Prosim o kontrolu logu - Dekuji

[venim]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:32, on 10.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DISC-C-BACKUP\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Epson Stylus SX510W(Síť)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LoopBe1 Monitor.lnk = C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B95883D8-2C63-4F59-9EF7-7B47E472C81F}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 9995 bytes

[Reklama]

[jaro3]

Odinstaluj:
ICQToolBar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[venim]

Dekuji mnohokrat

ATF cleaner jsem zatim nestahoval , protoze pouzivam Chrome. Mam si ho i presto stahnout ?





Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7429

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.8.2011 23:17:15
mbam-log-2011-08-10 (23-17-10).txt

Scan type: Quick scan
Objects scanned: 173016
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Value: kr_done1 -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Sandra\local settings\Temp\CSM5C1.tmp (Adware.RelevantKnowledge) -> No action taken.
c:\WINDOWS\system32\kr_done1 (Malware.Trace) -> No action taken.

[bledulka]

Nemusíš.
V mbamu vše smaž.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[venim]

ComboFix 11-08-10.03 - Sandra 11.08.2011 10:38:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.2046.1396 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sandra\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sandra\Application Data\Microsoft\~DFKa14a9c7.tmp
c:\documents and settings\Sandra\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Sandra\Application Data\Microsoft\bass.dll
c:\documents and settings\Sandra\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Sandra\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Sandra\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Sandra\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Sandra\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Sandra\Recent\architectural.materials.woods & plastics.mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (2).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (3).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (4).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (5).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (6).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (7).mat
c:\documents and settings\Sandra\Recent\RayTraced_02 (8).mat
c:\documents and settings\Sandra\Recent\RayTraced_02.mat
c:\windows\iun6002.exe
c:\windows\system32\asd
c:\windows\system32\asd\mylng.cfg
c:\windows\system32\asd\newsdsave.dll
c:\windows\system32\asd\rule.cfg
c:\windows\system32\asd\YFSysKeys.ocx
D:\Autorun.inf
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-11 do 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-10 21:08 . 2011-08-10 21:08 -------- d-----w- c:\documents and settings\Sandra\Application Data\Malwarebytes
2011-08-10 21:08 . 2011-08-10 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-10 21:08 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-10 21:08 . 2011-08-10 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 21:08 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 18:27 . 2011-08-07 18:27 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\SKIDROW
2011-08-07 15:03 . 2011-08-07 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-08-07 14:58 . 2011-08-07 14:58 -------- d-----w- c:\program files\AMD APP
2011-07-30 12:58 . 2011-07-30 12:58 -------- d-----w- c:\documents and settings\Sandra\Application Data\Atari
2011-07-30 12:55 . 2011-07-30 12:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-30 11:02 . 2011-07-30 11:02 -------- d-----w- c:\documents and settings\Sandra\Application Data\Leadertech
2011-07-30 11:02 . 2011-07-30 11:02 -------- d-----w- c:\program files\Common Files\PocketSoft
2011-07-30 11:02 . 2002-02-27 16:50 197120 ----a-w- c:\windows\patchw32.dll
2011-07-30 11:00 . 2011-07-30 11:00 -------- d-----w- c:\program files\Atari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 04:12 . 2006-08-16 19:10 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2006-08-16 19:10 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2010-02-28 09:12 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2010-02-28 09:12 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2010-02-28 09:12 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2010-02-28 09:12 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2010-02-28 09:12 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2006-08-16 19:10 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2006-08-16 19:10 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:15 . 2011-03-16 20:24 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-08 03:05 . 2006-08-16 19:10 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2006-08-16 19:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2006-08-16 19:10 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2006-08-16 19:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2006-08-16 19:10 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2006-08-16 19:10 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2006-08-16 19:10 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2006-08-16 19:10 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 03:00 . 