VIRY.CZ

Zdravím,
dostal se mi do ruky PC od kamarádky který byl zavirován několika viry. Nefungoval už ani internet. Po instalaci nodu jsem odstranil 124 virů, ale to není vše. PC je velice pomalé a např některé stránky nejsou funkční (nelze na tomto PC stáhnout rsit.exe ze stránek uvedených na fóru). V tray liště se dokola zobrazuje ESET adresa byla zablokována v00d00.org..... Při spuštění rsit to psalo chybna bitová kopie DLL (to same pise pri startu vindows).

Prosim o radu s odstranenim viru (nechtel bych reinstalovat, protoze maji na HDD veliky bordel ve fotkach dokumentech atd...)

LOG
Logfile of random's system information tool 1.06 (written by random/random)
Run by jana at 2010-04-03 08:51:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 146 GB (61%) free of 238 GB
Total RAM: 1015 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:30, on 3.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jana\Plocha\RSIT.exe
C:\Program Files\trend micro\jana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe gwgvj
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 159.205.33.190 msnfix.changelog.fr
O1 - Hosts: 159.205.33.190 www.incodesolutions.com
O1 - Hosts: 159.205.33.190 virusinfo.prevx.com
O1 - Hosts: 159.205.33.190 download.bleepingcomputer.com
O1 - Hosts: 159.205.33.190 www.dazhizhu.cn
O1 - Hosts: 159.205.33.190 foro.noticias3d.com
O1 - Hosts: 159.205.33.190 www.spybotupdates.com
O1 - Hosts: 159.205.33.190 club.myce.com
O1 - Hosts: 159.205.33.190 www.k7computing.com
O1 - Hosts: 159.205.33.190 softwaresecuritysolutions.com
O1 - Hosts: 159.205.33.190 www.nabble.com
O1 - Hosts: 159.205.33.190 lurker.clamav.net
O1 - Hosts: 159.205.33.190 lexikon.ikarus.at
O1 - Hosts: 159.205.33.190 research.sunbelt-software.com
O1 - Hosts: 159.205.33.190 www.virusdoctor.jp
O1 - Hosts: 159.205.33.190 www.elitepvpers.de
O1 - Hosts: 159.205.33.190 guru.avg.com
O1 - Hosts: 159.205.33.190 downloads.sophos.com
O1 - Hosts: 159.205.33.190 share.skype.com
O1 - Hosts: 159.205.33.190 myantispyware.com
O1 - Hosts: 159.205.33.190 www.computerhilfen.de
O1 - Hosts: 159.205.33.190 www.superuser.co.kr
O1 - Hosts: 159.205.33.190 ntfaq.co.kr
O1 - Hosts: 159.205.33.190 v.dreamwiz.com
O1 - Hosts: 159.205.33.190 cit.kookmin.ac.kr
O1 - Hosts: 159.205.33.190 forums.whatthetech.com
O1 - Hosts: 159.205.33.190 forum.hijackthis.de
O1 - Hosts: 159.205.33.190 avg.vo.llnwd.net
O1 - Hosts: 159.205.33.190 ftp.drweb.com
O1 - Hosts: 159.205.33.190 www.zonealarm.com
O1 - Hosts: 159.205.33.190 smadaver.com
O1 - Hosts: 159.205.33.190 support.emsisoft.com
O1 - Hosts: 159.205.33.190 psychoski.blogspot.com
O1 - Hosts: 159.205.33.190 www.huaifai.go.th
O1 - Hosts: 159.205.33.190 www.mostz.com
O1 - Hosts: 159.205.33.190 www.krupunmai.com
O1 - Hosts: 159.205.33.190 www.cddchiangmai.net
O1 - Hosts: 159.205.33.190 forum.malekal.com
O1 - Hosts: 159.205.33.190 tech.pantip.com
O1 - Hosts: 159.205.33.190 sapcupgrades.com
O1 - Hosts: 159.205.33.190 www.elguruinformatico.com
O1 - Hosts: 159.205.33.190 forums.avg.com
O1 - Hosts: 159.205.33.190 zastita.com
O1 - Hosts: 159.205.33.190 support.kaspersky.com
O1 - Hosts: 159.205.33.190 foro.msgpluslive.es
O1 - Hosts: 159.205.33.190 www.247fixes.com
O1 - Hosts: 159.205.33.190 forum.sysinternals.com
O1 - Hosts: 159.205.33.190 forum.telecharger.01net.com
O1 - Hosts: 159.205.33.190 sophos.com
O1 - Hosts: 159.205.33.190 foros.softonic.com
O1 - Hosts: 159.205.33.190 avast-home.uptodown.com
O1 - Hosts: 159.205.33.190 dr-web-cureit.softonic.com
O1 - Hosts: 159.205.33.190 heavenward.ru
O1 - Hosts: 159.205.33.190 forum.smadav.net
O1 - Hosts: 159.205.33.190 www.forum.kaspersky.com
O1 - Hosts: 159.205.33.190 www.dl4all.com
O1 - Hosts: 159.205.33.190 www.f-secure.com
O1 - Hosts: 159.205.33.190 www.chkrootkit.org
O1 - Hosts: 159.205.33.190 diamondcs.com.au
O1 - Hosts: 159.205.33.190 www.rootkit.nl
O1 - Hosts: 159.205.33.190 www.sysinternals.com
O1 - Hosts: 159.205.33.190 z-oleg.com
O1 - Hosts: 159.205.33.190 espanol.dir.groups.yahoo.com
O1 - Hosts: 159.205.33.190 ftp01net.telechargement.fr
O1 - Hosts: 159.205.33.190 modelayu.com
O1 - Hosts: 159.205.33.190 vaksin.com
O1 - Hosts: 159.205.33.190 bbs.kaspersky.com.cn
O1 - Hosts: 159.205.33.190 sf.tapuz.co.il
O1 - Hosts: 159.205.33.190 www.castlecrops.com
O1 - Hosts: 159.205.33.190 www.misec.net
O1 - Hosts: 159.205.33.190 safecomputing.umn.edu
O1 - Hosts: 159.205.33.190 www.antirootkit.com
O1 - Hosts: 159.205.33.190 www.greatis.com
O1 - Hosts: 159.205.33.190 ar.answers.yahoo.com
O1 - Hosts: 159.205.33.190 www.elhacker.org
O1 - Hosts: 159.205.33.190 research.pandasecurity.com
O1 - Hosts: 159.205.33.190 www.tpu.ro
O1 - Hosts: 159.205.33.190 www.pinoyden.com
O1 - Hosts: 159.205.33.190 forum.avira.de
O1 - Hosts: 159.205.33.190 www.tanya-it.com
O1 - Hosts: 159.205.33.190 www.rootkit.com
O1 - Hosts: 159.205.33.190 www.pctools.com
O1 - Hosts: 159.205.33.190 www.pcsupportadvisor.com
O1 - Hosts: 159.205.33.190 www.resplendence.com
O1 - Hosts: 159.205.33.190 www.personal.psu.edu
O1 - Hosts: 159.205.33.190 foro.ethek.com
O1 - Hosts: 159.205.33.190 foro.elhacker.net
O1 - Hosts: 159.205.33.190 download.zonealarm.com
O1 - Hosts: 159.205.33.190 spywarehammer.com
O1 - Hosts: 159.205.33.190 www.codelain.com
O1 - Hosts: 159.205.33.190 www.thaicert.org
O1 - Hosts: 159.205.33.190 vil.nail.com
O1 - Hosts: 159.205.33.190 search.mcafee.com
O1 - Hosts: 159.205.33.190 wwww.mcafee.com
O1 - Hosts: 159.205.33.190 download.nai.com
O1 - Hosts: 159.205.33.190 wwww.experts-exchange.com
O1 - Hosts: 159.205.33.190 www.bakunos.com
O1 - Hosts: 159.205.33.190 www.darkclockers.com
O1 - Hosts: 159.205.33.190 www2.gmer.net
O1 - Hosts: 159.205.33.190 ariefew.com
O1 - Hosts: 159.205.33.190 www.emsisoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {7823eea1-994b-4c11-ba9e-66618ecf52fb} - {7823eea1-994b-4c11-ba9e-66618ecf52fb} - (no file)
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [7823eea1-994b-4c15-ba9e-66618ecf52fb_26] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi", start minimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA28362-9D1C-4B96-B3AA-B3C8B15FF4CF}: NameServer = 10.0.0.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: app_dll.dll
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll (file missing)
O23 - Service: IpSec service (darkness) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9d33a138211a8) (gupdate1c9d33a138211a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Systems Mon (SystemsMon) - Unknown owner - C:\WINDOWS\system32\drivers\system.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12752 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7823eea1-994b-4c11-ba9e-66618ecf52fb}]
{7823eea1-994b-4c11-ba9e-66618ecf52fb}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A20854FD-DDB5-4931-8F76-D11EA2364D94}]
Mario Forever Toolbar Helper - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll [2008-02-03 798720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-03 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - Mario Forever Toolbar - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll [2008-02-03 798720]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-03 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-09 2140880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG214-K641-12SF-N85P]
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odnex]
C:\WINDOWS\odbns.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sms]
C:\WINDOWS\sms.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spool]
C:\WINDOWS\spool.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqmaplibrary]
C:\Documents and Settings\jana\Local Settings\Data aplikací\sqmaplibrary\sqmaplibrary.dll [2010-03-10 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
C:\WINDOWS\vVX1000.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
C:\Documents and Settings\NetworkService\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi, start minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Image Transfer.lnk]
C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe [2002-10-16 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jana^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi, start minimized []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="app_dll.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\algs .exe"="C:\WINDOWS\system32\algs .exe:*:Enabled:Windows DLL Loader"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\iexplore.exe"="C:\WINDOWS\system32\iexplore.exe:*:Enabled:Microsoft Internet Explorer"
"C:\WINDOWS\system32\csrs.exe"="C:\WINDOWS\system32\csrs.exe:*:Enabled:Client Server Runtime Process"
"C:\WINDOWS\system32\lssas.exe"="C:\WINDOWS\system32\lssas.exe:*:Enabled:Local Security Authority Service"
"C:\WINDOWS\system32\winupd01.exe"="C:\WINDOWS\system32\winupd01.exe:*:Enabled:DHCP Router"
"C:\WINDOWS\system32\SyncMan.exe"="C:\WINDOWS\system32\SyncMan.exe:*:Enabled:Windows DLL Loader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\winupd01.exe"="C:\WINDOWS\system32\winupd01.exe:*:Enabled:DHCP Router"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{745a92e6-d563-11dc-affa-001d7d367c21}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kanEf.Exe

