-----w- c:\program files\SweetIM
2009-11-08 09:16 . 2009-11-07 17:25 34895 ----a-w- c:\programdata\nvModes.dat
2009-11-07 23:14 . 2009-11-07 23:14 -------- d-----w- c:\users\Roman\AppData\Roaming\GRETECH
2009-11-07 23:12 . 2009-07-22 12:36 -------- d-----w- c:\program files\GRETECH
2009-11-07 17:02 . 2009-11-07 17:02 -------- d-----w- c:\programdata\WindowsSearch
2009-11-01 14:00 . 2009-07-22 13:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 21:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 15:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-25 09:02 . 2009-10-25 09:02 1962544 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-08 21:08 . 2009-10-29 21:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-29 21:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-29 21:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,58,b6,f8,b5,0a,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22.7.2009 13:21 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [9.9.2009 17:28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [9.9.2009 17:28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [9.9.2009 17:27 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys [18.12.2009 23:33 343088]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9.9.2009 17:27 117640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.8.2009 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [9.9.2009 17:28 48688]
S2 gupdate1ca0b0d2c060b9c;Služba Google Update (gupdate1ca0b0d2c060b9c);c:\program files\Google\Update\GoogleUpdate.exe [22.7.2009 21:44 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe [8.12.2009 17:55 406016]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [20.12.2009 13:19 23152]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.7.2009 8:25 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [1.8.2009 9:24 13224]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [1.8.2009 8:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [1.8.2009 8:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [1.8.2009 8:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [1.8.2009 8:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [1.8.2009 8:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [1.8.2009 8:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [1.8.2009 8:08 117672]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22.7.2009 13:18 348752]
S4 MZY;MZY;c:\users\Roman\AppData\Local\Temp\MZY.exe --> c:\users\Roman\AppData\Local\Temp\MZY.exe [?]
S4 NPYI;NPYI;c:\users\Roman\AppData\Local\Temp\NPYI.exe --> c:\users\Roman\AppData\Local\Temp\NPYI.exe [?]
S4 UZVZGZGP;UZVZGZGP;c:\users\Roman\AppData\Local\Temp\UZVZGZGP.exe --> c:\users\Roman\AppData\Local\Temp\UZVZGZGP.exe [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 20:42]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca59eff4402220.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:43]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:43]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954443009-625491375-3507214454-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 12:59]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954443009-625491375-3507214454-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 12:59]

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{516E4CA8-BF67-40A2-969B-B094A19E2CC3}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\5kgtcdfj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Roman\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Roman\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 23:48
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-01 23:53:48
ComboFix-quarantined-files.txt 2010-01-01 22:53
ComboFix2.txt 2009-08-16 08:24
ComboFix3.txt 2009-08-16 06:48

Před spuštěním: Volných bajtů: 93 117 800 448
Po spuštění: Volných bajtů: 93 070 503 936

- - End Of File - - B22509E580F49C480BC74190C89C9E4C

Reklama

Příspěvekod **jaro3** » 02 led 2010 14:22

Příště používej Combofix je na radu rádce!

Vypni si trvale rez. ochranu u Spyware Doctor

Odinstaluj:
McAfee Security Scan

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\programdata\nvModes.dat
c:\users\Roman\AppData\Local\Temp\MZY.exe
c:\users\Roman\AppData\Local\Temp\NPYI.exe

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\programdata\McAfee Security Scan

Driver::
MZY
NPYI
UZVZGZGP

Firefox::
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\5kgtcdfj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\users\Roman\DocumentsIem0Gn_save2pc.exe
c:\users\Roman\DocumentsGcu7Eo_save2pc.exe
c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe
Vlož sem pak odkazy na stránky s výsledky.

romankovarik31 · Příspěvekod **romankovarik31** » 04 led 2010 15:57

ComboFix 10-01-03.05 - Roman 04.01.2010 14:56:26.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1471.663 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\nvModes.dat"
"c:\users\Roman\AppData\Local\Temp\MZY.exe"
"c:\users\Roman\AppData\Local\Temp\NPYI.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\programdata\McAfee Security Scan
c:\programdata\nvModes.dat
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MZY
-------\Service_NPYI
-------\Service_UZVZGZGP

