Ako rozbehnut HiJackThis??? Vyřešeno

[Gumimacko]

.
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-17 15:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2010-12-09 . 8D222D8EF9B1951296F822583A044542 . 2194944 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . B6C5D4CBB22EEF31FAFBB76C2C6F3D99 . 2194944 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . B6C5D4CBB22EEF31FAFBB76C2C6F3D99 . 2194944 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-12-09 . EB4B6B42932C180632A2C2C43F23B84C . 2150912 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 431278D0EF7518BA499720122F4ED86F . 2148352 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-28 . 91FE668957FF51A2DBCEE0D8637BA77E . 2192256 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 7782F11AE957B736585870CD2671227B . 2191488 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . EEEB64F601657A553B4CA000F877EC1F . 2138112 . . [5.1.2600.3654] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-12-09 . B214F89473F73C0733D9C402F36E2125 . 2188160 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[-] 2009-12-09 . 3B0DC252A20C8A938ED21073EE736AEA . 2191360 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[-] 2009-12-09 . 07A58A2A4460A4B7A58E0920F4CFA729 . 2147328 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 3742270B8C90A97A0BDD25DED1201AA9 . 2147328 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 90DFE2B714EDEF95891C979720E23B4F . 2188160 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . 92DC801F65557AA134F2B76CE81811B7 . 2138112 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165_0$\ntoskrnl.exe
[-] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . 6499BF91CF62B4319D6ED7E99D0B6998 . 2147328 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 27C7A7AED8A477F6A0C7D3AD00AB9419 . 2147328 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-17 . 84FEF6BE553ACC66729F5D4113F53310 . 2150400 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-17 . 2CEEBB402187AE56B585701F3D191FB3 . 176128 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-17 . 0645CCDDDD27F96EEA3534C1DEF736D9 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 160A1500DDBE42F8793E3AD341E4BEC4 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 160A1500DDBE42F8793E3AD341E4BEC4 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-17 . B356DD67178B22A8C2FBD47316CCB43B . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . B26098F3DC08D841DE3D79C38ACCB807 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . B26098F3DC08D841DE3D79C38ACCB807 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-17 . 630A1012AF129918D2E2D70727D69351 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^Kalendar.lnk]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\Kalendar.lnk
backup=c:\windows\pss\Kalendar.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 15:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 11:29 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:53 135664 ----atw- c:\documents and settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 07:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-05-04 22:02 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 13:32 1312256 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-31 19:15 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:UDP"= 28960:UDP:MW2
"28600:UDP"= 28600:UDP:28600
.
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfsdkS.exe [2009-08-24 406016]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-07 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-04-07 33824]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
0
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-117609710-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-117609710-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: ????3??
IE: ????3??????
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ????3?? - c:\documents and settings\Uzivatel\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Uzivatel\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\qjbdpp14.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{278532D2-2C05-7A46-1E76-44D317F33B74} - (no file)
Notify-AtiExtEvent - (no file)
MSConfigStartUp-8DDYX0ZBPZ - c:\docume~1\Uzivatel\LOCALS~1\Temp\Nbr.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-CY08W456F0 - c:\docume~1\Uzivatel\LOCALS~1\Temp\Nbr.exe
MSConfigStartUp-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-XMZH42I4GI - c:\windows\Ncivea.exe
AddRemove-Mafia II Update 1_is1 - d:\program files\Mafia2\unins000.exe
AddRemove-Aliens vs Predator - c:\program files\Aliens vs. Predator\uninstal AvP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 09:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Uzivatel\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Uzivatel\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7E88F72-1CAC-98BC-08C3-B618FB8206B8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"faokpdkbmejm"=hex:66,61,6e,63,6d,66,61,65,6f,62,6a,62,00,00
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:1f,84,9b,2b,43,f8,a4,7e,7e,be,96,4f,f4,0d,9a,b0,e7,27,22,58,93,23,fc,
3d,81,83,0a,4e,fc,fc,36,c1,13,85,49,72,50,a1,5d,7e,fd,58,4a,b2,c7,e1,d1,ef,\
"??"=hex:56,a2,89,60,65,30,f1,37,f9,66,b3,fd,bd,17,ed,af
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9f,4e,dc,af,6a,14,4f,e6,29,9c,12,c8,9a,9c,26,84,b4,22,6c,7e,b4,
d6,e9,11,a1,01,cf,dd,30,86,fc,48,33,9f,0c,db,32,41,80,ce,bf,ba,59,a8,10,92,\
"rkeysecu"=hex:79,f2,97,ac,d6,cc,81,cc,18,56,28,42,b4,ca,34,26
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{621EB5F7-B871-47C0-AB53-E1376E71D858}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="000452B04D70C49D"
"ScannerBuild"=dword:00002280
"ScannerVersionId"=dword:00001724
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(440)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-08-05 09:38:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-05 07:38
.
Před spuštěním: Volných bajtů: 14 453 596 160
Po spuštění: Volných bajtů: 14 381 875 200
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6AD032998EDD063B378DA41B4F99D28C

[Reklama]

[jaro3]

Jaký máš operační system?