======List of files/folders created in the last 1 months======

2010-03-22 09:47:53 ----SHD---- C:\RECYCLER
2010-03-22 09:46:41 ----D---- C:\Program Files\CCleaner
2010-03-20 10:01:28 ----D---- C:\Program Files\Antimalware Defender
2010-03-19 18:29:14 ----D---- C:\WINDOWS\temp
2010-03-19 18:29:11 ----A---- C:\ComboFix.txt
2010-03-19 18:09:26 ----A---- C:\WINDOWS\vFind.exe
2010-03-19 17:50:30 ----N---- C:\WINDOWS\logfile32.txt
2010-03-19 17:35:01 ----A---- C:\WINDOWS\PEV.exe
2010-03-19 17:18:43 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-03-15 13:14:51 ----A---- C:\WINDOWS\wrth5dbqdgbjg2fmp0zu4nk0.ini
2010-03-15 13:04:21 ----A---- C:\WINDOWS\neujqle.bat
2010-03-15 13:04:08 ----A---- C:\WINDOWS\gdifwuc.bat
2010-03-08 17:29:28 ----D---- C:\Program Files\Alwil Software
2010-03-08 17:29:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

======List of files/folders modified in the last 1 months======

2010-04-03 08:52:33 ----D---- C:\WINDOWS\Prefetch
2010-04-03 08:52:24 ----D---- C:\Program Files\trend micro
2010-04-03 08:43:31 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 08:34:48 ----D---- C:\WINDOWS\system32
2010-04-03 08:34:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-03 08:24:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-27 11:32:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-27 09:17:16 ----D---- C:\WINDOWS
2010-03-27 09:17:03 ----HD---- C:\WINDOWS\inf
2010-03-22 10:01:21 ----SHD---- C:\WINDOWS\Installer
2010-03-22 10:01:17 ----SD---- C:\WINDOWS\Tasks
2010-03-22 09:47:54 ----D---- C:\WINDOWS\Debug
2010-03-22 09:47:53 ----D---- C:\WINDOWS\Minidump
2010-03-22 09:46:41 ----RD---- C:\Program Files
2010-03-22 09:28:55 ----D---- C:\WINDOWS\system32\drivers
2010-03-20 11:32:44 ----D---- C:\Program Files\Internet Explorer
2010-03-20 11:07:24 ----RASH---- C:\boot.ini
2010-03-20 11:07:24 ----A---- C:\WINDOWS\win.ini
2010-03-20 11:07:24 ----A---- C:\WINDOWS\system.ini
2010-03-20 10:46:35 ----D---- C:\Program Files\QuickTime
2010-03-20 10:25:38 ----D---- C:\Program Files\Adobe
2010-03-20 10:18:40 ----D---- C:\Documents and Settings\jana\Data aplikací\Control Manager
2010-03-20 10:16:27 ----D---- C:\Program Files\Anti-Blaxx
2010-03-20 10:11:12 ----D---- C:\Program Files\Messenger
2010-03-20 10:09:25 ----D---- C:\Program Files\Common Files\LightScribe
2010-03-20 10:08:35 ----D---- C:\Program Files\Microsoft LifeCam
2010-03-20 10:08:14 ----D---- C:\Config.Msi
2010-03-20 09:48:21 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-20 09:47:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-20 09:46:59 ----A---- C:\WINDOWS\system32\svchost.exe
2010-03-19 18:33:23 ----D---- C:\WINDOWS\pss
2010-03-19 18:29:19 ----D---- C:\Qoobox
2010-03-19 17:53:28 ----D---- C:\WINDOWS\ERDNT
2010-03-19 17:41:43 ----D---- C:\WINDOWS\system
2010-03-08 21:02:46 ----D---- C:\WINDOWS\network diagnostic
2010-03-07 21:39:15 ----SHD---- C:\System Volume Information
2010-03-07 21:39:15 ----D---- C:\WINDOWS\system32\Restore
2010-03-07 10:05:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 KGootkit;KGootkit; C:\WINDOWS\System32\drivers\KGootkit.sys []
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-04-29 278728]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-04-29 25416]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-02-11 39488]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2010-03-20 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2010-03-20 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2010-03-20 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-17 66872]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-02-14 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-03-20 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2010-03-20 14336]
S2 darkness;IpSec service; C:\WINDOWS\system\svchost.exe []
S2 gupdate1c9d33a138211a8;Služba Google Update (gupdate1c9d33a138211a8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
S2 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2010-03-20 14336]
S2 msupdate;Microsoft security update service; c:\windows\system32\mssrv32.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 SystemsMon;Systems Mon; C:\WINDOWS\system32\drivers\system.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-03 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím,

