prosím o kontrolu logu z Hijackthis

adidass · Příspěvekod **adidass** » 28 úno 2010 07:14

takze muj problem je v hroznem sekani pc viz... viewtopic.php?f=7&t=50860&start=12
prosim o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:57, on 27.2.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\HKExt3.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [HKExt3] HKExt3.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O13 - Gopher Prefix:
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3479 bytes

Reklama

autoprd · Příspěvekod **autoprd** » 28 úno 2010 14:21

Tak spusť HiJackThis pro tentokrát vyber Do a system scan only!
Zatrhni položky, které jsou níže uvedené a stiskni Fix checked.

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

A počkej až dokončí svůj proces, poté program vypni.

autoprd · Příspěvekod **autoprd** » 28 úno 2010 14:21

Stáhni si ATF Cleaner
Spust a stiskni na select all found
Jestli jedeš přes Mozilu Firefox klikni na Firefox nahoře a vyber: Select All, potom klikni na Empty Selected.
Jestli jedeš přes Operu klikni nahoře na Operu a vyber: Select All, potom klikni na Empty Selected.
Až se to vyčistí klikni na exit pro ukončení.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

adidass · Příspěvekod **adidass** » 28 úno 2010 21:22

no tak ten druhy navod je trochu jinak a mam sice log ale asi ti bude prd platny nic na nem neni no je ae nic podstatneho tady je
alwarebytes' Anti-Malware 1.44
Verze databáze: 3808
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28.2.2010 21:21:16
mbam-log-2010-02-28 (21-21-16).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 98982
Uplynulý čas: 3 minute(s), 22 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

autoprd · Příspěvekod **autoprd** » 28 úno 2010 23:40

Vypni rez. ochrany antiviru+deaktivuj firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

adidass · Příspěvekod **adidass** » 05 bře 2010 15:24

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-789336058-764733703-682003330-1004

