Prosim o kontrolu logu naskakuji mi viry

Damned · Příspěvekod **Damned** » 19 led 2010 19:32

Podívej se do logu z ComboFixu, v hlavičce.

Reklama

radek16 · Příspěvekod **radek16** » 19 led 2010 19:38

to vubec nemam poneti co to muze byt

Damned · Příspěvekod **Damned** » 19 led 2010 20:00

Odinstaluj tento ComboFix.

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Podle návodu výše si stáhni nový ComboFix a vytvoř log. Pokud se ComboFix nebude moci spustit, napíše proč. Zkus si to pokud možno zapamatovat přesně.
Jeho činnost nepřerušuj a měj kompletně vypnuté ochrany.

radek16 · Příspěvekod **radek16** » 19 led 2010 20:35

ComboFix 10-01-18.03 - uživatel 19.01.2010 20:17:35.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.517 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
c:\windows\unins000.dat
c:\windows\unins000.exe

Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 19:13 . 2010-01-19 19:13 391680 ----a-w- c:\windows\system32\CF1130.exe
2010-01-19 19:13 . 2010-01-19 19:12 391680 ----a-w- c:\windows\system32\CF990.exe
2010-01-19 18:38 . 2010-01-19 18:38 -------- d-----w- c:\program files\CCleaner
2010-01-19 15:33 . 2010-01-19 17:00 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 15:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 15:28 . 2010-01-19 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 06:06 . 2010-01-19 06:06 -------- d-----w- c:\program files\Trend Micro
2010-01-18 17:44 . 2010-01-03 01:42 2498661 ----a-w- c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
2010-01-17 19:27 . 2010-01-17 19:27 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-17 18:31 . 2009-09-29 20:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-01-17 18:31 . 2009-09-30 02:08 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-01-17 18:31 . 2009-04-23 21:29 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\DIFX
2010-01-17 18:25 . 2010-01-17 18:25 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\USB TV
2010-01-17 18:10 . 2010-01-17 18:10 -------- d-----w- C:\ATI
2010-01-17 18:06 . 2010-01-19 16:26 -------- d-----w- c:\program files\Lightsmark 2007
2010-01-13 19:41 . 2010-01-13 19:41 -------- d-----w- c:\program files\URUSoft
2010-01-08 16:00 . 2010-01-12 06:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-07 19:06 . 2010-01-07 19:07 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-07 15:40 . 2010-01-07 15:40 -------- d-----w- c:\program files\GIMP-2.0
2010-01-06 15:28 . 2010-01-06 15:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-04 14:55 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-01 11:36 . 2010-01-15 17:44 -------- d-----w- c:\program files\Prison Tycoon 4
2009-12-31 18:49 . 2009-12-31 23:03 -------- d-----w- C:\Shoty
2009-12-31 18:48 . 2009-12-31 18:48 -------- d-----w- c:\program files\ScreenShots
2009-12-31 18:45 . 2009-12-31 18:45 286720 ------w- c:\windows\Setup1.exe
2009-12-31 18:45 . 2009-12-31 18:45 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 18:41 . 2009-12-31 18:42 -------- d-----w- c:\program files\Take Screenshot
2009-12-31 17:20 . 2009-12-31 17:22 -------- d-----w- c:\program files\Hide IP NG
2009-12-31 17:14 . 1997-06-06 14:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2009-12-31 09:04 . 2009-01-22 01:40 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-12-31 09:04 . 2009-12-31 14:57 -------- d-----w- c:\program files\Hide My IP 2009
2009-12-31 08:47 . 2009-12-31 09:03 -------- d-----w- c:\program files\Easy-Hide-IP
2009-12-30 08:29 . 2009-12-30 08:29 -------- d-----w- c:\program files\MTA San Andreas
2009-12-28 13:34 . 2009-12-28 13:34 90112 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 13:34 . 2009-12-28 13:34 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-12-28 13:27 . 2009-12-28 13:27 -------- d-----w- c:\program files\Giant
2009-12-23 19:55 . 2009-12-23 19:55 -------- d-----w- c:\program files\Alien IP
2009-12-23 18:49 . 2009-12-23 18:51 -------- d-----w- C:\GTA San Andreas Music
2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\VideoLAN
2009-12-21 06:06 . 2009-12-21 06:06 -------- d-----w- c:\program files\THQ
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- C:\a.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:58 . 2009-11-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 17:02 . 2009-11-04 16:02 -------- d-----w- c:\program files\Spyware Terminator
2010-01-19 07:46 . 2009-11-04 18:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-19 07:46 . 2009-11-04 18:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-17 19:22 . 2009-11-02 21:41 -------- d-----w- c:\program files\ATI Technologies
2010-01-13 07:45 . 2009-11-04 16:07 -------- d-----w- c:\program files\WinClamAVShield
2010-01-11 20:28 . 2009-12-12 19:55 -------- d-----w- c:\program files\CamStudio
2010-01-11 15:01 . 2009-11-04 17:27 -------- d-----w- c:\program files\Activision
