Prosím o kontrolu logu Vyřešeno

[Nekac1]

Zdravím, nějak mi začla blbout mozilla (občas při spuštění místo hlavní stránky otevře jen prázdný panel a při zadání adresy se načte jen prázdný panel, pomůže (asi) jen restart PC) tak prosím žádám o kotrolu logu



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:25, on 17.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\BOINC\Core\boincmgr.exe
D:\Program Files\BOINC\Core\boinctray.exe
D:\Program Files\VMware Player\hqtray.exe
D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\system32\vmnat.exe
C:\windows\system32\mqsvc.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\vmnetdhcp.exe
C:\windows\system32\mqtgsvc.exe
D:\Program Files\BOINC\Core\boinc.exe
D:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_2.36_windows_intelx86__nci.exe
D:\Program Files\BOINC\Data\projects\eon.ices.utexas.edu_eon2\eonclient_2.3_windows_intelx86
D:\Program Files\BOINC\Data\projects\eon.ices.utexas.edu_eon2\eonclient_2.3_windows_intelx86
D:\Program Files\WAMP\wampmanager.exe
D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
D:\Program Files\WAMP\bin\mysql\mysql5.1.36\bin\mysqld.exe
D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
D:\Program Files\Pidgin\pidgin.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\HiJackThis\hijackthis.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\Core\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\Core\boinctray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [JavaPlatformMan] C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - http://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\Software\..\Telephony: DomainName = kliber.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kliber.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware Player\vmware-ufad.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\Ventrilo Server\ventrilo_svc.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\Program Files\WAMP\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 11419 bytes

[Reklama]

[Žbeky]

Dělá to, i když ho spustíš jako Firefox (Nouzový režim)?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Nekac1]

Ta mozilla přestala blbout, možná to bylo internetem nebo něčím, každopádně tady je ten log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5795

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.2.2011 14:53:19
mbam-log-2011-02-18 (14-53-19).txt

Typ kontroly: Rychlý test
Testované objekty: 165989
Uplynulý čas: 4 minut, 44 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Nekac1]

Log z ComboFixu:



ComboFix 11-02-17.02 - ADMIN 18.02.2011 16:02:42.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1477 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\wpe pro.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-18 do 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 13:46 . 2011-02-18 13:46 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-17 18:23 . 2011-02-17 18:23 5076 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-14 18:18 . 2011-02-14 18:18 -------- d-----w- c:\program files\Microsoft XNA
2011-02-07 16:09 . 2006-02-05 21:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2011-02-07 16:09 . 2006-02-05 21:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2011-01-29 09:50 . 2011-01-29 11:39 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\DVD Flick
2011-01-29 09:49 . 2008-08-31 12:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-01-29 09:49 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-01-29 09:49 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-01-29 09:49 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-01-29 09:49 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2011-01-29 09:04 . 2011-02-01 21:34 65536 ----a-w- c:\windows\IFinst27.exe
2011-01-28 13:05 . 2011-01-28 13:05 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\DOSBox
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 15:48 . 2011-01-10 17:01 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-21 14:44 . 2002-09-23 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-12-12 16:28 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-12 16:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-12 16:29 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-12 16:29 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-12 16:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-12 16:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-12 16:29 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-12 16:29 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-12 16:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2002-09-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2002-09-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-09-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2002-09-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2002-09-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2002-09-23 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-12-12 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-12 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2008-11-19 10:07 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 10:18 . 2010-12-18 10:18 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2010-12-14 06:14 . 2010-04-15 16:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-14 06:14 . 2010-04-15 16:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-12 11:49 . 2010-12-12 11:49 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-09 15:15 . 2002-09-23 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2002-09-20 17:12 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2002-09-23 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2002-09-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
"Steam"="d:\program files\Steam\Steam.exe" [2011-02-15 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"TrueImageMonitor.exe"="d:\program files\Acronis True Image 2010\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"avast5"="c:\program files\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Screenshot Reader Retail]
2008-10-16 18:10 959776 ----a-w- d:\program files\ABBYY Screenshot Reader\ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-10 17:54 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\Ragnarok Online\\reexe.exe"=
"d:\\Hry\\Age of Mythology\\aom.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\Program Files\\Free SMTP Server\\localsrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [21.11.2008 16:47 40464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 14:22 721904]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [9.9.2010 19:36 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2010 17:29 294608]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.9.2010 19:36 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2010 17:29 17744]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18.12.2008 22:25 941784]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [17.11.2010 13:02 20328]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 20:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 20:00 563760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.9.2010 19:36 160288]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [18.12.2010 11:18 50728]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 16:18 759072]
S2 Apache2.2;Apache2.2;"d:\program files\xampp\apache\bin\apache.exe" -k runservice --> d:\program files\xampp\apache\bin\apache.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 21:10 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [23.12.2010 8:49 142320]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [23.12.2010 8:49 88304]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14.12.2010 7:06 27064]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 15:09 106496]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 15:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 21:29 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 20:10]

