Moc prosím a Předem moc děkuji, Taky FB vir

[nick.182]

Moc vás prosím o pomoc.. Přikládám Log __NICK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:31:12, on 26.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.tray-12-0\svchost.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\WINDOWS\update.3\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9

\Toolbar\IEToolbar.dll (file missing)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - *{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program

Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9

\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet

Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program

Files\BitTorrentBar\prxtbBit2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program

Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9

\Toolbar\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [4005872.exe] "C:\WINDOWS\TEMP\4005872.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [9844752.exe] "C:\DOCUME~1\KUBÍKA~1\LOCALS~1\Temp\9844752.exe"
O4 - HKLM\..\Run: [2838854.exe] "C:\DOCUME~1\KUBÍKA~1\LOCALS~1\Temp\2838854.exe"
O4 - HKLM\..\Run: [5368878.exe] "C:\WINDOWS\TEMP\5368878.exe"
O4 - HKLM\..\Run: [2251269.exe] "C:\WINDOWS\TEMP\2251269.exe"
O4 - HKLM\..\Run: [w_distrib.exe] "C:\WINDOWS\update.3\svchost.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [37101217-loader2.exe] "C:\WINDOWS\TEMP\37101217-loader2.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [sbamui] "C:\Program Files\Sunbelt Software\VIPRE\sbamui.exe" /launch
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent] "D:\how i met your mother\BitTorrent.exe"
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic

V\registration\RegistrationReminder.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file

missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-

media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file

missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files\AVG\AVG9\avgemc.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6

\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt

Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt

Software\VIPRE\SBPIMSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtc1 - Unknown owner - C:\WINDOWS\update.4.1\svchost.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 15199 bytes

[vyosek]

Zdravim a pekny pozdni vecer preji

No je fakt, ze se tu opravdu nenudime a travime tu cas do pozdnich ci spise brzkych rannich hodin abychom co nejvice pomohli. Tak se na to podivame

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

[nick.182]

Tak Zkouším a posílám co mi vyjelo

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 0:43:21.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Kubík a RáC:\Program Files\Google\Update\GoogleUpdate.exe


Rkill completed on 26.07.2011 at 0:44:38.



exeHelper by Raktor
Build 20100414
Run at 00:46:29 on 07/26/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4005872.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9844752.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5368878.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37101217-loader2.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Kubík a Ráďa [Admin rights]
Mode: Remove -- Date : 07/26/2011 00:50:22

Bad processes: 2
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED

Registry Entries: 11
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2838854.exe ("C:\DOCUME~1\KUBÍKA~1\LOCALS~1\Temp\2838854.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2251269.exe ("C:\WINDOWS\TEMP\2251269.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Kubík a Ráďa [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 00:51:23

Bad processes: 0

HOSTS File:


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Kubík a Ráďa [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 00:51:39

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Tak nevím. Vůbec se v tom nevyznám, ale moc děkuji za pomoc a trpělivost

[vyosek]

Super, vse je spravne...pujdem dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[nick.182]

Jen vybízí mě to k vypnutí avastu a avg ale nevím jak je vypnout na liště je nemám a havět mi je blokla. Nevadí když budu pokračovat v Combo fix????

[vyosek]

Prozente PC timhle http://download.avg.com/filedir/util/su ... 1_1184.exe a jeste pak timto http://files.avast.com/files/eng/aswclear.exe

Pak by melo CF frcet bez problemu

[nick.182]