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-04 do 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 14:13 . 2010-01-04 14:18 -------- d-----w- c:\users\Roman\AppData\Local\temp
2010-01-04 14:13 . 2010-01-04 14:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-04 14:13 . 2010-01-04 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 23:29 . 2010-01-01 23:29 -------- d---a-w- c:\windows\rundll16.exe
2010-01-01 23:29 . 2010-01-01 23:29 -------- d---a-w- c:\windows\logo1_.exe
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-31 21:50 . 2009-12-31 21:50 -------- d---a-w- c:\windows\logo_1.exe
2009-12-31 21:45 . 2009-12-31 21:45 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-31 21:45 . 2009-12-31 21:45 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-31 21:45 . 2009-12-31 21:45 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-31 21:45 . 2009-12-31 21:45 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-31 21:45 . 2009-12-31 21:45 -------- d-----w- c:\programdata\MicroWorld
2009-12-24 19:24 . 2009-12-24 19:24 -------- d-----w- c:\users\Roman\AppData\Local\Apple Computer
2009-12-22 21:00 . 2009-12-22 21:01 -------- d-----w- c:\users\Roman\AppData\Roaming\vlc
2009-12-22 20:58 . 2009-12-22 20:58 -------- d-----w- c:\users\Roman\vlc-1.0.3
2009-12-20 18:01 . 2009-12-20 18:01 -------- d-----w- C:\NVIDIA
2009-12-20 15:51 . 2009-12-20 15:51 3156992 --sh--w- c:\users\Roman\DocumentsIem0Gn_save2pc.exe
2009-12-20 13:09 . 2009-12-20 13:09 3156992 --sh--w- c:\users\Roman\DocumentsGcu7Eo_save2pc.exe
2009-12-20 13:05 . 2009-12-20 13:05 -------- d-----w- c:\program files\FDRLab
2009-12-20 12:25 . 2004-06-14 13:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-12-20 12:19 . 2009-12-20 12:19 -------- d-----w- c:\program files\Lavalys
2009-12-18 22:46 . 2009-12-18 22:48 -------- d-----w- c:\users\Roman\AppData\Roaming\FTWeak
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\programdata\Monotea
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\users\Roman\AppData\Roaming\Monotea
2009-12-15 20:11 . 2006-03-03 08:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-12-15 20:11 . 2003-01-30 04:04 1500160 ----a-w- c:\windows\system32\cc3260mt.dll
2009-12-15 20:11 . 2002-02-01 14:00 22016 ----a-w- c:\windows\system32\borlndmm.dll
2009-12-15 20:11 . 2009-12-15 20:11 -------- d-----w- c:\program files\SMS Zdarma 2
2009-12-14 08:41 . 2009-12-14 08:41 -------- d-----w- c:\programdata\IsolatedStorage
2009-12-14 08:41 . 2009-12-16 14:21 -------- d-----w- c:\users\Roman\AppData\Roaming\SMS posílač Treca
2009-12-10 20:08 . 2009-12-10 20:08 -------- d-----w- c:\program files\Kukej
2009-12-09 16:59 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 16:59 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:59 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 15:44 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 15:42 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 16:55 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-12-08 16:32 . 2009-12-08 16:33 -------- d-----w- c:\program files\FormatFactory
2009-12-05 16:42 . 2009-12-05 16:43 -------- d-----w- c:\users\Roman\AppData\Roaming\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:24 . 2009-07-22 12:17 -------- d-----w- c:\program files\Spyware Doctor
2010-01-03 20:23 . 2009-11-21 18:26 -------- d-----w- c:\program files\ICQ6.5
2010-01-03 16:17 . 2007-01-08 21:09 601854 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 16:17 . 2007-01-08 21:09 115998 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 13:41 . 2009-08-28 19:47 -------- d-----w- c:\program files\Trend Micro
2009-12-31 18:49 . 2009-07-22 11:28 -------- d-----w- c:\programdata\CanonIJPLM
2009-12-25 03:06 . 2009-07-22 08:13 -------- d-----w- c:\program files\Google
2009-12-24 18:31 . 2009-07-22 11:34 -------- d-----w- c:\users\Roman\AppData\Roaming\Ashampoo
2009-12-20 18:05 . 2009-07-22 05:55 -------- d-----w- c:\programdata\NVIDIA
2009-12-20 13:05 . 2009-07-22 19:41 -------- d-----w- c:\program files\Xvid
2009-12-19 22:37 . 2009-07-26 07:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-16 14:21 . 2009-12-14 08:41 -------- d-----w- c:\users\Roman\AppData\Roaming\SMS posílač Treca
2009-12-14 20:56 . 2009-07-22 19:17 -------- d-----w- c:\users\Roman\AppData\Roaming\Skype
2009-12-14 18:44 . 2009-07-22 19:18 -------- d-----w- c:\users\Roman\AppData\Roaming\skypePM
2009-12-12 08:04 . 2009-07-22 12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 08:04 . 2009-08-08 10:51 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-10 09:00 . 2010-01-04 13:15 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100103.020\CCERASER.DLL
2009-12-09 17:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:02 . 2009-07-22 06:03 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 16:54 . 2009-07-22 11:33 -------- d-----w- c:\program files\Ashampoo
2009-12-08 16:48 . 2009-07-22 08:29 -------- d-----w- c:\program files\VS Revo Group
2009-12-03 15:14 . 2009-07-22 12:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-07-22 12:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 18:29 . 2009-07-22 10:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 06:40 . 2009-12-09 15:43 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 15:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 15:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 15:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-08 12:08 . 2009-11-08 12:08 -------- d-----w- c:\programdata\SweetIM
2009-11-08 12:08 . 2009-11-07 08:46 -------- d-----w- c:\program files\SweetIM
2009-11-07 23:14 . 2009-11-07 23:14 -------- d-----w- c:\users\Roman\AppData\Roaming\GRETECH
2009-11-07 23:12 . 2009-07-22 12:36 -------- d-----w- c:\program files\GRETECH
2009-11-07 17:02 . 2009-11-07 17:02 -------- d-----w- c:\programdata\WindowsSearch
2009-11-01 14:00 . 2009-07-22 13:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 21:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 15:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-25 09:02 . 2009-10-25 09:02 1962544 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-08 21:08 . 2009-10-29 21:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-29 21:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-29 21:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,58,b6,f8,b5,0a,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22.7.2009 13:21 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [9.9.2009 17:28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [9.9.2009 17:28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [9.9.2009 17:27 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys [18.12.2009 23:33 343088]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9.9.2009 17:27 117640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22.7.2009 13:18 348752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.8.2009 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [9.9.2009 17:28 48688]
S2 gupdate1ca0b0d2c060b9c;Služba Google Update (gupdate1ca0b0d2c060b9c);c:\program files\Google\Update\GoogleUpdate.exe [22.7.2009 21:44 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe [8.12.2009 17:55 406016]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [20.12.2009 13:19 23152]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.7.2009 8:25 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [1.8.2009 9:24 13224]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [1.8.2009 8:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [1.8.2009 8:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [1.8.2009 8:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [1.8.2009 8:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [1.8.2009 8:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [1.8.2009 8:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [1.8.2009 8:08 117672]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 20:42]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca59eff4402220.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:43]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:43]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954443009-625491375-3507214454-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 12:59]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954443009-625491375-3507214454-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 12:59]