2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: {C38E8514-5955-4DB2-A1CB-879DBBAE15E0} = 212.71.150.2,212.71.146.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ABBYY Screenshot Reader Retail - (no file)
AddRemove-Magicka_is1 - e:\magicka\unins000.exe
AddRemove-TerraRE - version 6.0 - d:\hry\Ragnarok Renewal - Chronos\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 16:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-18 16:09:35
ComboFix-quarantined-files.txt 2011-02-18 15:09

Před spuštěním: Volných bajtů: 22 921 576 448
Po spuštění: Volných bajtů: 22 868 176 896

- - End Of File - - 3423749751A699F9300915E3C4B7E5B5

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

SecCenter::
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\windows\isRS-000.tmp
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\drivers\cpuz134_x32.sys
d:\program files\xampp\apache\bin\apache.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
cpuz134
Apache2.2

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\IFinst27.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Nekac1]

Log z Combofixu:


ComboFix 11-02-17.02 - ADMIN 19.02.2011 23:58:15.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1226 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\isRS-000.tmp"
"c:\windows\system32\drivers\cpuz134_x32.sys"
"c:\windows\system32\PerfStringBackup.TMP"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"d:\program files\xampp\apache\bin\apache.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\cpuz134_x32.sys
c:\windows\system32\PerfStringBackup.TMP
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APACHE2.2
-------\Legacy_CPUZ134
-------\Service_Apache2.2
-------\Service_cpuz134


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-19 do 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-14 18:18 . 2011-02-14 18:18 -------- d-----w- c:\program files\Microsoft XNA
2011-02-07 16:09 . 2006-02-05 21:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2011-02-07 16:09 . 2006-02-05 21:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2011-01-29 09:50 . 2011-01-29 11:39 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\DVD Flick
2011-01-29 09:49 . 2008-08-31 12:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-01-29 09:49 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-01-29 09:49 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-01-29 09:49 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-01-29 09:49 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2011-01-29 09:04 . 2011-02-01 21:34 65536 ----a-w- c:\windows\IFinst27.exe
2011-01-28 13:05 . 2011-01-28 13:05 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\DOSBox
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 15:48 . 2011-01-10 17:01 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-21 14:44 . 2002-09-23 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-12-12 16:28 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-12 16:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-12 16:29 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-12 16:29 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-12 16:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-12 16:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-12 16:29 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-12 16:29 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-12 16:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2002-09-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2002-09-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-09-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2002-09-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2002-09-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2002-09-23 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-12-12 12:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-12 12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2008-11-19 10:07 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 10:18 . 2010-12-18 10:18 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2010-12-14 06:14 . 2010-04-15 16:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-14 06:14 . 2010-04-15 16:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-12 11:49 . 2010-12-12 11:49 388096 ----a-r- c:\documents and settings\ADMIN\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-09 15:15 . 2002-09-23 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2002-09-20 17:12 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2002-09-23 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2002-09-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaPlatformMan"="c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe" [2010-03-30 701440]
"Steam"="d:\program files\Steam\Steam.exe" [2011-02-15 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"boincmgr"="d:\program files\BOINC\Core\boincmgr.exe" [2009-11-06 4793088]
"boinctray"="d:\program files\BOINC\Core\boinctray.exe" [2009-11-06 58112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"VMware hqtray"="d:\program files\VMware Player\hqtray.exe" [2010-01-22 64048]
"TrueImageMonitor.exe"="d:\program files\Acronis True Image 2010\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"avast5"="c:\program files\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Screenshot Reader Retail]
2008-10-16 18:10 959776 ----a-w- d:\program files\ABBYY Screenshot Reader\ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-10 17:54 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Pidgin\\pidgin.exe"=
"d:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\Ragnarok Online\\reexe.exe"=
"d:\\Hry\\Age of Mythology\\aom.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\Program Files\\Free SMTP Server\\localsrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Hry\\Warcraft III\\lancraft.exe"=
"d:\\Program Files\\BOINC\\Core\\boinc.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Hry\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"d:\\Program Files\\VMware Player\\vmware-authd.exe"=
"d:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"6121:TCP"= 6121:TCP:char-server_sql.exe
"6900:TCP"= 6900:TCP:login-server_sql.exe
"5121:TCP"= 5121:TCP:map-server_sql.exe
"6112:TCP"= 6112:TCP:Wc3Port
"3724:TCP"= 3724:TCP:WoW
"6110:TCP"= 6110:TCP:Warcraft
"57894:TCP"= 57894:TCP:Pando Media Booster
"57894:UDP"= 57894:UDP:Pando Media Booster
"4000:TCP"= 4000:TCP:Diablo 2
"56977:TCP"= 56977:TCP:Pando Media Booster
"56977:UDP"= 56977:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [21.11.2008 16:47 40464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2008 14:22 721904]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [9.9.2010 19:36 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2010 17:29 294608]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.9.2010 19:36 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2010 17:29 17744]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [18.12.2008 22:25 941784]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.1.2010 20:57 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.1.2010 20:00 563760]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.9.2010 19:36 160288]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [18.12.2010 11:18 50728]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;d:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16.10.2008 16:18 759072]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 21:10 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [23.12.2010 8:49 142320]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [23.12.2010 8:49 88304]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14.12.2010 7:06 27064]
S3 SaiK0621;SaiK0621;c:\windows\system32\drivers\SaiK0621.sys [22.10.2008 15:09 106496]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [3.8.2010 15:25 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [10.4.2010 21:29 23480]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-06-21 c:\windows\Tasks\StartTurnaje.job
- d:\vit\BoincObsluha\StartTurnaje.bat [2009-06-11 05:07]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\VMware Player\vsocklib.dll
TCP: {C38E8514-5955-4DB2-A1CB-879DBBAE15E0} = 212.71.150.2,212.71.146.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\cpp0nar4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 00:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="D:/Program Files/XAMPP/mysql/bin/mysqld-nt.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(336)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\progra~1\ArcSoft\PHOTOI~1\share\pihook.dll
d:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast5\AvastSvc.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
d:\program files\VMware Player\vmware-authd.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
d:\program files\BOINC\Core\boinc.exe
d:\program files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_2.37_windows_intelx86__nci.exe
d:\program files\BOINC\Data\projects\eon.ices.utexas.edu_eon2\eonclient_2.3_windows_intelx86
d:\program files\BOINC\Data\projects\eon.ices.utexas.edu_eon2\eonclient_2.3_windows_intelx86
.
**************************************************************************
.
Celkový čas: 2011-02-20 00:11:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-19 23:11
ComboFix2.txt 2011-02-18 15:09