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 14:01 . 2010-03-05 14:02 -------- d-----w- c:\users\vasek\AppData\Local\temp
2010-03-05 14:01 . 2010-03-05 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-05 13:53 . 2010-03-05 13:53 -------- d-----w- c:\users\vasek\AppData\Local\ESET
2010-03-05 13:06 . 2010-03-05 13:06 -------- d-----w- c:\users\vasek\AppData\Local\ATI
2010-03-05 13:05 . 2010-03-05 13:05 -------- d-----w- c:\users\vasek\AppData\Local\AOL
2010-02-28 20:02 . 2010-02-28 20:02 -------- d-----w- c:\users\vasek\AppData\Roaming\Malwarebytes
2010-02-28 20:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 20:02 . 2010-02-28 20:02 -------- d-----w- c:\programdata\Malwarebytes
2010-02-28 20:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 20:02 . 2010-02-28 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 19:54 . 2010-02-28 19:54 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-28 19:53 . 2010-02-28 19:54 -------- d-----w- c:\programdata\ICQ
2010-02-28 19:53 . 2010-02-28 19:54 -------- d-----w- c:\users\vasek\AppData\Roaming\ICQ
2010-02-28 19:52 . 2010-02-28 19:54 -------- d-----w- c:\program files\ICQ7.0
2010-02-28 14:22 . 2010-02-28 14:22 -------- d--h--r- c:\users\vasek\AppData\Roaming\SecuROM
2010-02-28 14:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-02-28 14:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-02-28 14:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-02-28 14:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-02-28 14:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-02-28 14:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-02-28 14:02 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-02-28 13:55 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-02-28 13:55 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-02-28 13:55 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-02-28 13:54 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-02-28 13:54 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-02-28 13:41 . 2010-02-28 13:41 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-28 13:40 . 2010-02-28 13:40 -------- d-----w- c:\windows\system32\xlive
2010-02-28 13:40 . 2010-02-28 13:48 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-28 13:13 . 2010-02-28 14:41 -------- d-----w- c:\users\vasek\AppData\Local\Rockstar Games
2010-02-27 21:00 . 2010-02-27 21:00 -------- d-----w- c:\program files\Trend Micro
2010-02-27 10:59 . 2010-02-27 14:32 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-27 10:02 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 10:02 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 10:02 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-27 10:02 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-27 08:17 . 2010-02-28 20:37 -------- d-----w- c:\program files\utorrent
2010-02-26 23:39 . 2010-02-26 23:39 -------- d-----w- c:\program files\Lavalys
2010-02-26 18:35 . 2010-02-26 18:35 -------- d-----w- c:\programdata\WindowsSearch
2010-02-26 18:06 . 2010-02-26 18:06 -------- d-----w- C:\$WINDOWS.~LS
2010-02-26 17:48 . 2010-02-26 17:48 -------- d-----w- C:\$WINDOWS.~BT
2010-02-25 17:43 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-25 17:38 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-25 17:38 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-25 17:38 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-25 17:26 . 2009-12-18 13:05 833024 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 17:25 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 17:25 . 2009-12-18 10:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-25 17:25 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-02-25 17:25 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-02-25 17:24 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-02-25 17:22 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-02-25 17:22 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-02-25 17:22 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-02-25 17:22 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-02-25 17:22 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-02-25 17:22 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-02-25 17:22 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-02-25 17:22 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-02-25 17:22 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-02-25 17:18 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-02-25 17:18 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-25 17:17 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-02-25 17:17 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2010-02-25 17:17 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2010-02-25 17:17 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2010-02-25 17:17 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2010-02-25 17:17 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2010-02-25 17:17 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-02-25 17:17 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-02-25 17:17 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-02-25 17:17 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-02-25 17:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-02-25 17:14 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-25 17:14 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-02-25 17:14 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-02-25 17:14 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-02-25 17:11 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-25 17:10 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-02-25 17:08 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-25 17:08 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2010-02-25 17:08 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 17:04 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-25 17:04 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-25 17:04 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-25 17:04 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-02-25 17:04 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-02-25 17:04 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-02-25 17:02 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-02-25 17:02 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2010-02-25 17:02 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-02-25 17:02 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-02-25 17:02 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-02-25 17:02 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2010-02-25 17:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-02-25 17:01 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-02-25 17:01 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2010-02-25 17:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-25 17:00 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-02-25 16:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-25 16:59 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-02-25 16:59 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-02-25 16:59 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-25 16:58 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-25 16:57 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-25 16:57 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-25 16:57 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-25 16:57 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-25 16:57 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-25 16:57 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-25 16:57 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-25 16:57 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-25 16:57 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-25 16:57 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-25 16:55 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2010-02-25 16:48 . 2010-02-25 16:48 -------- d-----w- c:\program files\ESET
2010-02-25 16:18 . 2010-02-25 16:18 -------- d-----w- c:\windows\system32\Macromed
2010-02-25 16:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-02-25 16:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-02-25 16:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 15:19 . 2008-01-21 06:46 792694 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 15:19 . 2008-01-21 06:46 180606 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:14 . 2009-10-15 10:07 -------- d-----w- c:\program files\Rockstar Games
2010-02-27 19:37 . 2010-02-27 19:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-27 11:00 . 2009-11-07 07:03 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-25 18:48 . 2010-02-24 18:14 49168 ----a-w- c:\users\vasek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 17:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-25 17:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 19:52 . 2009-10-10 05:53 -------- d-----w- c:\program files\Hry
2010-02-24 19:25 . 2010-02-24 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-24 19:25 . 2010-02-24 19:25 -------- d-----w- c:\program files\Realtek
2010-02-24 19:04 . 2009-11-13 16:44 -------- d-----w- c:\program files\Vegas Pro 9.0
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Plocha
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Oblíbené položky
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Šablony
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Nabídka Start
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Dokumenty
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Data aplikací
2010-01-25 12:48 . 2010-02-25 17:05 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 17:05 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 17:05 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 17:05 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 17:05 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 17:05 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 17:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 17:05 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 17:05 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-12-11 12:07 . 2010-02-25 17:05 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-25 17:05 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-25 17:03 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-25 306088]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-10 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"HKExt3"="HKExt3.exe" [2008-09-16 313856]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - c:\program files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2010-2-24 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-05-24 26736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\DRIVERS\GPlus.sys [2004-05-21 283392]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 15:02
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\TMP0000004E7CDAFB44BF05C309 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-411705913-1685533206-113458850-1000\Software\SecuROM\License information*]
"datasecu"=hex:66,95,af,d1,39,e6,74,4c,3a,17,58,f1,40,70,3b,92,93,2f,0d,3e,09,
1d,26,15,95,50,1f,8d,48,53,fa,d7,5e,de,11,20,85,53,9b,76,89,2e,a4,92,09,64,\
"rkeysecu"=hex:bc,e0,fd,fb,32,69,dd,29,7a,58,ff,33,4d,4e,13,57
.
Celkový čas: 2010-03-05 15:04:13
ComboFix-quarantined-files.txt 2010-03-05 14:04

