nejde internet

[Janekas]

podivné.
Combofix skončil s hláškou že soubor NIRCMD nemůže nalézt a že ho mám zkusit nálézt start/hledat

[Caroprd111]

Stáhněte ComboFix znovu.

[Janekas]

Tak omlouvám se za demenci, tady to je.
ComboFix 10-04-07.04 - Petr Hodač 08.04.2010 16:18:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2047.1540 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr Hodač\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr Hodač\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-07 14:50 . 2010-04-07 14:50 -------- d-----w- C:\_OTL
2010-04-07 14:46 . 2010-04-07 14:47 -------- d-----w- C:\UsbFix
2010-04-07 12:36 . 2010-04-07 12:36 -------- d-----w- c:\program files\trend micro
2010-04-07 12:36 . 2010-04-07 12:36 -------- d-----w- C:\rsit
2010-04-02 17:36 . 2008-12-03 17:52 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 17:35 . 2008-12-03 17:52 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 17:35 . 2010-04-02 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 17:16 . 2009-05-18 09:00 614400 ----a-w- c:\windows\system32\msvcr80.dll
2010-04-02 15:32 . 2010-02-22 15:57 358944 ----a-w- c:\windows\vncutil.exe
2010-04-02 15:32 . 2010-02-22 15:56 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-04-02 15:32 . 2010-02-22 15:56 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-04-02 15:32 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-04-02 15:32 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-04-02 15:27 . 2009-12-14 10:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-02 15:24 . 2010-01-12 11:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-04-02 15:24 . 2010-01-12 11:35 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-04-02 15:24 . 2010-04-02 17:16 -------- d-----w- C:\inst
2010-04-02 14:44 . 2010-04-02 14:44 -------- d-----w- c:\program files\Lavalys
2010-03-11 21:35 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 14:02 . 2009-08-11 11:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-02 17:24 . 2008-05-11 06:52 -------- d-----w- c:\program files\Steam
2010-04-02 17:18 . 2008-10-31 17:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-02 15:33 . 2006-03-02 12:00 77984 ----a-w- c:\windows\system32\perfc005.dat
2010-04-02 15:33 . 2006-03-02 12:00 429078 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 15:32 . 2007-11-13 21:48 -------- d-----w- c:\program files\Realtek
2010-03-20 10:34 . 2010-02-28 16:38 0 ----a-w- c:\windows\system32\drivers\eydnhmbo.sys
2010-03-20 09:19 . 2008-04-20 07:22 817 --sha-w- c:\windows\system32\mmf.sys
2010-03-16 14:19 . 2008-10-05 15:14 3028 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-03-12 11:05 . 2009-10-14 15:59 -------- d-----w- c:\program files\World of Warcraft
2010-03-12 10:02 . 2008-03-05 07:57 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-03-06 12:30 . 2009-07-03 06:43 -------- d-----w- c:\program files\Metin2_CZ
2010-03-01 14:27 . 2007-11-13 21:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 14:08 . 2008-10-05 15:14 -------- d-----w- c:\program files\Electronic Arts
2010-03-01 13:37 . 2008-01-01 12:14 -------- d-----w- c:\program files\EA Sports
2010-02-22 15:57 . 2007-11-13 21:47 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-22 15:57 . 2007-11-13 21:47 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-22 15:57 . 2007-11-13 21:47 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-22 15:56 . 2007-11-13 21:47 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-22 15:56 . 2007-11-13 21:47 18791456 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-22 15:56 . 2007-11-13 21:47 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-22 15:56 . 2007-11-13 21:47 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-02-22 15:56 . 2007-11-13 21:47 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-22 15:28 . 2007-11-13 21:47 5862432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-19 13:29 . 2010-02-19 13:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-12 17:02 . 2007-11-13 21:48 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-12 10:03 . 2010-03-05 22:54 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-22 16:26 . 2010-01-22 16:26 7865288 ----a-w- C:\paradisepoker_com_cs_cs.exe
2010-01-21 20:11 . 2007-11-13 21:45 202064 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 1265296]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Petr Hodač^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\Petr Hodač\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Petr Hodač^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Petr Hodač\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-05-12 14:43 2181672 ----a-w- c:\program files\EXPERTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2007-01-17 16:01 496640 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusPortal]
2005-10-27 21:04 1533440 ----a-w- c:\program files\Nexus Fire Walker\FireWalker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-20 10:34 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 13:11 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WRPCAgent]
2009-02-12 11:40 56320 ----a-w- c:\program files\WinSoftMagic\WinRemotePC\WRPCAgent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Nexus Fire Walker\\FireWalker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.4.2010 17:32 1691480]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [13.11.2007 23:55 28160]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [13.11.2007 23:55 49664]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{98C7E519-299A-47F2-A33D-4DDEE70115C5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.81&WorkFunction=LMonitor
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Petr Hodač\Data aplikací\Mozilla\Firefox\Profiles\1x90x3iu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 16:21
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-57989841-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4d,e3,82,33,e9,6f,88,69,88,6d,df,39,7b,2f,d8,77,2d,f1,88,14,81,ce,88,
dc,9f,af,35,d0,d5,f9,b1,08,c7,3f,b8,5d,ad,71,d4,18,82,af,c3,4c,7d,63,96,a6,\
"??"=hex:10,d0,5c,81,28,a2,d3,8f,e3,01,46,c7,c9,e5,1b,04