2009-12-31 07:08 . 2009-12-17 16:59 -------- d-----w- c:\program files\Winferno
2009-12-29 19:40 . 2009-12-14 17:24 -------- d-----w- c:\program files\Testy ZP
2009-12-28 17:20 . 2009-11-08 09:42 -------- d-----w- c:\program files\Google
2009-12-18 14:27 . 2009-11-04 16:02 -------- d-----w- c:\program files\Crawler
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Baykonur
2009-12-17 17:21 . 2009-12-17 17:21 1245149 ----a-w- c:\windows\system32\Baykonur.scr
2009-12-17 17:11 . 2009-12-17 17:11 -------- d-----w- c:\program files\Cities of Earth
2009-12-17 14:42 . 2009-12-17 14:42 -------- d-s---w- c:\program files\HLSW
2009-12-13 11:01 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-12 20:21 . 2009-12-12 20:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-12 19:20 . 2009-12-05 14:06 -------- d-----w- c:\program files\Razor
2009-12-11 19:22 . 2009-12-10 20:02 -------- d-----w- c:\program files\PCNetSoftware
2009-12-11 05:59 . 2001-10-25 14:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 05:59 . 2001-10-25 14:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 18:11 . 2009-12-10 18:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-10 13:47 . 2009-11-26 05:57 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-10 13:47 . 2009-11-26 05:57 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-26 05:49 . 2009-11-26 05:49 -------- d-----w- c:\program files\Ubisoft
2009-11-24 23:54 . 2009-11-02 22:05 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-02 22:05 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-02 22:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-02 22:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-02 22:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-02 22:05 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-02 22:05 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-02 22:05 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-02 22:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 14:29 . 2009-11-24 14:29 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-21 21:22 . 2009-11-21 21:22 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 16:06 . 2009-11-20 16:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-07 21:51 . 2009-11-07 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 06:59 . 2009-11-04 18:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-05 05:42 . 2009-11-04 16:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 17:13 . 2009-11-04 17:13 7056 ----a-w- c:\windows\CDILLA16.EXE
2009-11-04 17:13 . 2009-11-04 17:13 63344 ----a-w- c:\windows\CDILLA05.DLL
2009-11-04 17:13 . 2009-11-04 17:13 57392 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2009-11-04 17:13 . 2009-11-04 17:13 55376 ----a-w- c:\windows\CDILLA40.DLL
2009-11-04 17:13 . 2009-11-04 17:13 45056 ----a-w- c:\windows\CDILLA13.DLL
2009-11-04 17:13 . 2009-11-04 17:13 32256 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2009-11-04 17:13 . 2009-11-04 17:13 260096 ----a-w- c:\windows\CDILLA32.DLL
2009-11-04 17:13 . 2009-11-04 17:13 23856 ----a-w- c:\windows\CDILLA10.EXE
2009-11-04 16:08 . 2009-11-04 16:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-04 16:02 . 2009-11-04 16:02 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-04 10:54 . 2009-11-02 21:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 10:54 . 2009-11-02 21:22 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-04 10:53 . 2009-11-02 21:22 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 21:19 . 2009-11-02 21:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2008-04-14 06:52 983040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-14 06:52 . 2008-04-14 06:52 2498661 --sh--r- c:\windows\system32\orospo.exe
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . B459C87AA60BADADF3F0887737889CFF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 3E902BD4D0EFB9E73C515DD3DEB6003B . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 8097658FEC4E7E65C8A63E6B7B2B0921 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . F343C3CE6026ADE482D48B2D4F881A1D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 37CFE7928711C8157CF4D191F0EF5F69 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . F658908845F3EB727FEF4769ED0E52FE . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"1QV60oMJ06Z0yUnOF2JI"="c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe" [2010-01-03 2498661]
"Windows Service"="orospo.exe" [2008-04-14 2498661]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Service"="orospo.exe" [2008-04-14 2498661]
"1QV60oMJ06Z0yUnOF2JI"="c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe" [2010-01-03 2498661]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2010-1-3 3656]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-17 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:44073403