V adresáři: C:\WINDOWS\system32\drivers\etc klikni pravým na „hosts“ (bez přípony) -> Otevřít -> vyber Poznámkový blok (Notepad) -> smaž vše kromě „127.0.0.1 localhost“ (pokud tam není, tak vlož) -> dej „Uložit“ -> zavři Notepad

pokračuj ComboFixem

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Uf log z combofixu prikladam.
- Musel jsem pri behu combofixu klikat na tabulku, kde mi asi 200x bylo sdeleno, ze veskere soubory maji spatnou bitovou kopii a odkazuji se na soubor kfqsmr.dll

ComboFix 10-04-01.02 - jana 03.04.2010 10:11:58.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.300 [GMT 2:00]
Spuštěný z: c:\documents and settings\jana\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
ADS - svchost.exe: deleted 39424 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\jana\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.lnk
c:\documents and settings\jana\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Antimalware Defender
C:\WGASetup.exe
c:\windows\AppPatch\AcAdProc.dll
c:\windows\eSellerateEngine.dll
c:\windows\logfile32.txt
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\psdrvcheck .exe
c:\windows\system32\rundll32 .exe
c:\windows\vvx1000 .exe

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys

Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Legacy_KGOOTKIT
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Legacy_SYSTEMSMON
-------\Service_ICF
-------\Service_KGootkit
-------\Service_msupdate
-------\Service_SystemsMon

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-03 do 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-03-22 07:46 . 2010-03-22 07:46 -------- d-----w- c:\program files\CCleaner
2010-03-22 07:28 . 2010-03-22 07:28 69120 ----a-w- c:\windows\system32\drivers\KGootkit.sys
2010-03-20 08:59 . 2010-03-20 08:59 4 ----a-w- c:\program files\3000843.dat
2010-03-20 08:22 . 2010-03-20 08:22 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-19 15:18 . 2008-04-14 04:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-19 15:18 . 2008-04-14 04:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-19 15:18 . 2008-04-14 03:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-19 15:18 . 2008-04-14 03:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-15 11:04 . 2010-03-15 11:04 129 ----a-w- c:\windows\neujqle.bat
2010-03-15 11:04 . 2010-03-15 11:04 4 ----a-w- c:\program files\47390.dat
2010-03-15 11:04 . 2010-03-15 11:04 129 ----a-w- c:\windows\gdifwuc.bat
2010-03-14 22:10 . 2010-03-14 22:10 4 ----a-w- c:\program files\43234.dat
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-09 06:45 . 2010-03-09 06:45 4 ----a-w- c:\program files\45156.dat
2010-03-08 15:29 . 2010-03-08 15:33 -------- d-----w- c:\program files\Alwil Software
2010-03-07 21:05 . 2010-03-07 21:05 4 ----a-w- c:\program files\34625.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 08:47 . 2010-03-02 22:48 860672 ----a-w- c:\windows\system32\drivers\krgual.sys
2010-04-03 08:45 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-03 08:45 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 06:52 . 2009-04-18 19:32 -------- d-----w- c:\program files\trend micro
2010-03-20 08:46 . 2008-07-21 11:43 -------- d-----w- c:\program files\QuickTime
2010-03-20 08:16 . 2008-06-23 14:47 -------- d-----w- c:\program files\Anti-Blaxx
2010-03-20 08:09 . 2008-01-27 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-20 08:08 . 2008-02-11 15:41 -------- d-----w- c:\program files\Microsoft LifeCam
2010-03-20 07:46 . 2004-08-17 13:49 14336 ----a-w- c:\windows\system32\svchost.exe
2010-03-19 17:01 . 2004-08-03 20:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-02 22:43 . 2010-03-02 22:43 120 ----a-w- c:\windows\system32\dxehsxx.bat
2010-02-28 17:00 . 2008-11-09 06:07 -------- d-----w- c:\program files\Norton Security Scan
2010-01-05 09:58 . 2004-08-17 13:49 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2009-09-20 19:49 . 2009-09-20 19:49 43886 ----a-w- c:\program files\home.htm
2009-03-04 11:43 . 2009-03-04 11:43 2584576 ----a-w- c:\program files\4Story_CZ_1.2.exe
2008-11-17 12:26 . 2008-11-17 12:26 5720794 ----a-w- c:\program files\coach-e.zip
.

Kód: Vybrat vše

<pre>
c:\program files\Anti-Blaxx\anti-blaxx .exe
c:\program files\Common Files\LightScribe\lightscribecontrolpanel .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft LifeCam\lifeexp .exe
c:\program files\QuickTime\qttask                    .exe
c:\program files\SlySoft\CloneCD\clonecdtray .exe
c:\windows\pchealth\helpctr\binaries\msconfig .exe
</pre>

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-11 98304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk
backup=c:\windows\pss\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Image Transfer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jana^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
path=c:\documents and settings\jana\Nabídka Start\Programy\Po spuštění\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk
backup=c:\windows\pss\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG214-K641-12SF-N85P]
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
c:\program files\Anti-Blaxx\Anti-Blaxx.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-04 09:39 149040 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
c:\windows\system32\igfxpers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odnex]
c:\windows\odbns.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sms]
c:\windows\sms.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spool]
c:\windows\spool.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqmaplibrary]
2010-03-10 11:17 86016 ----a-w- c:\documents and settings\jana\Local Settings\Data aplikací\sqmaplibrary\sqmaplibrary.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
c:\windows\vVX1000.exe [N/A]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\NetworkService\Local Settings\Data aplikací\Windows Server\kfqsmr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 11:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 11:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 11:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.7.2009 22:16 222968]
S2 darkness;IpSec service;c:\windows\system\svchost.exe --> c:\windows\system\svchost.exe [?]
S2 gupdate1c9d33a138211a8;Služba Google Update (gupdate1c9d33a138211a8);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2009 21:44 133104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - krgual