Před spuštěním: Volných bajtů: 75 220 127 744
Po spuštění: Volných bajtů: 74 712 530 944

- - End Of File - - 5FDC6ECA526248C0262C07BC64253B9B

Damned · Příspěvekod **Damned** » 05 bře 2010 15:58

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\system32\ci.dll

autoprd · Příspěvekod **autoprd** » 05 bře 2010 18:32

a odinstaluj si ten icq 6 toolbar.

adidass · Příspěvekod **adidass** » 05 bře 2010 19:04

tady je to co mi to napsalo

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.05 -
AhnLab-V3 5.0.0.2 2010.03.05 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.05 -
Avast 4.8.1351.0 2010.03.05 -
Avast5 5.0.332.0 2010.03.05 -
AVG 9.0.0.730 2010.03.05 -
BitDefender 7.2 2010.03.05 -
CAT-QuickHeal 10.00 2010.03.05 -
ClamAV 0.96.0.0-git 2010.03.05 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.05 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7341 2010.03.05 -
F-Prot 4.5.1.85 2010.03.04 -
F-Secure 9.0.15370.0 2010.03.05 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.05 -
Ikarus T3.1.1.80.0 2010.03.05 -
Jiangmin 13.0.900 2010.03.05 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.05 -
McAfee 5911 2010.03.05 -
McAfee+Artemis 5911 2010.03.05 -
McAfee-GW-Edition 6.8.5 2010.03.05 -
Microsoft 1.5502 2010.03.05 -
NOD32 4918 2010.03.05 -
Norman 6.04.08 2010.03.05 -
nProtect 2009.1.8.0 2010.03.05 -
Panda 10.0.2.2 2010.03.04 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.05 -
Rising 22.37.04.04 2010.03.05 -
Sophos 4.51.0 2010.03.05 -
Sunbelt 5760 2010.03.05 -
Symantec 20091.2.0.41 2010.03.05 -
TheHacker 6.5.1.7.221 2010.03.05 -
TrendMicro 9.120.0.1004 2010.03.05 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.05 -
Rozšiřující informace
File size: 615992 bytes
MD5...: f935df6f39bc274dea31ba84071ed89d
SHA1..: 95128b81992342af9b3e09e33843cc02b8379ca4
SHA256: 62dc2654198df856d929390408147d2f67821a1641334a89e4766e56abb33c36
ssdeep: 6144:nVSbv8s0UiQ9wAEAaFWhy3ExJivT0h39VrE7VR1Q4S:Mbv8XUiQWnAOWhy3
IVrE96
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x0
timedatestamp.....: 0x47be5708 (Fri Feb 22 05:00:56 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7ef88 0x7f000 5.51 1c261294f7cdd6115c8d710dab6845f7
.data 0x80000 0x49e98 0x2e00 7.93 a2314a9a4afcd3f2ea1e39e66c89b43e
PAGE 0xca000 0xbb25 0xbc00 6.72 bac430894cebe6993b0fc31a71f3ac61
.edata 0xd6000 0xc9 0x200 2.46 f205c39d21007fb7b785b7b9f40e3e93
PAGECONS 0xd7000 0x15ac 0x1600 7.37 ca107de80573fdec5f2b15e75d2d444d
PAGEDATA 0xd9000 0x30 0x200 0.65 52e26cb23585ae513469166f68d1d2cc
INIT 0xda000 0x990 0xa00 5.45 f6fab839bd4b6eee874d0d982b13f6ce
.rsrc 0xdb000 0x2560 0x2600 3.59 267b9cec864009f2dc9569a26c9c2a19
.reloc 0xde000 0x15ce 0x1600 4.64 1731ad9bc491c21a83f196e73e1a7e47