[HKEY_USERS\S-1-5-21-57989841-1957994488-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:aa,7e,ba,fe,0a,aa,dc,2a,f6,85,6e,23,69,25,fb,3c,b6,4c,56,0a,96,
be,d3,08,b4,d0,9f,e7,e2,78,fb,12,74,46,92,f6,19,5b,fc,6b,6f,ff,e8,54,53,65,\
"rkeysecu"=hex:6d,d0,c4,03,a6,8f,8d,d7,da,1c,a7,81,34,48,b4,eb

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:65,8a,97,58,95,91,fa,cb,ba,75,58,6e,b2,b4,16,21,58,71,ba,4c,7f,ff,ea,
e6,c0,a3,39,bc,5f,3b,63,55,3a,64,39,85,dd,87,a7,4e,a6,79,a6,a9,dc,78,72,2d,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:44,73,6a,85,de,67,6e,c0
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2004)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-04-08 16:23:22
ComboFix-quarantined-files.txt 2010-04-08 14:23
ComboFix2.txt 2010-04-08 07:04

Před spuštěním: Volných bajtů: 108 099 944 448
Po spuštění: Volných bajtů: 108 067 352 576

- - End Of File - - F24DB4CAB14A7C7904E1DD0BD6EABDC6

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[Janekas]

Sakra, musím jít jěště akutně pracovat a scan pořád běží. Zatím tedy děkuji, log sem vložím až zítra. díky

[Caroprd111]

OK

[Janekas]

tak už jsem zpět z výletu do Ostravy:(
tady je log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9.4.2010 11:51:53
mbam-log-2010-04-09 (11-51-53).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 221666
Uplynulý čas: 26 minuta(y), 49 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Petr Hodač\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[Caroprd111]

Vše, co našel MBAM smažte a napište stav PC.

[Janekas]

interner pořád jen přes ip adresy, jinak na to dlabe

[Caroprd111]

Zkuste http://www.viry.cz/go.php?p=spyware&t=aplikace&id=22

[Janekas]

to jsem již zkoušel samotným příkazem, jěště předtím než jsem stím začal otravovat tady. A právě že to nepomohlo jsem se obrátil jsem, že to bude jěště zavirované, což taky bylo. asi to bude na opravu win.

[Caroprd111]

Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[Janekas]

Trvalo to opravdu dlouho.
tady je ten log:
Autoscan: completed 2 days ago (events: 11, objects: 267959, time: 01:04:35)
9.4.2010 16:18:46 Task started
9.4.2010 16:27:23 Detected: Hoax.Win32.BadJoke.Prdelky C:\Documents and Settings\Petr Hodač\Dokumenty\ICQ\460516534\ReceivedFiles\255055477 A.H\Prográmky\hustý.exe
9.4.2010 16:28:11 Deleted: Hoax.Win32.BadJoke.Prdelky C:\Documents and Settings\Petr Hodač\Dokumenty\ICQ\460516534\ReceivedFiles\255055477 A.H\Prográmky\hustý.exe
9.4.2010 16:29:59 Detected: Trojan-Clicker.Win32.VBiframe.alh C:\Documents and Settings\Petr Hodač\Dokumenty\ICQ\460516534\ReceivedFiles\255055477 A.H\Prográmky\tip_dne.exe/PE_Patch/Molebox
9.4.2010 16:30:07 Deleted: Trojan-Clicker.Win32.VBiframe.alh C:\Documents and Settings\Petr Hodač\Dokumenty\ICQ\460516534\ReceivedFiles\255055477 A.H\Prográmky\tip_dne.exe
9.4.2010 16:35:03 Detected: Virus.Win32.Induc.a C:\Documents and Settings\Petr Hodač\Plocha\vse\hry\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe/Data\Aconfig.exe/PE_Patch/data0007.res/ASProtect
9.4.2010 16:40:38 Deleted: Virus.Win32.Induc.a C:\Documents and Settings\Petr Hodač\Plocha\vse\hry\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe
9.4.2010 17:06:54 Detected: Virus.Win32.Induc.a C:\System Volume Information\_restore{AB06C3B0-1140-4DF1-ACB6-4C4566EA14B6}\RP3\A0000279.dll/ASProtect
9.4.2010 17:06:57 Untreated: Virus.Win32.Induc.a C:\System Volume Information\_restore{AB06C3B0-1140-4DF1-ACB6-4C4566EA14B6}\RP3\A0000279.dll/ASProtect Cannot be disinfected
9.4.2010 17:07:06 Deleted: Virus.Win32.Induc.a C:\System Volume Information\_restore{AB06C3B0-1140-4DF1-ACB6-4C4566EA14B6}\RP3\A0000279.dll
9.4.2010 17:23:21 Task completed

[Caroprd111]

Jak to vypadá s PC

[Janekas]

Zdravím,
pořád si nedá říct. Internet stále jen podle IP adres. Je to všivák.