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {4DA28362-9D1C-4B96-B3AA-B3C8B15FF4CF} = 10.0.0.22
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\yablpua5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{7823eea1-994b-4c11-ba9e-66618ecf52fb} - (no file)
AddRemove-Antimalware Defender - c:\program files\Antimalware Defender\Antimalware Defender.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 10:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CC0CA1]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75cbf28
\Driver\ACPI -> ACPI.sys @ 0xf745ecb8
\Driver\atapi -> atapi.sys @ 0xf72aa852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf71a3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71b0a21
SendHandler -> NDIS.sys @ 0xf718e87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\krgual]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
.
**************************************************************************
.
Celkový čas: 2010-04-03 11:08:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-03 09:08
ComboFix2.txt 2010-03-19 16:29
ComboFix3.txt 2009-04-18 17:33

Před spuštěním: Volných bajtů: 153 066 987 520
Po spuštění: Volných bajtů: 153 152 487 424

- - End Of File - - 2A308E901C88CCBAC39DF8ECB230A35D

Tam je toho tolik, že to asi nezvládnu najedou - tak první díl

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7823eea1-994b-4c11-ba9e-66618ecf52fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG214-K641-12SF-N85P]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odnex]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sms]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spool]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jana^Nabídka Start^Programy^Po spuštění^7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=0
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{745a92e6-d563-11dc-affa-001d7d367c21}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kanEf.Exe

File::
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi
C:\Documents and Settings\NetworkService\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi
C:\WINDOWS\sms.exe
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
c:\windows\system32\drivers\KGootkit.sys
c:\program files\3000843.dat
c:\windows\neujqle.bat
c:\program files\47390.dat
c:\windows\gdifwuc.bat
c:\program files\43234.dat
c:\program files\45156.dat
c:\program files\34625.dat
c:\windows\system32\drivers\krgual.sys
c:\program files\Anti-Blaxx
c:\windows\system32\dxehsxx.bat

Driver::
krgual
darkness
gupdate1c9d33a138211a8

RenV::
c:\program files\Anti-Blaxx\anti-blaxx .exe
c:\program files\Common Files\LightScribe\lightscribecontrolpanel .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft LifeCam\lifeexp .exe
c:\program files\QuickTime\qttask                    .exe
c:\program files\SlySoft\CloneCD\clonecdtray .exe
c:\windows\pchealth\helpctr\binaries\msconfig .exe

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Extra::

Reboot::

ComboFix 10-04-05.03 - jana 06.04.2010 8:45.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.654 [GMT 2:00]
Spuštěný z: c:\documents and settings\jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jana\Plocha\CFscript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

FILE ::
"c:\documents and settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi"
"c:\documents and settings\All Users\Dokumenty\Settings\cbss.dll"
"c:\documents and settings\NetworkService\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.avi"
"c:\program files\3000843.dat"
"c:\program files\34625.dat"
"c:\program files\43234.dat"
"c:\program files\45156.dat"
"c:\program files\47390.dat"
"c:\program files\Anti-Blaxx"
"c:\windows\gdifwuc.bat"
"c:\windows\neujqle.bat"
"c:\windows\sms.exe"
"c:\windows\system32\drivers\KGootkit.sys"
"c:\windows\system32\drivers\krgual.sys"
"c:\windows\system32\dxehsxx.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\3000843.dat
c:\program files\34625.dat
c:\program files\43234.dat
c:\program files\45156.dat
c:\program files\47390.dat
c:\windows\gdifwuc.bat
c:\windows\neujqle.bat
c:\windows\system32\drivers\KGootkit.sys
c:\windows\system32\drivers\krgual.sys
c:\windows\system32\dxehsxx.bat

Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DARKNESS
-------\Legacy_GUPDATE1C9D33A138211A8
-------\Legacy_KRGUAL
-------\Service_darkness
-------\Service_gupdate1c9d33a138211a8
-------\Service_krgual

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-06 do 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-03 08:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-03 08:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-22 07:46 . 2010-03-22 07:46 -------- d-----w- c:\program files\CCleaner
2010-03-20 08:22 . 2010-03-20 08:22 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-19 15:18 . 2008-04-14 04:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-19 15:18 . 2008-04-14 04:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-19 15:18 . 2008-04-14 03:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-19 15:18 . 2008-04-14 03:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-08 15:29 . 2010-03-08 15:33 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 06:59 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-06 06:59 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-06 06:45 . 2008-07-21 11:43 -------- d-----w- c:\program files\QuickTime
2010-04-06 06:45 . 2008-02-11 15:41 -------- d-----w- c:\program files\Microsoft LifeCam
2010-04-06 06:45 . 2008-06-23 14:47 -------- d-----w- c:\program files\Anti-Blaxx
2010-04-06 06:45 . 2008-01-27 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-03 06:52 . 2009-04-18 19:32 -------- d-----w- c:\program files\trend micro
2010-03-20 07:46 . 2004-08-17 13:49 14336 ------w- c:\windows\system32\svchost.exe
2010-03-19 17:01 . 2004-08-03 20:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-28 17:00 . 2008-11-09 06:07 -------- d-----w- c:\program files\Norton Security Scan
2009-09-20 19:49 . 2009-09-20 19:49 43886 ----a-w- c:\program files\home.htm
2009-03-04 11:43 . 2009-03-04 11:43 2584576 ----a-w- c:\program files\4Story_CZ_1.2.exe
2008-11-17 12:26 . 2008-11-17 12:26 5720794 ----a-w- c:\program files\coach-e.zip
.