Odinstaluj:
Spybot - Search & Destroy
ConduitEngine
Ask.com, AskToolbar

Doporučuji i:
Babylon


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
c:\documents and settings\Uzivatel\Local Settings\Data aplikací\AskToolbar
c:\program files\Ask.com
c:\program files\ConduitEngine

Driver::
 0

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

NetSvcs::
 0

DDS::
IE: ????3??
IE: ????3??????

RegLock::
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7E88F72-1CAC-98BC-08C3-B618FB8206B8}*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\dllcache\mup.sys
c:\windows\system32\nxEuUninstall.bat
c:\windows\system32\ntoskrnl.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Gumimacko]

Microsoft Windows xp
Professional
Verze 2002
Servece Pack 3
Ked oznacim cely ten text a pravim kliknem kopirovat a chcem ho prilepit do toho text. dokumentu nedasato.Nemozem ani presuvat ani kopirovat subory a texty.Mne sa da kopirovat len z textoveho dokumentu a vlozit kde chcem.Nejde to ani za pomocou klaves Ctrl+c,Ctrl+v.
Ten textovy dokument mi daj stiahnut aj s tym textom inac to budem musiet napisat.

[jaro3]

Měl si dát "Kopírovat" až pak do txt. soubory "Vložit"

[Gumimacko]

Nemozem nič kopirovat tak ti hodim screen.A čo sa týka toho textoveho suboru ,ked nan raz kliknem a mam ho presunut na combofix a mali by splinut lenže ten subor sa neda presunut ani ziadny iní subor v mojom pc ,čo je na ploche alebo v hociktorej zlozke.Možem tak maximalne nan kliknut pravym tlacitkom myši a lavym tlacitkom myši a spustit ho.

[jaro3]

Vyzkoušej jinou myš..

[tux]

Nešlo by na ten textovej dokument kliknout pravým tl. myši, vybrat možnost Otevřít v programu.. a vybrat HiJackThis?

[jaro3]

To je texťák do Combofixu , no mohl by to zkusit , vypadá to na blbou myš

[tux]

Teda ComboFix no.. kdo se v těch programech má vyznat

[Gumimacko]

Vyzkoušej jinou myš..

V myši problem nebude.

[tux]

Zkus to co jsem psal já.

[Gumimacko]