tak doufam ze uz toho moc nebude


ComboFix 11-07-25.03 - Kubík a Ráďa 26.07.2011 1:51.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.445.205 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kubík a Ráďa\Plocha\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kubík a Ráďa\Recent\Thumbs.db
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0B87C765.urr
c:\program files\FunWebProducts\Shared\07C6AB82.dat
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\IsUn0405.exe
c:\windows\services32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.3
c:\windows\update.3\svchost.exe
c:\windows\update.4.1
c:\windows\update.4.1\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtc1
-------\Legacy_srvbtcclient
-------\Legacy_srvbtc1
-------\Legacy_srvbtcclient
-------\Service_srvbtc1
-------\Service_srvbtcclient
-------\Service_srvbtc1
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\Kubík a Ráďa\Data aplikací\Sunbelt
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sunbelt
2011-07-25 22:29 . 2011-07-25 22:29 388096 ----a-r- c:\documents and settings\Kubík a Ráďa\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-25 22:29 . 2011-07-25 22:29 -------- d-----w- c:\program files\Trend Micro
2011-07-25 21:50 . 2010-02-21 18:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-07-25 21:50 . 2010-02-21 18:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-07-25 21:49 . 2010-01-14 02:59 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-07-25 21:49 . 2010-02-21 18:30 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-07-25 21:48 . 2011-07-25 21:48 -------- d-----w- c:\program files\Sunbelt Software
2011-07-25 21:29 . 2011-07-25 21:29 -------- d-----w- C:\FOUND.020
2011-07-25 20:57 . 2011-07-25 20:57 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 20:57 . 2011-07-25 20:57 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-25 20:43 . 2011-07-25 20:45 1507840 ----a-w- c:\windows\bitcoind.exe
2011-07-25 20:37 . 2011-07-25 20:37 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Bitcoin
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\ufa
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\phoenix
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\rpcminer
2011-07-25 20:16 . 2011-07-25 20:16 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-25 20:09 . 2011-07-25 20:23 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 19:54 . 2011-07-25 19:53 256000 ----a-w- c:\windows\sysdriver32.exe
2011-07-25 19:54 . 2011-07-25 19:54 -------- d-----w- c:\windows\av_ico
2011-07-25 19:50 . 2011-07-25 19:50 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 19:50 . 2011-07-25 19:50 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 19:38 . 2011-07-25 19:38 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-07 19:12 . 2011-07-07 19:12 -------- d-----w- C:\FOUND.019
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 18:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 20:55 . 2011-06-03 20:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-02 15:32 . 2004-08-18 18:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 18:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 18:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 19:19 . 2008-10-12 19:19 860391 ----a-w- c:\program files\7z457.exe
2008-09-23 05:38 . 2008-09-23 05:38 24990992 ----a-w- c:\program files\AdbeRdr812_cs_CZ.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28 1485112 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-21 1291600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\StrongDC.exe"=
"d:\\SweetImSetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQTRA08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQSTE08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.7.2011 23:49 322904]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [25.7.2011 23:50 204632]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.2.2009 21:32 247096]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [21.2.2010 21:40 2726000]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [25.7.2011 23:50 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [21.2.2010 21:39 181584]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15.12.2004 0:18 200576]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.7.2011 23:49 67800]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 9:52 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 9:52 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{B4FCBDE5-FCA6-45B0-9197-CA4A75EFF625}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms}
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-*{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-BitTorrent - d:\how i met your mother\BitTorrent.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.4\ICQ.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-w_distrib.exe - c:\windows\update.3\svchost.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-0C5EDC3653FED5B121F464339EAC12534D253B25 - c:\progra~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe
AddRemove-3GP Video Converter 3 - d:\misfits soundtrack season one\3GP Video Converter\3GP Video Converter 3\Uninstall.exe
AddRemove-Adobe InDesign 2.0 CE - c:\windows\ISUN0405.EXE
AddRemove-BitTorrent - d:\how i met your mother\BitTorrent.exe
AddRemove-F064B256B4A20996EA9E333B5E0F14B61AB3333D - c:\progra~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-Free 3GP Converter_is1 - d:\va - misfits (ost) (season 2 - episode 1-7) (2010)\Free 3GP Converter\unins000.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 02:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 02:25:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 00:25
.
Před spuštěním: 1 679 917 056
Po spuštění: 5 624 201 216
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 09EA5E4FC293394EB1686A0CFADA338D

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\windows\ufa
  c:\windows\rpcminer
  c:\windows\phoenix
  c:\windows\av_ico
  c:\windows\update.tray-12-0
  c:\windows\update.tray-12-0-lnk
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  c:\program files\SweetIM
  c:\program files\BitTorrentBar
  c:\program files\ICQ6Toolbar
  
  File::
  c:\windows\unrar.exe
  c:\windows\l1rezerv.exe
  c:\windows\unrar.exe
  c:\windows\sysdriver32.exe
  c:\program files\ConduitEngine\prxConduitEngine.dll
  
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  [-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
  [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  "SweetIM"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  
  
  Driver::
  ICQ Service
  gupdate
  gupdatem
  
  DDS::
  uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
  uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[nick.182]

ok tak jak dál???