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\PC nabourani\\srct_server.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"ř[‘|€ř"= ř[‘|€ř:Windows Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2009 17:50 691696]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2.11.2009 22:28 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.11.2009 23:05 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 17:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.11.2009 23:05 20560]
S2 FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart --> c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart [?]
S2 gupdate1ca6057cb237400;Služba Google Update (gupdate1ca6057cb237400);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2009 10:42 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DB4UNE5V-NF91-RJA1-RMC4-UOF6WOE7WNE5}]
2010-01-03 01:42 2498661 ----a-w- c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-08 17:59]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/icqskins/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
TCP: {0C3A2C65-1705-44FB-8466-A06AE19942AD} = 62.129.50.20,85.135.32.100
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove- Ukrajinska foneticka klavesnice_is1 - c:\windows\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys spgp.sys >>UNKNOWN [0x8658E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7654f28
\Driver\ACPI -> ACPI.sys @ 0xf73dccb8
\Driver\atapi -> atapi.sys @ 0xf7371b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf727abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7287a21
SendHandler -> NDIS.sys @ 0xf726587b
user & kernel MBR OK

**************************************************************************
Binary file raw_enum.dat matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\UAService7.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\orospo.exe
.
**************************************************************************
.
Celkový čas: 2010-01-19 20:32:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-19 19:32

Před spuštěním: Volných bajtů: 392 295 723 008
Po spuštění: Volných bajtů: 392 282 894 336

- - End Of File - - E5BED8F2289E71C927AD62D31B624AE4

radek16 · Příspěvekod **radek16** » 19 led 2010 20:41

Nepomohlo to porad tam mam ty viry zapnu PC a zobevi se mi instalator icq zvuku ktere uz jsem vymazal a porad viry naskakujou a lagujou PC

radek16 · Příspěvekod **radek16** » 19 led 2010 21:03

me uz ani nejde Java Script na mozile myslis ze to je za nasledek toho viru kdyz jsem daval smazat

Damned · Příspěvekod **Damned** » 19 led 2010 21:05

Než to opravíme, tak prosím tě nic nezapínej, kromě toho, co napíšu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\a.bat
c:\windows\system32\ezsidmv.dat
c:\windows\nsreg.dat
c:\windows\system32\emptyregdb.dat
c:\windows\system32\orospo.exe

Files::
c:\program files\ICQ6Toolbar

DDS::
uStart Page = hxxp://start.icq.com/icqskins/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

Registry::
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\PC nabourani\\srct_server.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