Kód: Vybrat vše

<pre>
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
</pre>

((((((((((((((((((((((((((((( SnapShot_2010-03-19_16.22.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 22:30 . 2008-07-08 12:59 18296 c:\windows\system32\spmsg.dll
- 2008-04-03 22:30 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2001-10-25 14:00 . 2010-03-19 16:17 71196 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-04-06 06:48 71196 c:\windows\system32\perfc009.dat
+ 2008-01-27 13:12 . 2001-10-25 14:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
- 2004-08-03 20:59 . 2010-03-03 17:37 62976 c:\windows\system32\drivers\cdrom.sys
+ 2004-08-03 20:59 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2004-08-17 13:49 . 2010-03-20 07:46 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-03 20:59 . 2010-03-19 17:01 96512 c:\windows\system32\dllcache\atapi.sys
- 2004-08-03 20:59 . 2010-03-07 20:48 96512 c:\windows\system32\dllcache\atapi.sys
+ 2010-03-20 08:22 . 2010-03-20 08:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Low\Content.IE5\index.dat
- 2008-01-27 13:19 . 2010-03-19 15:35 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-27 13:19 . 2010-04-03 06:24 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-20 08:22 . 2010-03-20 08:21 16384 c:\windows\system32\config\systemprofile\Local Settings\History\Low\History.IE5\index.dat
- 2008-01-27 13:19 . 2010-03-19 15:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-27 13:19 . 2010-04-03 06:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-29 11:17 . 2008-12-29 11:17 68096 c:\windows\Installer\872fa.msi
+ 2009-04-24 12:42 . 2009-04-24 12:42 24064 c:\windows\Installer\75322.msi
+ 2008-07-29 19:07 . 2008-07-29 19:07 23040 c:\windows\Installer\4990b3.msp
+ 2005-11-15 14:47 . 2005-11-15 14:47 58880 c:\windows\Installer\49287.msp
+ 2009-08-06 09:08 . 2009-08-06 09:08 88576 c:\windows\Installer\46a4f0.msi
+ 2008-11-17 17:54 . 2008-11-17 17:54 51712 c:\windows\Installer\44556.msi
+ 2010-03-22 08:01 . 2010-03-22 08:01 22528 c:\windows\Installer\22b564.msi
+ 2010-03-20 08:08 . 2010-03-20 08:08 10134 c:\windows\Installer\{9DFF6811-C498-45E4-94C8-A0B98FCBEC32}\callmsi.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
- 2008-02-11 15:48 . 2010-02-10 19:22 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2001-10-25 14:00 . 2010-04-06 06:48 441260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-03-19 16:17 441260 c:\windows\system32\perfh009.dat
+ 2004-08-03 21:14 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-03 21:14 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-03 21:14 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys
+ 2008-01-27 13:14 . 2008-04-14 03:22 171008 c:\windows\system32\dllcache\msconfig.exe
+ 2009-08-06 09:10 . 2009-08-06 09:10 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\c1fe9.msp
+ 2008-02-11 16:27 . 2008-02-11 16:27 881664 c:\windows\Installer\a718d.msi
+ 2008-12-29 11:23 . 2008-12-29 11:23 240640 c:\windows\Installer\87394.msi
+ 2008-12-29 11:23 . 2008-12-29 11:23 242176 c:\windows\Installer\8738f.msi
+ 2008-12-29 11:23 . 2008-12-29 11:23 593920 c:\windows\Installer\87389.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 503808 c:\windows\Installer\8737d.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 121344 c:\windows\Installer\87375.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 400896 c:\windows\Installer\87370.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 444928 c:\windows\Installer\87367.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 446976 c:\windows\Installer\87362.msi
+ 2008-12-29 11:22 . 2008-12-29 11:22 565248 c:\windows\Installer\8735c.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 121344 c:\windows\Installer\87354.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 636928 c:\windows\Installer\8734f.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 450048 c:\windows\Installer\87342.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 121344 c:\windows\Installer\8733c.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 189440 c:\windows\Installer\87334.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 472576 c:\windows\Installer\8732c.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 519168 c:\windows\Installer\87326.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 223744 c:\windows\Installer\87321.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 345088 c:\windows\Installer\87319.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 839168 c:\windows\Installer\87313.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 243712 c:\windows\Installer\8730e.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 418304 c:\windows\Installer\87309.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 303616 c:\windows\Installer\87304.msi
+ 2008-12-29 11:20 . 2008-12-29 11:20 588800 c:\windows\Installer\872ff.msi
+ 2008-03-16 16:06 . 2008-03-16 16:06 331264 c:\windows\Installer\8050e.msi
+ 2009-11-24 22:59 . 2009-11-24 22:59 429568 c:\windows\Installer\78af98.msi
+ 2010-03-20 08:08 . 2010-03-20 08:08 958464 c:\windows\Installer\782dd.msi
+ 2009-11-05 13:31 . 2009-11-05 13:31 492544 c:\windows\Installer\7303bb.msp
+ 2009-11-19 11:54 . 2009-11-19 11:54 313856 c:\windows\Installer\5dec5.msi
+ 2009-11-19 11:53 . 2009-11-19 11:53 375296 c:\windows\Installer\5debe.msi
+ 2009-11-19 11:53 . 2009-11-19 11:53 377344 c:\windows\Installer\5deb6.msi
+ 2010-01-25 17:34 . 2010-01-25 17:34 228352 c:\windows\Installer\544adf.msi
+ 2008-11-09 06:07 . 2008-11-09 06:07 301568 c:\windows\Installer\50d3a.msi
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\4a5803.msp
+ 2009-08-06 09:10 . 2009-08-06 09:10 648192 c:\windows\Installer\4a57e0.msi
+ 2008-07-29 19:23 . 2008-07-29 19:23 250880 c:\windows\Installer\4990bc.msp
+ 2008-07-29 19:28 . 2008-07-29 19:28 278016 c:\windows\Installer\4990ba.msp
+ 2008-07-29 17:40 . 2008-07-29 17:40 291840 c:\windows\Installer\4990b8.msp
+ 2009-08-06 09:10 . 2009-08-06 09:10 137728 c:\windows\Installer\4990b2.msi
+ 2008-07-22 22:03 . 2008-07-22 22:03 111104 c:\windows\Installer\492d6.msp
+ 2009-02-10 06:58 . 2009-02-10 06:58 492544 c:\windows\Installer\49211.msp
+ 2008-05-07 14:33 . 2008-05-07 14:33 624128 c:\windows\Installer\491cd.msp
+ 2006-02-22 07:36 . 2006-02-22 07:36 995328 c:\windows\Installer\49127.msp
+ 2009-04-20 13:07 . 2009-04-20 13:07 202240 c:\windows\Installer\487ef.msp
+ 2008-07-29 15:35 . 2008-07-29 15:35 553472 c:\windows\Installer\46a4f5.msp
+ 2008-07-29 15:33 . 2008-07-29 15:33 506368 c:\windows\Installer\46a4f3.msp
+ 2008-07-29 15:37 . 2008-07-29 15:37 911360 c:\windows\Installer\46a4f2.msp
+ 2008-12-17 11:37 . 2008-12-17 11:37 432640 c:\windows\Installer\3cbd94.msi
+ 2009-11-23 11:57 . 2009-11-23 11:57 169472 c:\windows\Installer\2f5b7e8.msi
+ 2009-01-22 13:27 . 2009-01-22 13:27 323072 c:\windows\Installer\1da601.msi
+ 2010-01-26 07:00 . 2010-01-26 07:00 195584 c:\windows\Installer\16df8b.msi
+ 2008-01-27 13:20 . 2008-01-27 13:20 265216 c:\windows\Installer\16139.msi
+ 2008-05-25 19:21 . 2008-05-25 19:21 825856 c:\windows\Installer\144aed.msi
+ 2009-07-29 14:01 . 2009-07-29 14:01 248832 c:\windows\Installer\13a475.msi