Text.dokument z Combofix.
ComboFix 11-08-05.03 - Uzivatel . 08. 2011 9:54.2.2 - x86
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-06 do 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-05 18:50 . 2011-08-05 18:50 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\ESET
2011-08-05 15:06 . 2002-11-05 13:16 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-08-04 16:42 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 16:42 . 2011-08-04 16:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-04 16:42 . 2011-08-04 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 16:42 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 13:32 . 2011-08-03 13:32 -------- d-----w- c:\program files\Lavalys
2011-08-02 18:24 . 2011-08-05 10:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-25 13:43 . 2011-08-04 16:35 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2011-07-25 13:39 . 2011-08-04 16:39 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Free Download Manager
2011-07-25 13:39 . 2011-07-25 13:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2011-07-25 13:39 . 2011-07-25 13:39 -------- d-----w- c:\program files\Free Download Manager
2011-07-25 12:45 . 2011-03-28 17:46 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-07-22 08:35 . 2011-07-22 08:35 -------- d-----w- c:\program files\Activision
2011-07-19 19:34 . 2011-07-25 12:16 -------- d-----w- c:\documents and settings\Uzivatel\Local Settings\Data aplikací\AskToolbar
2011-07-18 14:16 . 2011-07-18 14:16 -------- d-----w- c:\documents and settings\UpdatusUser
2011-07-18 14:16 . 2011-07-18 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-07-18 14:15 . 2011-01-08 03:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-07-18 14:15 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-07-18 14:15 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-07-18 14:15 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-07-18 14:15 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-07-18 14:15 . 2011-01-08 03:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-07-18 14:15 . 2011-01-08 03:27 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-07-18 14:15 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-18 14:15 . 2011-01-08 03:27 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-18 14:15 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-07-18 14:14 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-07-18 14:14 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-07-17 17:02 . 2011-07-17 17:02 -------- d-----w- c:\program files\ACD Systems
2011-07-17 09:00 . 2011-07-17 09:15 -------- d-----w- c:\program files\PFConfig
2011-07-16 17:14 . 2008-04-14 03:21 10752 ----a-w- c:\windows\system32\smtpapi.dll
2011-07-16 17:14 . 2008-04-14 03:21 9728 ----a-w- c:\windows\system32\rwnh.dll
2011-07-16 13:35 . 2011-07-16 13:35 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\DonationCoder
2011-07-16 13:35 . 2011-07-16 13:36 -------- d-----w- c:\program files\ScreenshotCaptor
2011-07-14 12:09 . 2011-07-30 09:42 -------- d-----w- c:\program files\uTorrent
2011-07-14 12:08 . 2011-08-05 15:14 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\uTorrent
2011-07-14 12:08 . 2011-07-14 12:08 -------- d-----w- c:\documents and settings\Uzivatel\Local Settings\Data aplikací\uTorrent
2011-07-14 11:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-11 08:46 . 2011-07-11 08:50 -------- d-----w- c:\program files\ElastoMania111
2011-07-11 08:21 . 2011-07-11 08:21 0 ----a-r- C:\logwmemory.bin
2011-07-08 14:03 . 2011-07-08 14:03 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Command and Conquer 3 Tiberium Wars
2011-07-07 09:00 . 2011-07-07 09:00 -------- d-----w- c:\windows\system32\xlive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 18:26 . 2010-08-30 12:34 5152 -c--a-w- c:\windows\system32\ealregsnapshot1.reg
2011-06-21 14:33 . 2010-09-28 15:59 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-21 14:33 . 2010-09-28 15:59 22328 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\PnkBstrK.sys
2011-06-21 14:33 . 2010-09-28 15:59 22328 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\PnkBstrK.sys
2011-06-21 14:33 . 2010-09-28 15:59 22328 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\PnkBstrK.sys
2011-06-21 14:33 . 2010-09-28 15:59 22328 ----a-w- c:\documents and settings\Uzivatel\Data aplikací\PnkBstrK.sys
2011-06-21 14:32 . 2010-09-28 15:59 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-21 14:32 . 2010-09-28 15:58 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-21 14:32 . 2010-09-28 15:58 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-06-13 19:07 . 2011-06-02 17:48 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-05-31 19:15 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-31 19:15 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-25 07:26 . 2011-01-07 18:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2011-01-07 18:56 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-10-08 00:28 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-10-08 00:28 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-10-08 00:28 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-10-08 00:28 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-10-08 00:28 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-10-08 00:28 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-10-08 00:28 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-10-08 00:28 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-10-08 00:28 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-10-08 00:28 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-10-08 00:28 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-10-08 00:28 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-10-08 00:28 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-10-08 00:28 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-10-08 00:28 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-10-08 00:28 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-10-08 00:28 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-10-08 00:28 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-10-08 00:28 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-10-08 00:28 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-10-08 00:28 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-10-08 00:28 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-10-08 00:28 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-10-08 00:28 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-10-08 00:28 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-10-08 00:28 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-10-08 00:28 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-10-08 00:28 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2011-01-07 18:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2011-01-07 18:56 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2011-01-07 18:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-01-07 18:56 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2000-06-07 11:58 . 2010-01-28 16:19 207360 ----a-w- c:\program files\KALENDAR.EXE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^Kalendar.lnk]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\Kalendar.lnk
backup=c:\windows\pss\Kalendar.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 15:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:53 135664 ----atw- c:\documents and settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 07:26 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 07:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-05-04 22:02 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 13:32 1312256 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-31 19:15 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"d:\\Program Files\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:UDP"= 28960:UDP:MW2
"28600:UDP"= 28600:UDP:28600
.
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfsdkS.exe [2009-08-24 406016]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-08-07 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-04-07 33824]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
0
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-117609710-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-117609710-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: ????3??
IE: ????3??????
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ????3?? - c:\documents and settings\Uzivatel\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Uzivatel\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\qjbdpp14.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{278532D2-2C05-7A46-1E76-44D317F33B74} - (no file)
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero 7\\nero\uninstall\UNNERO.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Uzivatel\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Uzivatel\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7E88F72-1CAC-98BC-08C3-B618FB8206B8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"faokpdkbmejm"=hex:66,61,6e,63,6d,66,61,65,6f,62,6a,62,00,00
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:1f,84,9b,2b,43,f8,a4,7e,7e,be,96,4f,f4,0d,9a,b0,e7,27,22,58,93,23,fc,
3d,81,83,0a,4e,fc,fc,36,c1,13,85,49,72,50,a1,5d,7e,fd,58,4a,b2,c7,e1,d1,ef,\
"??"=hex:56,a2,89,60,65,30,f1,37,f9,66,b3,fd,bd,17,ed,af
.
[HKEY_USERS\S-1-5-21-725345543-117609710-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:9f,4e,dc,af,6a,14,4f,e6,29,9c,12,c8,9a,9c,26,84,b4,22,6c,7e,b4,
d6,e9,11,a1,01,cf,dd,30,86,fc,48,33,9f,0c,db,32,41,80,ce,bf,ba,59,a8,10,92,\
"rkeysecu"=hex:79,f2,97,ac,d6,cc,81,cc,18,56,28,42,b4,ca,34,26
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{621EB5F7-B871-47C0-AB53-E1376E71D858}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="000452B04D70C49D"
"ScannerBuild"=dword:00002280
"ScannerVersionId"=dword:00001724
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-08-06 10:06:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-06 08:06
ComboFix2.txt 2011-08-05 07:38
.
Před spuštěním: Volných bajtů: 14 206 930 944
Po spuštění: Volných bajtů: 14 294 716 416
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EF6AF700970CF1F150A12BC146915F27