( 1 imports )
> ntoskrnl.exe: ExfAcquirePushLockExclusive, ExfTryToWakePushLock, RtlCopyUnicodeString, ExAllocatePoolWithTag, KdDebuggerNotPresent, KdDebuggerEnabled, ZwClose, ZwQueryInformationFile, ZwOpenFile, EtwEventEnabled, ZwQueryValueKey, ZwOpenKey, RtlInitUnicodeString, ExQueueWorkItem, ExFreePoolWithTag, KeBugCheckEx, KeTickCount, KeSetTimer, KeInitializeDpc, KeInitializeTimer, EtwUnregister, InitSafeBootMode, EtwRegister, _allmul, PsGetCurrentProcess, DbgBreakPoint, DbgPrint, ObOpenObjectByPointer, IoFileObjectType, ObQueryNameString, memcpy, KeUnstackDetachProcess, RtlFreeUnicodeString, KeStackAttachProcess, memset, PsIsProtectedProcess, RtlImageNtHeader, FsRtlGetFileSize, memmove, ExAllocatePoolWithQuotaTag, PsIsCurrentThreadPrefetching, ZwReadFile, EtwWrite, SeReportSecurityEventWithSubCategory, MmUnlockPages, KeWaitForSingleObject, IoPageRead, KeInitializeEvent, MmProbeAndLockPages, MmSizeOfMdl, RtlUnwind, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, ZwFreeVirtualMemory, RtlCompareMemory, qsort, ZwAllocateVirtualMemory, KeLeaveCriticalRegion, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, ExAcquireResourceSharedLite, ExInitializeResourceLite, ExDeleteResourceLite, RtlCompressBuffer, RtlGetCompressionWorkSpaceSize, ZwWriteFile, ZwCreateFile, RtlDecompressBuffer, RtlAppendUnicodeStringToString, ExConvertExclusiveToSharedLite, RtlCompareUnicodeString, ZwQueryDirectoryFile, RtlCreateUnicodeString, bsearch, atol, _aulldiv, PsCreateSystemThread, RtlAppendUnicodeToString, wcschr, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwQuerySystemInformation, PsSetCreateProcessNotifyRoutine, IoGetCurrentProcess, PsGetProcessId, PsInitialSystemProcess, PsTerminateSystemThread, RtlRunOnceExecuteOnce, KeSetPriorityThread, KeGetCurrentThread, NtSetInformationThread, NtQueryInformationThread, wcsncmp, ExAllocatePool

( 5 exports )
CiFindPageHashesInCatalog, CiFindPageHashesInSignedFile, CiFreePolicyInfo, CiGetPEInformation, CiInitialize
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Code Integrity Module
original name: ci.dll
internal name: ci.dll
file version.: 6.0.6001.18023 (vistasp1_gdr.080221-1537)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

adidass · Příspěvekod **adidass** » 05 bře 2010 19:05

a nebo odkaz ae nevim jestli bude fungovat http://www.virustotal.com/cs/analisis/6 ... 1267812118

Damned · Příspěvekod **Damned** » 05 bře 2010 19:21

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\TEMP\TMP0000004E7CDAFB44BF05C309

Folder::
c:\program files\ICQ6Toolbar
c:\windows\TEMP\TMP0000004E7CDAFB44BF05C309