ComboFix 11-07-25.03 - Kubík a Ráďa 26.07.2011 8:09.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.445.220 [GMT 2:00]
Spuštěný z: c:\documents and settings\KubÝk a Rß´a\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\KubÝk a Rß´a\Plocha\CFScript.txt
AV: AVG Anti-Virus *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 05:52 . 2011-07-26 05:52 -------- d-----w- C:\FOUND.021
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\Kubík a Ráďa\Data aplikací\Sunbelt
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sunbelt
2011-07-25 22:29 . 2011-07-25 22:29 388096 ----a-r- c:\documents and settings\Kubík a Ráďa\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-25 22:29 . 2011-07-25 22:29 -------- d-----w- c:\program files\Trend Micro
2011-07-25 21:50 . 2010-02-21 18:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-07-25 21:50 . 2010-02-21 18:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-07-25 21:49 . 2010-01-14 02:59 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-07-25 21:49 . 2010-02-21 18:30 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-07-25 21:48 . 2011-07-25 21:48 -------- d-----w- c:\program files\Sunbelt Software
2011-07-25 21:29 . 2011-07-25 21:29 -------- d-----w- C:\FOUND.020
2011-07-25 20:57 . 2011-07-25 20:57 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 20:57 . 2011-07-25 20:57 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-25 20:43 . 2011-07-25 20:45 1507840 ----a-w- c:\windows\bitcoind.exe
2011-07-25 20:37 . 2011-07-25 20:37 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Bitcoin
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\ufa
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\phoenix
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\windows\rpcminer
2011-07-25 20:16 . 2011-07-25 20:16 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-25 20:09 . 2011-07-25 20:23 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 19:54 . 2011-07-25 19:53 256000 ----a-w- c:\windows\sysdriver32.exe
2011-07-25 19:54 . 2011-07-25 19:54 -------- d-----w- c:\windows\av_ico
2011-07-25 19:50 . 2011-07-25 19:50 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 19:50 . 2011-07-25 19:50 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 19:38 . 2011-07-25 19:38 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-07 19:12 . 2011-07-07 19:12 -------- d-----w- C:\FOUND.019
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 18:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 20:55 . 2011-06-03 20:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-02 15:32 . 2004-08-18 18:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 18:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 18:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 19:19 . 2008-10-12 19:19 860391 ----a-w- c:\program files\7z457.exe
2008-09-23 05:38 . 2008-09-23 05:38 24990992 ----a-w- c:\program files\AdbeRdr812_cs_CZ.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_00.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-26 05:53 . 2011-07-26 05:53 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28 1485112 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-21 1291600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\StrongDC.exe"=
"d:\\SweetImSetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQTRA08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQSTE08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.7.2011 23:49 322904]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [25.7.2011 23:50 204632]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.2.2009 21:32 247096]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [21.2.2010 21:40 2726000]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [25.7.2011 23:50 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [21.2.2010 21:39 181584]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15.12.2004 0:18 200576]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.7.2011 23:49 67800]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 9:52 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 9:52 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{B4FCBDE5-FCA6-45B0-9197-CA4A75EFF625}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms}
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 08:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3424)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-26 08:28:31
ComboFix-quarantined-files.txt 2011-07-26 06:28
ComboFix2.txt 2011-07-26 00:25
.
Před spuštěním: 5 594 136 576
Po spuštění: 5 607 620 608
.
- - End Of File - - E0E03C1927255A8F02510F8A41B6B2C3

[vyosek]

Nejak se to neprovedlo - presunte ComboFix i skript rpimo na disk c:\ a akci opakujte

[nick.182]

Tak co teĎ??? akorát mi to neprojelo malvery kvůli prý nedostupnosti webovky

[vyosek]

Dejte mi sem log co CF melo vyplivnout

[nick.182]