radek16 · Příspěvekod **radek16** » 19 led 2010 21:32

ComboFix 10-01-19.01 - uživatel 19.01.2010 21:23:12.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.479 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\a.bat"
"c:\windows\nsreg.dat"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\orospo.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\windows\nsreg.dat
c:\windows\system32\emptyregdb.dat
c:\windows\system32\ezsidmv.dat
c:\windows\system32\orospo.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 19:13 . 2010-01-19 19:13 391680 ----a-w- c:\windows\system32\CF1130.exe
2010-01-19 19:13 . 2010-01-19 19:12 391680 ----a-w- c:\windows\system32\CF990.exe
2010-01-19 18:38 . 2010-01-19 18:38 -------- d-----w- c:\program files\CCleaner
2010-01-19 15:33 . 2010-01-19 17:00 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 15:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 15:28 . 2010-01-19 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 06:06 . 2010-01-19 06:06 -------- d-----w- c:\program files\Trend Micro
2010-01-18 17:44 . 2010-01-03 01:42 2498661 ----a-w- c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
2010-01-17 19:27 . 2010-01-17 19:27 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-17 18:31 . 2009-09-29 20:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-01-17 18:31 . 2009-09-30 02:08 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-01-17 18:31 . 2009-04-23 21:29 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\DIFX
2010-01-17 18:25 . 2010-01-17 18:25 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\USB TV
2010-01-17 18:10 . 2010-01-17 18:10 -------- d-----w- C:\ATI
2010-01-17 18:06 . 2010-01-19 16:26 -------- d-----w- c:\program files\Lightsmark 2007
2010-01-13 19:41 . 2010-01-13 19:41 -------- d-----w- c:\program files\URUSoft
2010-01-08 16:00 . 2010-01-12 06:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-07 19:06 . 2010-01-07 19:07 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-07 15:40 . 2010-01-07 15:40 -------- d-----w- c:\program files\GIMP-2.0
2010-01-06 15:28 . 2010-01-06 15:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-04 14:55 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-01 11:36 . 2010-01-15 17:44 -------- d-----w- c:\program files\Prison Tycoon 4
2009-12-31 18:49 . 2009-12-31 23:03 -------- d-----w- C:\Shoty
2009-12-31 18:48 . 2009-12-31 18:48 -------- d-----w- c:\program files\ScreenShots
2009-12-31 18:45 . 2009-12-31 18:45 286720 ------w- c:\windows\Setup1.exe
2009-12-31 18:45 . 2009-12-31 18:45 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 18:41 . 2009-12-31 18:42 -------- d-----w- c:\program files\Take Screenshot
2009-12-31 17:20 . 2009-12-31 17:22 -------- d-----w- c:\program files\Hide IP NG
2009-12-31 17:14 . 1997-06-06 14:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2009-12-31 09:04 . 2009-01-22 01:40 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-12-31 09:04 . 2009-12-31 14:57 -------- d-----w- c:\program files\Hide My IP 2009
2009-12-31 08:47 . 2009-12-31 09:03 -------- d-----w- c:\program files\Easy-Hide-IP
2009-12-30 08:29 . 2009-12-30 08:29 -------- d-----w- c:\program files\MTA San Andreas
2009-12-28 13:34 . 2009-12-28 13:34 90112 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 13:34 . 2009-12-28 13:34 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-12-28 13:27 . 2009-12-28 13:27 -------- d-----w- c:\program files\Giant
2009-12-23 19:55 . 2009-12-23 19:55 -------- d-----w- c:\program files\Alien IP
2009-12-23 18:49 . 2009-12-23 18:51 -------- d-----w- C:\GTA San Andreas Music
2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\VideoLAN
2009-12-21 06:06 . 2009-12-21 06:06 -------- d-----w- c:\program files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:58 . 2009-11-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 17:02 . 2009-11-04 16:02 -------- d-----w- c:\program files\Spyware Terminator
2010-01-19 07:46 . 2009-11-04 18:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-19 07:46 . 2009-11-04 18:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-17 19:22 . 2009-11-02 21:41 -------- d-----w- c:\program files\ATI Technologies
2010-01-13 07:45 . 2009-11-04 16:07 -------- d-----w- c:\program files\WinClamAVShield
2010-01-11 20:28 . 2009-12-12 19:55 -------- d-----w- c:\program files\CamStudio
2010-01-11 15:01 . 2009-11-04 17:27 -------- d-----w- c:\program files\Activision
2009-12-31 07:08 . 2009-12-17 16:59 -------- d-----w- c:\program files\Winferno
2009-12-29 19:40 . 2009-12-14 17:24 -------- d-----w- c:\program files\Testy ZP
2009-12-28 17:20 . 2009-11-08 09:42 -------- d-----w- c:\program files\Google
2009-12-18 14:27 . 2009-11-04 16:02 -------- d-----w- c:\program files\Crawler
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Baykonur
2009-12-17 17:21 . 2009-12-17 17:21 1245149 ----a-w- c:\windows\system32\Baykonur.scr
2009-12-17 17:11 . 2009-12-17 17:11 -------- d-----w- c:\program files\Cities of Earth
2009-12-17 14:42 . 2009-12-17 14:42 -------- d-s---w- c:\program files\HLSW
2009-12-13 11:01 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-12 20:21 . 2009-12-12 20:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-12 19:20 . 2009-12-05 14:06 -------- d-----w- c:\program files\Razor
2009-12-11 19:22 . 2009-12-10 20:02 -------- d-----w- c:\program files\PCNetSoftware
2009-12-11 05:59 . 2001-10-25 14:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 05:59 . 2001-10-25 14:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 18:11 . 2009-12-10 18:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-10 13:47 . 2009-11-26 05:57 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-10 13:47 . 2009-11-26 05:57 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-26 05:49 . 2009-11-26 05:49 -------- d-----w- c:\program files\Ubisoft
2009-11-24 23:54 . 2009-11-02 22:05 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-02 22:05 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-02 22:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-02 22:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-02 22:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-02 22:05 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-02 22:05 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-02 22:05 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-02 22:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 14:29 . 2009-11-24 14:29 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-21 21:22 . 2009-11-21 21:22 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 21:51 . 2009-11-07 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 06:59 . 2009-11-04 18:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-05 05:42 . 2009-11-04 16:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 17:13 . 2009-11-04 17:13 7056 ----a-w- c:\windows\CDILLA16.EXE
2009-11-04 17:13 . 2009-11-04 17:13 63344 ----a-w- c:\windows\CDILLA05.DLL
2009-11-04 17:13 . 2009-11-04 17:13 57392 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2009-11-04 17:13 . 2009-11-04 17:13 55376 ----a-w- c:\windows\CDILLA40.DLL
2009-11-04 17:13 . 2009-11-04 17:13 45056 ----a-w- c:\windows\CDILLA13.DLL
2009-11-04 17:13 . 2009-11-04 17:13 32256 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2009-11-04 17:13 . 2009-11-04 17:13 260096 ----a-w- c:\windows\CDILLA32.DLL
2009-11-04 17:13 . 2009-11-04 17:13 23856 ----a-w- c:\windows\CDILLA10.EXE
2009-11-04 16:02 . 2009-11-04 16:02 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-04 10:54 . 2009-11-02 21:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 10:54 . 2009-11-02 21:22 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-04 10:53 . 2009-11-02 21:22 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-29 07:43 . 2008-04-14 06:52 983040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . B459C87AA60BADADF3F0887737889CFF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 3E902BD4D0EFB9E73C515DD3DEB6003B . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 8097658FEC4E7E65C8A63E6B7B2B0921 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . F343C3CE6026ADE482D48B2D4F881A1D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 37CFE7928711C8157CF4D191F0EF5F69 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . F658908845F3EB727FEF4769ED0E52FE . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_19.24.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 20:17 . 2010-01-19 20:17 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2010-01-19 20:17 . 2010-01-19 20:17 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"1QV60oMJ06Z0yUnOF2JI"="c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe" [2010-01-03 2498661]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2010-1-3 3656]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-17 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:4951bd5a