FolderLook::
C:\$WINDOWS.~LS
C:\$WINDOWS.~BT

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

adidass · Příspěvekod **adidass** » 05 bře 2010 20:37

ComboFix 10-03-04.05 - vasek 05.03.2010 20:26:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.1080 [GMT 1:00]
Spuštěný z: c:\users\vasek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\vasek\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\windows\TEMP\TMP0000004E7CDAFB44BF05C309"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 19:34 . 2010-03-05 19:34 -------- d-----w- c:\users\vasek\AppData\Local\temp
2010-03-05 19:34 . 2010-03-05 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-05 19:34 . 2010-03-05 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-05 13:53 . 2010-03-05 13:53 -------- d-----w- c:\users\vasek\AppData\Local\ESET
2010-03-05 13:06 . 2010-03-05 13:06 -------- d-----w- c:\users\vasek\AppData\Local\ATI
2010-03-05 13:05 . 2010-03-05 13:05 -------- d-----w- c:\users\vasek\AppData\Local\AOL
2010-02-28 20:02 . 2010-02-28 20:02 -------- d-----w- c:\users\vasek\AppData\Roaming\Malwarebytes
2010-02-28 20:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 20:02 . 2010-02-28 20:02 -------- d-----w- c:\programdata\Malwarebytes
2010-02-28 20:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 20:02 . 2010-02-28 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 19:53 . 2010-02-28 19:54 -------- d-----w- c:\programdata\ICQ
2010-02-28 19:53 . 2010-03-05 19:22 -------- d-----w- c:\users\vasek\AppData\Roaming\ICQ
2010-02-28 19:52 . 2010-02-28 19:54 -------- d-----w- c:\program files\ICQ7.0
2010-02-28 14:22 . 2010-02-28 14:22 -------- d--h--r- c:\users\vasek\AppData\Roaming\SecuROM
2010-02-28 14:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-02-28 14:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-02-28 14:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-02-28 14:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-02-28 14:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-02-28 14:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-02-28 14:02 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-02-28 13:55 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-02-28 13:55 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-02-28 13:55 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-02-28 13:54 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-02-28 13:54 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-02-28 13:41 . 2010-02-28 13:41 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-28 13:40 . 2010-02-28 13:40 -------- d-----w- c:\windows\system32\xlive
2010-02-28 13:40 . 2010-02-28 13:48 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-28 13:13 . 2010-02-28 14:41 -------- d-----w- c:\users\vasek\AppData\Local\Rockstar Games
2010-02-27 21:00 . 2010-02-27 21:00 -------- d-----w- c:\program files\Trend Micro
2010-02-27 10:59 . 2010-02-27 14:32 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-27 10:02 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 10:02 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 10:02 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-27 10:02 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-27 08:17 . 2010-03-05 19:21 -------- d-----w- c:\program files\utorrent
2010-02-26 23:39 . 2010-02-26 23:39 -------- d-----w- c:\program files\Lavalys
2010-02-26 18:35 . 2010-02-26 18:35 -------- d-----w- c:\programdata\WindowsSearch
2010-02-26 18:06 . 2010-02-26 18:06 -------- d-----w- C:\$WINDOWS.~LS
2010-02-26 17:48 . 2010-02-26 17:48 -------- d-----w- C:\$WINDOWS.~BT
2010-02-25 17:43 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-25 17:38 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-25 17:38 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-25 17:38 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-25 17:26 . 2009-12-18 13:05 833024 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 17:25 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 17:25 . 2009-12-18 10:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-25 17:25 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-02-25 17:25 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-02-25 17:24 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-02-25 17:22 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-02-25 17:22 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-02-25 17:22 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-02-25 17:22 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-02-25 17:22 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-02-25 17:22 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-02-25 17:22 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-02-25 17:22 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-02-25 17:22 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-02-25 17:18 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-02-25 17:18 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-25 17:17 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-02-25 17:17 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2010-02-25 17:17 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2010-02-25 17:17 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2010-02-25 17:17 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2010-02-25 17:17 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2010-02-25 17:17 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-02-25 17:17 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-02-25 17:17 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-02-25 17:17 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-02-25 17:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-02-25 17:14 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-25 17:14 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-02-25 17:14 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-02-25 17:14 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-02-25 17:11 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-25 17:10 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-02-25 17:08 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-25 