+ 2010-03-20 08:08 . 2010-03-20 08:08 101480 c:\windows\Installer\{9DFF6811-C498-45E4-94C8-A0B98FCBEC32}\egui.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-11 15:48 . 2010-02-10 19:22 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-11 15:48 . 2010-04-03 09:14 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2004-07-17 09:35 . 2004-07-17 09:35 1356800 c:\windows\system32\webfldrs.msi
+ 2008-12-17 11:11 . 2004-07-17 09:35 1356800 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-06-23 15:02 . 2008-06-23 15:02 1984512 c:\windows\Installer\dece22.msi
+ 2008-06-23 14:58 . 2008-06-23 14:58 2247680 c:\windows\Installer\dece1d.msi
+ 2008-02-16 09:36 . 2008-02-16 09:36 2460160 c:\windows\Installer\decd4.msi
+ 2008-04-29 17:58 . 2008-04-29 17:58 1784320 c:\windows\Installer\dc9ac.msi
+ 2008-01-27 21:04 . 2008-01-27 21:04 1788416 c:\windows\Installer\cef9d.msi
+ 2008-01-27 21:02 . 2008-01-27 21:02 6081536 c:\windows\Installer\cef98.msi
+ 2009-01-15 02:35 . 2009-01-15 02:35 4830720 c:\windows\Installer\b1e18e.msp
+ 2009-09-30 14:11 . 2009-09-30 14:11 8409088 c:\windows\Installer\a7303.msp
+ 2008-12-29 11:22 . 2008-12-29 11:22 1574912 c:\windows\Installer\87384.msi
+ 2008-12-29 11:21 . 2008-12-29 11:21 1343488 c:\windows\Installer\87337.msi
+ 2009-05-12 19:44 . 2009-05-12 19:44 1602048 c:\windows\Installer\67083.msi
+ 2008-02-16 00:45 . 2008-02-16 00:45 1130496 c:\windows\Installer\65a4f.msi
+ 2009-09-04 13:31 . 2009-09-04 13:31 7972864 c:\windows\Installer\5bd398.msp
+ 2009-08-20 13:27 . 2009-08-20 13:27 3622400 c:\windows\Installer\5bd36e.msp
+ 2009-09-10 20:44 . 2009-09-10 20:44 6704640 c:\windows\Installer\5bd35a.msp
+ 2008-12-13 07:57 . 2008-12-13 07:57 8397824 c:\windows\Installer\4a57ee.msp
+ 2008-07-29 17:26 . 2008-07-29 17:26 1043456 c:\windows\Installer\4990bb.msp
+ 2008-07-29 18:37 . 2008-07-29 18:37 2679808 c:\windows\Installer\4990b9.msp
+ 2008-07-29 19:15 . 2008-07-29 19:15 3697664 c:\windows\Installer\4990b7.msp
+ 2008-07-29 17:34 . 2008-07-29 17:34 1448448 c:\windows\Installer\4990b6.msp
+ 2008-07-29 18:22 . 2008-07-29 18:22 4137984 c:\windows\Installer\4990b5.msp
+ 2008-07-29 17:18 . 2008-07-29 17:18 3376640 c:\windows\Installer\4990b4.msp
+ 2008-10-28 13:59 . 2008-10-28 13:59 8413184 c:\windows\Installer\492ae.msp
+ 2008-09-04 13:52 . 2008-09-04 13:52 4337664 c:\windows\Installer\4929a.msp
+ 2008-05-06 08:30 . 2008-05-06 08:30 9577984 c:\windows\Installer\4925f.msp
+ 2008-01-11 12:13 . 2008-01-11 12:13 5862912 c:\windows\Installer\4924b.msp
+ 2008-01-14 12:26 . 2008-01-14 12:26 4478464 c:\windows\Installer\49225.msp
+ 2006-03-28 13:37 . 2006-03-28 13:37 6956032 c:\windows\Installer\491fb.msp
+ 2006-08-29 15:50 . 2006-08-29 15:50 3210240 c:\windows\Installer\491e1.msp
+ 2004-03-11 06:46 . 2004-03-11 06:46 2509312 c:\windows\Installer\491b5.msp
+ 2004-09-13 00:30 . 2004-09-13 00:30 1342976 c:\windows\Installer\491a2.msp
+ 2008-06-11 18:13 . 2008-06-11 18:13 7988224 c:\windows\Installer\4914f.msp
+ 2008-03-31 14:35 . 2008-03-31 14:35 8309760 c:\windows\Installer\4913a.msp
+ 2009-04-29 13:03 . 2009-04-29 13:03 8404992 c:\windows\Installer\487dc.msp
+ 2008-07-29 15:45 . 2008-07-29 15:45 2543616 c:\windows\Installer\46a4f9.msp
+ 2008-07-29 15:29 . 2008-07-29 15:29 2926080 c:\windows\Installer\46a4f8.msp
+ 2008-07-29 15:41 . 2008-07-29 15:41 6487040 c:\windows\Installer\46a4f7.msp
+ 2008-07-29 15:39 . 2008-07-29 15:39 3403264 c:\windows\Installer\46a4f6.msp
+ 2008-07-29 15:43 . 2008-07-29 15:43 1013248 c:\windows\Installer\46a4f4.msp
+ 2008-07-29 15:31 . 2008-07-29 15:31 6083072 c:\windows\Installer\46a4f1.msp
+ 2008-10-05 03:12 . 2008-10-05 03:12 4784128 c:\windows\Installer\4455c.msp
+ 2009-02-21 16:48 . 2009-02-21 16:48 1799168 c:\windows\Installer\3fa0e.msi
+ 2008-02-11 17:16 . 2008-02-11 17:16 1479168 c:\windows\Installer\3e1ab.msi
+ 2008-03-25 11:00 . 2008-03-25 11:00 2168320 c:\windows\Installer\2c388.msi
+ 2008-09-19 10:54 . 2008-09-19 10:54 4378624 c:\windows\Installer\2969c.msi
+ 2009-04-30 21:02 . 2009-04-30 21:02 9628672 c:\windows\Installer\1c396a.msp
+ 2008-02-13 22:56 . 2008-02-13 22:56 5082624 c:\windows\Installer\1b5f07.msi
+ 2008-02-11 15:48 . 2008-02-11 15:48 3400192 c:\windows\Installer\1b3400.msi
+ 2008-02-11 15:42 . 2008-02-11 15:42 1295360 c:\windows\Installer\1b33f8.msi
+ 2009-12-01 14:52 . 2009-12-01 14:52 7970816 c:\windows\Installer\147bfb.msp
+ 2009-12-01 14:52 . 2009-12-01 14:52 9630208 c:\windows\Installer\147be7.msp
+ 2008-03-16 16:18 . 2008-03-16 16:18 3443712 c:\windows\Installer\12b969.msi
+ 2008-06-23 14:57 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2009-04-19 17:25 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2009-08-10 19:08 . 2009-08-10 19:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2002-12-11 18:39 . 2002-12-11 18:39 10995712 c:\windows\Installer\WMEncoder.msi
+ 2008-12-17 20:50 . 2008-12-17 20:50 15256576 c:\windows\Installer\ba17f.msp
+ 2010-01-20 04:49 . 2010-01-20 04:49 15710720 c:\windows\Installer\b4ff5.msp
+ 2009-10-08 17:04 . 2009-10-08 17:04 17510400 c:\windows\Installer\a72ef.msp
+ 2009-09-09 14:03 . 2009-09-09 14:03 15709696 c:\windows\Installer\a2f43.msp
+ 2009-05-05 16:06 . 2009-05-05 16:06 17515008 c:\windows\Installer\8d014c.msp
+ 2005-09-25 09:46 . 2005-09-25 09:46 16084480 c:\windows\Installer\7ae85.msp
+ 2009-08-14 18:32 . 2009-08-14 18:32 11110912 c:\windows\Installer\5bd3a1.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09 17254912 c:\windows\Installer\5bd385.msp
+ 2008-12-13 08:21 . 2008-12-13 08:21 10473472 c:\windows\Installer\4a57f8.msp
+ 2004-02-24 11:04 . 2004-02-24 11:04 56057492 c:\windows\Installer\4a204.msp
+ 2008-01-24 13:56 . 2008-01-24 13:56 13570560 c:\windows\Installer\492c3.msp
+ 2009-03-09 13:55 . 2009-03-09 13:55 17526272 c:\windows\Installer\49273.msp
+ 2008-12-17 11:38 . 2008-12-17 11:38 19210240 c:\windows\Installer\3cbddd.msp
+ 2009-07-30 20:14 . 2009-07-30 20:14 15705600 c:\windows\Installer\2d7bd1.msp
+ 2010-01-28 04:17 . 2010-01-28 04:17 17510400 c:\windows\Installer\23a88c.msp
+ 2009-07-20 10:03 . 2009-07-20 10:03 16465408 c:\windows\Installer\194b4b.msp
+ 2008-02-14 21:33 . 2008-02-14 21:33 11587072 c:\windows\Downloaded Installations\{0F65F08C-55D4-43EF-82A5-BE3EBA3C0229}\GameShadow.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-11 98304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Image Transfer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqmaplibrary]
2010-03-10 11:17 86016 ----a-w- c:\documents and settings\jana\Local Settings\Data aplikací\sqmaplibrary\sqmaplibrary.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
c:\windows\vVX1000.exe [N/A]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\NetworkService\Local Settings\Data aplikací\Windows Server\kfqsmr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 11:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 11:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 11:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.7.2009 22:16 222968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {4DA28362-9D1C-4B96-B3AA-B3C8B15FF4CF} = 10.0.0.22
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\yablpua5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 08:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
.
**************************************************************************
.
Celkový čas: 2010-04-06 09:21:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-06 07:21
ComboFix2.txt 2010-04-03 09:08
ComboFix3.txt 2010-03-19 16:29
ComboFix4.txt 2009-04-18 17:33