2010-10-27 01:26 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 02:56 . 2010-02-28 09:12 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2010-02-28 09:12 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2010-02-28 09:12 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2006-08-16 19:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2006-08-16 19:10 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2010-02-28 09:12 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2010-02-28 09:12 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2010-02-28 09:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-05 11:44 . 2010-03-29 15:07 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-05 11:44 . 2010-03-29 15:07 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2008-03-09 06:25 . 2010-12-03 13:22 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-11-25 2069344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"EEventManager"="c:\progra~1\Epson Software\Event Manager\EEventManager.exe" [2009-04-07 673616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-04 136704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-25 110592]
LoopBe1 Monitor.lnk - c:\program files\nerds.de\LoopBe1\loopBeMon.exe [2008-1-27 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 07:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=RDDV1045.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\Graphisoft\\Archicad\\ArchiCAD.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\DISC-C-BACKUP\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Qtracker\\qtracker.exe"=
"d:\\DISC-C-BACKUP\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.3.2010 11:41 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.2.2010 15:41 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.2.2010 15:41 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.7.2010 9:37 308136]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.6.2010 7:44 247608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.8.2011 23:08 366640]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [17.12.2010 18:17 685816]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [28.11.2010 19:27 39552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.8.2011 23:08 22712]
R3 RDID1045;Roland FANTOM-X;c:\windows\system32\drivers\RDWM1045.SYS [8.11.2010 13:53 59642]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10.8.2011 23:08 41272]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [17.12.2010 18:17 27136]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3975097663-2364256845-171888503-1007Core.job
- c:\documents and settings\Sandra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-14 09:18]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3975097663-2364256845-171888503-1007UA.job
- c:\documents and settings\Sandra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-14 09:18]
.
2011-08-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2010-12-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{B95883D8-2C63-4F59-9EF7-7B47E472C81F}: NameServer = 213.46.172.36,213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-ats - c:\windows\system32\asd\loadqm.exe
AddRemove-Advanced RAR Repair v1.2 - c:\progra~1\ARAR\UNWISE.EXE
AddRemove-ASIO4ALL - c:\program files\ASIO4ALL v2\uninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-FLVPlayer4Free Free FLV Player_is1 - c:\program files\FLVPlayer4Free\unins000.exe
AddRemove-Free Sound Recorder_is1 - c:\program files\Free Sound Recorder\unins000.exe
AddRemove-HaaliMkx - c:\program files\Matroska Pack\haali\uninstall.exe
AddRemove-LineIn plugin for WinAMP - c:\program files\Winamp\Plugins\uninstlinein.exe
AddRemove-PocketCAD PRO 4.0 Demo - c:\progra~1\POCKET~1\UNWISE.EXE
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files\Midimass\Midi Keyboard v1
AddRemove-{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1 - c:\program files\Guitar Pro 6\unins000.exe
AddRemove-{3DE19DBA-6F79-4E14-AE0B-1833B26DD184}_is1 - c:\program files\DigiPen\Solace\unins000.exe
AddRemove-{656A8811-95E1-4BD2-B692-8202DDBA15D5}_is1 - c:\program files\CPU Thermometer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 10:43
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ats = c:\windows\system32\asd\loadqm.exe noshow???e?s?s?.?????????????????,?
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3975097663-2364256845-171888503-1007\Software\SecuROM\License information*]
"datasecu"=hex:c0,b5,86,40,d0,a7,00,00,81,a0,3a,f8,be,16,6f,4c,3a,28,30,be,24,
d2,10,9f,29,17,f6,51,88,f4,d3,61,c7,1a,11,99,57,e7,ca,26,6f,46,6a,8d,28,62,\
"rkeysecu"=hex:c4,4f,de,8f,8e,cc,13,26,67,a4,a0,85,75,37,ee,c5
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\RDDV1045.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\RDDV1045.DLL
.
Celkový čas: 2011-08-11 10:45:18
ComboFix-quarantined-files.txt 2011-08-11 08:45
.
Před spuštěním: 13 277 085 696 bytes free
Po spuštění: 17 420 922 880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0291636E62590FDA9EF11504F512184B

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3975097663-2364256845-171888503-1007Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3975097663-2364256845-171888503-1007UA.job

Driver::
TotRec8


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.