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2.11.2009 22:28 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.11.2009 23:05 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 17:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.11.2009 23:05 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2009 17:50 691696]
S2 FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart --> c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart [?]
S2 gupdate1ca6057cb237400;Služba Google Update (gupdate1ca6057cb237400);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2009 10:42 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DB4UNE5V-NF91-RJA1-RMC4-UOF6WOE7WNE5}]
2010-01-03 01:42 2498661 ----a-w- c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-08 17:59]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
TCP: {0C3A2C65-1705-44FB-8466-A06AE19942AD} = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
Binary file raw_enum.dat matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
Celkový čas: 2010-01-19 21:31:27
ComboFix-quarantined-files.txt 2010-01-19 20:31
ComboFix2.txt 2010-01-19 19:32

Před spuštěním: Volných bajtů: 392 262 508 544
Po spuštění: Volných bajtů: 392 241 246 208

- - End Of File - - A7851811E8F347A06D2C810E7F0A0B73

Damned · Příspěvekod **Damned** » 19 led 2010 22:17

Ještě jeden.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe

Folder::
c:\program files\ICQ6Toolbar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\PC nabourani\\srct_server.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.

radek16 · Příspěvekod **radek16** » 19 led 2010 23:29

ComboFix 10-01-19.02 - uživatel 19.01.2010 23:17:47.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.562 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 19:13 . 2010-01-19 19:13 391680 ----a-w- c:\windows\system32\CF1130.exe
2010-01-19 19:13 . 2010-01-19 19:12 391680 ----a-w- c:\windows\system32\CF990.exe
2010-01-19 18:38 . 2010-01-19 18:38 -------- d-----w- c:\program files\CCleaner
2010-01-19 15:33 . 2010-01-19 17:00 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 15:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 15:28 . 2010-01-19 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 06:06 . 2010-01-19 06:06 -------- d-----w- c:\program files\Trend Micro
2010-01-17 19:27 . 2010-01-17 19:27 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-17 18:31 . 2009-09-29 20:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-01-17 18:31 . 2009-09-30 02:08 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-01-17 18:31 . 2009-04-23 21:29 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\DIFX
2010-01-17 18:25 . 2010-01-17 18:25 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\USB TV
2010-01-17 18:10 . 2010-01-17 18:10 -------- d-----w- C:\ATI
2010-01-17 18:06 . 2010-01-19 16:26 -------- d-----w- c:\program files\Lightsmark 2007
2010-01-13 19:41 . 2010-01-13 19:41 -------- d-----w- c:\program files\URUSoft
2010-01-08 16:00 . 2010-01-12 06:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-07 19:06 . 2010-01-07 19:07 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-07 15:40 . 2010-01-07 15:40 -------- d-----w- c:\program files\GIMP-2.0
2010-01-06 15:28 . 2010-01-06 15:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-04 14:55 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-01 11:36 . 2010-01-15 17:44 -------- d-----w- c:\program files\Prison Tycoon 4
2009-12-31 18:49 . 2009-12-31 23:03 -------- d-----w- C:\Shoty
2009-12-31 18:48 . 2009-12-31 18:48 -------- d-----w- c:\program files\ScreenShots
2009-12-31 18:45 . 2009-12-31 18:45 286720 ------w- c:\windows\Setup1.exe
2009-12-31 18:45 . 2009-12-31 18:45 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 18:41 . 2009-12-31 18:42 -------- d-----w- c:\program files\Take Screenshot
2009-12-31 17:20 . 2009-12-31 17:22 -------- d-----w- c:\program files\Hide IP NG
2009-12-31 17:14 . 1997-06-06 14:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2009-12-31 09:04 . 2009-01-22 01:40 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-12-31 09:04 . 2009-12-31 14:57 -------- d-----w- c:\program files\Hide My IP 2009
2009-12-31 08:47 . 2009-12-31 09:03 -------- d-----w- c:\program files\Easy-Hide-IP
2009-12-30 08:29 . 2009-12-30 08:29 -------- d-----w- c:\program files\MTA San Andreas
2009-12-28 13:34 . 2009-12-28 13:34 90112 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 13:34 . 2009-12-28 13:34 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-12-28 13:27 . 2009-12-28 13:27 -------- d-----w- c:\program files\Giant
2009-12-23 19:55 . 2009-12-23 19:55 -------- d-----w- c:\program files\Alien IP
2009-12-23 18:49 . 2009-12-23 18:51 -------- d-----w- C:\GTA San Andreas Music
2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\VideoLAN
2009-12-21 06:06 . 2009-12-21 06:06 -------- d-----w- c:\program files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:58 . 2009-11-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 17:02 . 2009-11-04 16:02 -------- d-----w- c:\program files\Spyware Terminator
2010-01-19 07:46 . 2009-11-04 18:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-19 07:46 . 2009-11-04 18:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-17 19:22 . 2009-11-02 21:41 -------- d-----w- c:\program files\ATI Technologies