Před spuštěním: Volných bajtů: 22 756 388 864
Po spuštění: Volných bajtů: 22 688 354 304

- - End Of File - - CAB22D7FD074A7FD269751A8EA81F299




+ sken toho souboru - http://www.virustotal.com/file-scan/rep ... 1298157151

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[Nekac1]

Použil jsem oba cleanery podle návodů, PC je rychlejší. Je v pořádku?

Log z HJT:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:04, on 21.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\windows\system32\spoolsv.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\BOINC\Core\boincmgr.exe
D:\Program Files\BOINC\Core\boinctray.exe
D:\Program Files\VMware Player\hqtray.exe
D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\system32\vmnat.exe
C:\windows\system32\mqsvc.exe
C:\windows\system32\vmnetdhcp.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\windows\system32\mqtgsvc.exe
D:\Program Files\BOINC\Core\boinc.exe
C:\windows\explorer.exe
D:\Program Files\WAMP\wampmanager.exe
D:\Program Files\Pidgin\pidgin.exe
D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
D:\Program Files\WAMP\bin\mysql\mysql5.1.36\bin\mysqld.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\windows\system32\ctfmon.exe
D:\Hry\Ragnarok Online\Patcher.exe
D:\Hry\Ragnarok Online\Patcher.exe
D:\Temp\RCX_OpenAlpha_44\RCX.exe
D:\Temp\RCX_OpenAlpha_44\RCXDraw.exe
D:\Temp\Autopot\RoMedic2.exe
D:\Program Files\JetAudio\jetAudio.exe
D:\Program Files\BOINC\Data\projects\wuprop.boinc-af.org\data_collect_2.39_windows_intelx86__nci.exe
D:\Program Files\BOINC\Data\projects\www.malariacontrol.net\openMalariaB_6.49_windows_intelx86
D:\Program Files\BOINC\Data\projects\www.malariacontrol.net\openMalariaB_6.49_windows_intelx86
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\HiJackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\Core\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\Core\boinctray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis True Image 2010\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [JavaPlatformMan] C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\jusched.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware player\vsocklib.dll
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - http://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\Software\..\Telephony: DomainName = kliber.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38E8514-5955-4DB2-A1CB-879DBBAE15E0}: NameServer = 212.71.150.2,212.71.146.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kliber.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kliber.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - D:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware Player\vmware-ufad.exe
O23 - Service: Ventrilo - Unknown owner - D:\Program Files\Ventrilo Server\ventrilo_svc.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - D:\Program Files\WAMP\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\Program Files\WAMP\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 11650 bytes

[Žbeky]

V HJT fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Dej spustit -> napiš services.msc -> vyhledej a ukonči/zakaž tuto službu:
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing)

Pokud nebudou problémy, tak je to z mé strany vše.

[Nekac1]

Fixnuto a zakázáno, dávám zelenou fajfku a děkuji za pomoc.