Před spuštěním: Volných bajtů: 153 028 673 536
Po spuštění: Volných bajtů: 152 986 398 720

- - End Of File - - 5939D75B1FFED564AF794F14EC198FD4

Nový CFscript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]

File::
c:\documents and settings\NetworkService\Local Settings\Data aplikací\Windows Server\kfqsmr.dll

RenV::
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe

Folder::
c:\program files\Anti-Blaxx

Reboot::

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

ComboFix 10-04-06.01 - jana 07.04.2010 10:21:07.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.456 [GMT 2:00]
Spuštěný z: c:\documents and settings\jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jana\Plocha\CFscript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\NetworkService\Local Settings\Data aplikací\Windows Server\kfqsmr.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Data aplikací\Windows Server\kfqsmr.dll
c:\program files\Anti-Blaxx
c:\program files\Anti-Blaxx\Anti-Blaxx.dll
c:\program files\Anti-Blaxx\anti-blaxx.exe
c:\program files\Anti-Blaxx\Anti-Blaxx.exe.manifest
c:\program files\Anti-Blaxx\Backup.bak
c:\program files\Anti-Blaxx\Help\Help.chm
c:\program files\Anti-Blaxx\Help\Hilfe.chm
c:\program files\Anti-Blaxx\Language\Dutch.lng
c:\program files\Anti-Blaxx\Language\English.lng
c:\program files\Anti-Blaxx\Language\Espanol.lng
c:\program files\Anti-Blaxx\Language\Francais.lng
c:\program files\Anti-Blaxx\Language\German.lng
c:\program files\Anti-Blaxx\settings.ini
c:\program files\Anti-Blaxx\SR7.Stop v1.0.exe
c:\program files\Anti-Blaxx\unins000.dat
c:\program files\Anti-Blaxx\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-03 08:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-03 08:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-22 07:46 . 2010-03-22 07:46 -------- d-----w- c:\program files\CCleaner
2010-03-20 08:22 . 2010-03-20 08:22 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-19 15:18 . 2008-04-14 04:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-19 15:18 . 2008-04-14 04:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-19 15:18 . 2008-04-14 03:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-19 15:18 . 2008-04-14 03:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-08 15:29 . 2010-03-08 15:33 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 06:09 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-07 06:09 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-06 06:45 . 2008-07-21 11:43 -------- d-----w- c:\program files\QuickTime
2010-04-06 06:45 . 2008-02-11 15:41 -------- d-----w- c:\program files\Microsoft LifeCam
2010-04-06 06:45 . 2008-01-27 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-03 06:52 . 2009-04-18 19:32 -------- d-----w- c:\program files\trend micro
2010-03-20 07:46 . 2004-08-17 13:49 14336 ------w- c:\windows\system32\svchost.exe
2010-03-19 17:01 . 2004-08-03 20:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-11 12:36 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-28 17:00 . 2008-11-09 06:07 -------- d-----w- c:\program files\Norton Security Scan
2009-09-20 19:49 . 2009-09-20 19:49 43886 ----a-w- c:\program files\home.htm
2009-03-04 11:43 . 2009-03-04 11:43 2584576 ----a-w- c:\program files\4Story_CZ_1.2.exe
2008-11-17 12:26 . 2008-11-17 12:26 5720794 ----a-w- c:\program files\coach-e.zip
.

Kód: Vybrat vše

<pre>
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-11 98304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Image Transfer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqmaplibrary]
2010-03-10 11:17 86016 ----a-w- c:\documents and settings\jana\Local Settings\Data aplikací\sqmaplibrary\sqmaplibrary.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
c:\windows\vVX1000.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 11:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 11:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 11:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.7.2009 22:16 222968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {4DA28362-9D1C-4B96-B3AA-B3C8B15FF4CF} = 10.0.0.22
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\yablpua5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Anti-Blaxx_is1 - c:\program files\Anti-Blaxx\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 10:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
.
**************************************************************************
.
Celkový čas: 2010-04-07 10:33:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-07 08:33
ComboFix2.txt 2010-04-06 07:21
ComboFix3.txt 2010-04-03 09:08
ComboFix4.txt 2010-03-19 16:29
ComboFix5.txt 2010-04-07 08:08

Před spuštěním: Volných bajtů: 152 880 316 416
Po spuštění: Volných bajtů: 152 843 128 832

- - End Of File - - 0376AB24643530F44CEEC59BB6E567C8

Vzdoruje - zkusíme první variantu pro opravu

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu > „Execute“ > „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit.