2010-01-13 07:45 . 2009-11-04 16:07 -------- d-----w- c:\program files\WinClamAVShield
2010-01-11 20:28 . 2009-12-12 19:55 -------- d-----w- c:\program files\CamStudio
2010-01-11 15:01 . 2009-11-04 17:27 -------- d-----w- c:\program files\Activision
2009-12-31 07:08 . 2009-12-17 16:59 -------- d-----w- c:\program files\Winferno
2009-12-29 19:40 . 2009-12-14 17:24 -------- d-----w- c:\program files\Testy ZP
2009-12-28 17:20 . 2009-11-08 09:42 -------- d-----w- c:\program files\Google
2009-12-18 14:27 . 2009-11-04 16:02 -------- d-----w- c:\program files\Crawler
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Baykonur
2009-12-17 17:21 . 2009-12-17 17:21 1245149 ----a-w- c:\windows\system32\Baykonur.scr
2009-12-17 17:11 . 2009-12-17 17:11 -------- d-----w- c:\program files\Cities of Earth
2009-12-17 14:42 . 2009-12-17 14:42 -------- d-s---w- c:\program files\HLSW
2009-12-13 11:01 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-12 20:21 . 2009-12-12 20:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-12 19:20 . 2009-12-05 14:06 -------- d-----w- c:\program files\Razor
2009-12-11 19:22 . 2009-12-10 20:02 -------- d-----w- c:\program files\PCNetSoftware
2009-12-11 05:59 . 2001-10-25 14:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 05:59 . 2001-10-25 14:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 13:47 . 2009-11-26 05:57 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-10 13:47 . 2009-11-26 05:57 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-26 05:49 . 2009-11-26 05:49 -------- d-----w- c:\program files\Ubisoft
2009-11-24 23:54 . 2009-11-02 22:05 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-02 22:05 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-02 22:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-02 22:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-02 22:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-02 22:05 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-02 22:05 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-02 22:05 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-02 22:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 14:29 . 2009-11-24 14:29 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-21 21:22 . 2009-11-21 21:22 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 21:51 . 2009-11-07 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 06:59 . 2009-11-04 18:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-05 05:42 . 2009-11-04 16:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 17:13 . 2009-11-04 17:13 7056 ----a-w- c:\windows\CDILLA16.EXE
2009-11-04 17:13 . 2009-11-04 17:13 63344 ----a-w- c:\windows\CDILLA05.DLL
2009-11-04 17:13 . 2009-11-04 17:13 57392 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2009-11-04 17:13 . 2009-11-04 17:13 55376 ----a-w- c:\windows\CDILLA40.DLL
2009-11-04 17:13 . 2009-11-04 17:13 45056 ----a-w- c:\windows\CDILLA13.DLL
2009-11-04 17:13 . 2009-11-04 17:13 32256 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2009-11-04 17:13 . 2009-11-04 17:13 260096 ----a-w- c:\windows\CDILLA32.DLL
2009-11-04 17:13 . 2009-11-04 17:13 23856 ----a-w- c:\windows\CDILLA10.EXE
2009-11-04 16:02 . 2009-11-04 16:02 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-04 10:54 . 2009-11-02 21:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 10:54 . 2009-11-02 21:22 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-04 10:53 . 2009-11-02 21:22 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-29 07:43 . 2008-04-14 06:52 983040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-14 06:52 . 2008-04-14 06:52 2498661 --sh--r- c:\windows\system32\orospo.exe
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . F4B291D8B0CA0CA20D84E183A27C56B7 . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . B459C87AA60BADADF3F0887737889CFF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 3E902BD4D0EFB9E73C515DD3DEB6003B . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 8097658FEC4E7E65C8A63E6B7B2B0921 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . F343C3CE6026ADE482D48B2D4F881A1D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 3EC8D4E84194C8CB90E68F47DE7A4F96 . 2352512 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . 9411820E9E4D9A4E10B7E61CE1D747DD . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 37CFE7928711C8157CF4D191F0EF5F69 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . F658908845F3EB727FEF4769ED0E52FE . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . B5D1668B99CA110D6A4F8BBAD5802459 . 2229376 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_19.24.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 22:12 . 2010-01-19 22:12 16384 c:\windows\Temp\Perflib_Perfdata_690.dat
+ 2010-01-19 22:12 . 2010-01-19 22:12 16384 c:\windows\Temp\Perflib_Perfdata_100.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Windows Service"="orospo.exe" [2008-04-14 2498661]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Service"="orospo.exe" [2008-04-14 2498661]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2010-1-3 3656]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-17 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:47c0aa8c