2009-07-28 c:\windows\Tasks\User_Feed_Synchronization-{516E4CA8-BF67-40A2-969B-B094A19E2CC3}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\5kgtcdfj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Roman\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Roman\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 15:18
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4024)
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-01-04 15:27:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-04 14:27
ComboFix2.txt 2010-01-01 22:53
ComboFix3.txt 2009-08-16 08:24
ComboFix4.txt 2009-08-16 06:48

Před spuštěním: Volných bajtů: 93 204 205 568
Po spuštění: Volných bajtů: 93 104 484 352

- - End Of File - - F079B3B4FCBBFEFAEF7B29518FBC6BC3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:24, on 4.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Roman\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: Služba Google Update (gupdate1ca0b0d2c060b9c) (gupdate1ca0b0d2c060b9c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9307 bytes

romankovarik31 · Příspěvekod **romankovarik31** » 04 led 2010 16:09

c:\users\Roman\DocumentsIem0Gn_save2pc.exe a c:\users\Roman\DocumentsGcu7Eo_save2pc.exe nenalezeny c:\users\Roman\Dhttp://www.virustotal.com/cs/analisis/e11debefe07c92ac5e4ebf24ad72146d93923c8264f84f8ff0c89fe8860822e5-1262616010

Příspěvekod **jaro3** » 05 led 2010 15:29

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\users\Roman\DocumentsIem0Gn_save2pc.exe
c:\users\Roman\DocumentsGcu7Eo_save2pc.exe
c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file) 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] &quot;C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe&quot; 
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab

Napiš , zda jsou problémy, budu snad zítra.

romankovarik31 · Příspěvekod **romankovarik31** » 06 led 2010 21:54

ahoj, tak jsem udělal vše, co jsi mi řekl, výsledky CFSript.txt. sem ale nedostanu, má to víc znaků a nevím, jak to případně rozdělit, ale pc se zrychlilo,a to o hodně, tak by to snad mělo být OK, tak dej vědět, zda mám ještě poslat třeba nový log hjt, nebo ten CFSript, dík za pomoc, Roman

Příspěvekod **jaro3** » 06 led 2010 22:21

Nemáš zač, logy dávat nemusíš.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
nebo
Start-Spustit a zadej ComboFix /Uninstall

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Pokud budou s T-Cleanerem problémy, napřed před stažením a po dobu čištění vypni antivir a antispyware.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen Vyřešeno

prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen

Re: prosím o kontrolu HJT.log., MWAV.txt. a CFSript.txt-podezřen Vyřešeno

Kdo je online