17:08 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2010-02-25 17:08 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 17:04 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-25 17:04 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-25 17:04 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-25 17:04 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-25 17:04 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-02-25 17:04 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-02-25 17:04 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-02-25 17:02 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-02-25 17:02 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2010-02-25 17:02 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-02-25 17:02 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-02-25 17:02 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-02-25 17:02 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2010-02-25 17:02 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-02-25 17:01 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-02-25 17:01 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2010-02-25 17:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-25 17:00 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-02-25 16:59 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-25 16:59 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-02-25 16:59 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-02-25 16:59 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-25 16:58 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-25 16:57 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-25 16:57 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-25 16:57 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-25 16:57 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-25 16:57 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-25 16:57 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-25 16:57 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-25 16:57 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-25 16:57 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-25 16:57 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-25 16:55 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2010-02-25 16:48 . 2010-02-25 16:48 -------- d-----w- c:\program files\ESET
2010-02-25 16:18 . 2010-02-25 16:18 -------- d-----w- c:\windows\system32\Macromed
2010-02-25 16:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-02-25 16:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-02-25 16:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 15:19 . 2008-01-21 06:46 792694 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 15:19 . 2008-01-21 06:46 180606 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:14 . 2009-10-15 10:07 -------- d-----w- c:\program files\Rockstar Games
2010-02-27 19:37 . 2010-02-27 19:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-27 11:00 . 2009-11-07 07:03 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-25 18:48 . 2010-02-24 18:14 49168 ----a-w- c:\users\vasek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 17:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-25 17:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 19:52 . 2009-10-10 05:53 -------- d-----w- c:\program files\Hry
2010-02-24 19:25 . 2010-02-24 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-24 19:25 . 2010-02-24 19:25 -------- d-----w- c:\program files\Realtek
2010-02-24 19:04 . 2009-11-13 16:44 -------- d-----w- c:\program files\Vegas Pro 9.0
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Plocha
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Oblíbené položky
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Šablony
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Nabídka Start
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Dokumenty
2010-02-24 18:11 . 2010-02-24 18:11 -------- d-sh--we c:\programdata\Data aplikací
2010-01-25 12:48 . 2010-02-25 17:05 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 17:05 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 17:05 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 17:05 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 17:05 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 17:05 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 17:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 17:05 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 17:05 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-12-11 12:07 . 2010-02-25 17:05 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-25 17:05 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-25 17:03 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_14.02.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 19:24 . 2010-03-05 19:25 6221824 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-25 306088]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-10 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"HKExt3"="HKExt3.exe" [2008-09-16 313856]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
D-Link AirPlus G+ Wireless Adapter Utility.lnk - c:\program files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2010-2-24 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 20:34
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-411705913-1685533206-113458850-1000\Software\SecuROM\License information*]
"datasecu"=hex:66,95,af,d1,39,e6,74,4c,3a,17,58,f1,40,70,3b,92,93,2f,0d,3e,09,
1d,26,15,95,50,1f,8d,48,53,fa,d7,5e,de,11,20,85,53,9b,76,89,2e,a4,92,09,64,\
"rkeysecu"=hex:bc,e0,fd,fb,32,69,dd,29,7a,58,ff,33,4d,4e,13,57
.
Celkový čas: 2010-03-05 20:36:26
ComboFix-quarantined-files.txt 2010-03-05 19:36
ComboFix2.txt 2010-03-05 14:04

Před spuštěním: Volných bajtů: 72 791 719 936
Po spuštění: Volných bajtů: 72 236 904 448

- - End Of File - - 708647F16CEA47D7A67880D2B411608E

prosím o kontrolu logu z Hijackthis Vyřešeno

prosím o kontrolu logu z Hijackthis Vyřešeno

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Re: prosi o kontrolu logu z Hijackthis

Kdo je online