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2.11.2009 22:28 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.11.2009 23:05 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 17:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.11.2009 23:05 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2009 17:50 691696]
S2 FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart --> c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart [?]
S2 gupdate1ca6057cb237400;Služba Google Update (gupdate1ca6057cb237400);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2009 10:42 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19.1.2010 16:28 38224]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-08 17:59]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
TCP: {0C3A2C65-1705-44FB-8466-A06AE19942AD} = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-1QV60oMJ06Z0yUnOF2JI - c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
ActiveSetup-{DB4UNE5V-NF91-RJA1-RMC4-UOF6WOE7WNE5} - c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 23:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
Binary file raw_enum.dat matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
Celkový čas: 2010-01-19 23:26:58
ComboFix-quarantined-files.txt 2010-01-19 22:26
ComboFix2.txt 2010-01-19 20:31
ComboFix3.txt 2010-01-19 19:32

Před spuštěním: Volných bajtů: 392 215 121 920
Po spuštění: Volných bajtů: 392 194 031 616

- - End Of File - - 1A4064A3B0808D5E55938D6DABCB8ADA

Damned · Příspěvekod **Damned** » 20 led 2010 05:45

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

radek16 · Příspěvekod **radek16** » 20 led 2010 06:25

Chci vam podekovat problem se vyresil.Udelal jsem uplny Scan Malware anti-bytes a SpyWare a do tretice SpyBot search and destroy

Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Kdo je online