ComboFix 11-07-25.03 - Kubík a Ráďa 26.07.2011 20:25:58.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.445.211 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: AVG Anti-Virus *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
FILE ::
"c:\program files\ConduitEngine\prxConduitEngine.dll"
"c:\windows\l1rezerv.exe"
"c:\windows\sysdriver32.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BitTorrentBar
c:\program files\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files\BitTorrentBar\BitTorrentBarToolbarHelper1.exe
c:\program files\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files\BitTorrentBar\INSTALL.LOG
c:\program files\BitTorrentBar\ldrtbBit2.dll
c:\program files\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files\BitTorrentBar\prxtbBit2.dll
c:\program files\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files\BitTorrentBar\tbBit0.dll
c:\program files\BitTorrentBar\tbBit1.dll
c:\program files\BitTorrentBar\tbBit2.dll
c:\program files\BitTorrentBar\tbBitT.dll
c:\program files\BitTorrentBar\toolbar.cfg
c:\program files\BitTorrentBar\ToolbarContextMenu.xml
c:\program files\BitTorrentBar\uninstall.exe
c:\program files\BitTorrentBar\UNWISE.EXE
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 05:52 . 2011-07-26 05:52 -------- d-----w- C:\FOUND.021
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\Kubík a Ráďa\Data aplikací\Sunbelt
2011-07-25 23:29 . 2011-07-25 23:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sunbelt
2011-07-25 22:29 . 2011-07-25 22:29 388096 ----a-r- c:\documents and settings\Kubík a Ráďa\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-25 22:29 . 2011-07-25 22:29 -------- d-----w- c:\program files\Trend Micro
2011-07-25 21:50 . 2010-02-21 18:30 85080 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-07-25 21:50 . 2010-02-21 18:30 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-07-25 21:49 . 2010-01-14 02:59 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-07-25 21:49 . 2010-02-21 18:30 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-07-25 21:48 . 2011-07-25 21:48 -------- d-----w- c:\program files\Sunbelt Software
2011-07-25 21:29 . 2011-07-25 21:29 -------- d-----w- C:\FOUND.020
2011-07-25 20:43 . 2011-07-25 20:45 1507840 ----a-w- c:\windows\bitcoind.exe
2011-07-25 20:37 . 2011-07-25 20:37 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Bitcoin
2011-07-25 20:16 . 2011-07-25 20:16 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-25 20:09 . 2011-07-25 20:23 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 19:54 . 2011-07-25 19:53 256000 ----a-w- c:\windows\sysdriver32.exe
2011-07-25 19:38 . 2011-07-25 19:38 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-07 19:12 . 2011-07-07 19:12 -------- d-----w- C:\FOUND.019
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 18:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 20:55 . 2011-06-03 20:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-02 15:32 . 2004-08-18 18:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 18:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 18:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 19:19 . 2008-10-12 19:19 860391 ----a-w- c:\program files\7z457.exe
2008-09-23 05:38 . 2008-09-23 05:38 24990992 ----a-w- c:\program files\AdbeRdr812_cs_CZ.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_00.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-26 18:45 . 2011-07-26 18:45 16384 c:\windows\temp\Perflib_Perfdata_210.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-21 1291600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
c:\documents and settings\ R Ôa\Dokumenty\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\StrongDC.exe"=
"d:\\SweetImSetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQTRA08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQSTE08.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.7.2011 23:49 322904]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [25.7.2011 23:50 204632]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [21.2.2010 21:40 2726000]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [25.7.2011 23:50 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [21.2.2010 21:39 181584]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15.12.2004 0:18 200576]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.7.2011 23:49 67800]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{B4FCBDE5-FCA6-45B0-9197-CA4A75EFF625}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 07:52]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms}
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BitTorrentBar Toolbar - c:\program files\BitTorrentBar\uninstall.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 20:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 20:52:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 18:52
ComboFix2.txt 2011-07-26 06:28

[vyosek]

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  c:\windows\l1rezerv.exe
  c:\windows\unrar.exe
  c:\windows\sysdriver32.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[nick.182]

Tak hotovo

All processes killed
========== FILES ==========
c:\windows\l1rezerv.exe moved successfully.
c:\windows\unrar.exe moved successfully.
c:\windows\sysdriver32.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET133.tmp moved successfully.
C:\WINDOWS\system32\SET12A.tmp moved successfully.
C:\WINDOWS\system32\SET137.tmp moved successfully.
C:\WINDOWS\system32\SET138.tmp moved successfully.
C:\WINDOWS\system32\SET13F.tmp moved successfully.
C:\WINDOWS\002926_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Kubík a Ráďa
->Temp folder emptied: 4668 bytes
->Temporary Internet Files folder emptied: 8077986 bytes
->Java cache emptied: 94175645 bytes
->Flash cache emptied: 2099238 bytes

User: Ráďa

User: Ráďa

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07262011_211506

Files moved on Reboot...

Registry entries deleted on Reboot...