Script

Kód: Vybrat vše

Files to move:
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe | c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

Kdyby se nedařilo, odinstaluješ NOD32, smažeš v nouzovém režimu c:\program files\ESET\ESET NOD32 Antivirus\egui .exe (za egui je mezera) a po restartu nainstaluješ NOD32 znovu

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\program files\ESET\ESET NOD32 Antivirus\egui .exe|c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Avenger sice hlásí, že opravil, ale pro kontrolu dej ještě jednou ComboFix.

Podle nálezu budeme buď pokračovat nebo uklízet.

ComboFix 10-04-07.01 - jana 08.04.2010 8:18.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.460 [GMT 2:00]
Spuštěný z: c:\documents and settings\jana\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-03 08:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-03 08:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-22 07:46 . 2010-03-22 07:46 -------- d-----w- c:\program files\CCleaner
2010-03-20 08:22 . 2010-03-20 08:22 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-19 15:18 . 2008-04-14 04:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-19 15:18 . 2008-04-14 04:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-19 15:18 . 2008-04-14 03:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-19 15:18 . 2008-04-14 03:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 06:11 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-04-08 06:11 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-06 06:45 . 2008-07-21 11:43 -------- d-----w- c:\program files\QuickTime
2010-04-06 06:45 . 2008-02-11 15:41 -------- d-----w- c:\program files\Microsoft LifeCam
2010-04-06 06:45 . 2008-01-27 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-03 06:52 . 2009-04-18 19:32 -------- d-----w- c:\program files\trend micro
2010-03-20 07:46 . 2004-08-17 13:49 14336 ------w- c:\windows\system32\svchost.exe
2010-03-19 17:01 . 2004-08-03 20:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-11 12:36 . 2004-08-17 13:49 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-08 15:33 . 2010-03-08 15:29 -------- d-----w- c:\program files\Alwil Software
2010-02-28 17:00 . 2008-11-09 06:07 -------- d-----w- c:\program files\Norton Security Scan
2009-09-20 19:49 . 2009-09-20 19:49 43886 ----a-w- c:\program files\home.htm
2009-03-04 11:43 . 2009-03-04 11:43 2584576 ----a-w- c:\program files\4Story_CZ_1.2.exe
2008-11-17 12:26 . 2008-11-17 12:26 5720794 ----a-w- c:\program files\coach-e.zip
.

((((((((((((((((((((((((((((( SnapShot_2010-04-06_06.56.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 22:30 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2008-04-03 22:30 . 2008-07-08 12:59 18296 c:\windows\system32\spmsg.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 44544 c:\windows\system32\pngfilt.dll
+ 2001-10-25 14:00 . 2010-04-08 06:11 71196 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-04-06 06:48 71196 c:\windows\system32\perfc009.dat
- 2007-08-13 16:54 . 2010-01-05 09:58 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-03-11 12:36 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 16:39 . 2009-12-31 15:32 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 16:39 . 2010-03-10 13:17 13824 c:\windows\system32\ieudinit.exe
- 2004-08-17 13:49 . 2010-01-05 09:58 44544 c:\windows\system32\iernonce.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 44544 c:\windows\system32\iernonce.dll
+ 2004-08-17 13:49 . 2010-03-10 13:17 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-17 13:49 . 2009-12-31 15:32 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:36 . 2010-01-05 09:57 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 16:36 . 2010-03-11 12:36 63488 c:\windows\system32\icardie.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-12-17 10:44 . 2010-01-05 09:58 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-17 10:44 . 2010-03-11 12:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-12-17 10:44 . 2009-12-31 15:32 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-17 10:44 . 2010-03-10 13:17 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-17 13:49 . 2010-01-05 09:58 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2010-03-10 13:17 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-17 13:49 . 2009-12-31 15:32 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-17 10:44 . 2010-01-05 09:57 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-12-17 10:44 . 2010-03-11 12:36 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 15:59 . 2010-01-05 09:57 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 15:59 . 2010-03-11 12:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll
+ 2010-04-07 01:00 . 2009-12-31 15:32 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
+ 2010-04-07 01:00 . 2010-01-05 09:58 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll
+ 2010-04-07 01:00 . 2009-12-31 15:32 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe
+ 2010-04-07 01:00 . 2010-01-05 09:57 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 17408 c:\windows\ie7updates\KB980182-IE7\corpol.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 233472 c:\windows\system32\webcheck.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 233472 c:\windows\system32\webcheck.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 105984 c:\windows\system32\url.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 105984 c:\windows\system32\url.dll
+ 2001-10-25 14:00 . 2010-04-08 06:11 441260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-04-06 06:48 441260 c:\windows\system32\perfh009.dat
+ 2004-08-17 13:49 . 2010-03-11 12:36 102912 c:\windows\system32\occache.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 102912 c:\windows\system32\occache.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 671232 c:\windows\system32\mstime.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 671232 c:\windows\system32\mstime.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 193024 c:\windows\system32\msrating.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 193024 c:\windows\system32\msrating.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2010-01-05 09:58 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2010-03-11 12:36 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 16:34 . 2010-01-05 09:58 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-03-11 12:36 268288 c:\windows\system32\iertutil.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 192512 c:\windows\system32\iepeers.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 192512 c:\windows\system32\iepeers.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 10:27 . 2010-01-05 09:57 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 10:27 . 2010-03-11 12:36 380928 c:\windows\system32\ieapfltr.dll
+ 2001-10-25 14:00 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
- 2001-10-25 14:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 230400 c:\windows\system32\ieaksie.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 153088 c:\windows\system32\ieakeng.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 153088 c:\windows\system32\ieakeng.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 133120 c:\windows\system32\extmgr.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 133120 c:\windows\system32\extmgr.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 214528 c:\windows\system32\dxtrans.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 214528 c:\windows\system32\dxtrans.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-12-17 10:44 . 2010-01-05 09:58 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-17 10:44 . 2010-03-11 12:36 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-01-27 13:14 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-01-27 13:14 . 2010-02-23 05:20 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-17 10:44 . 2010-03-11 12:36 268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-12-17 10:44 . 2010-01-05 09:58 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-17 10:44 . 2010-03-11 12:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-12-17 10:44 . 2010-01-05 09:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-10-25 14:00 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2001-10-25 14:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 124928 c:\windows\system32\advpack.dll
- 2004-08-17 13:49 . 2010-01-05 09:57 124928 c:\windows\system32\advpack.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 832512 c:\windows\ie7updates\KB980182-IE7\wininet.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 105984 c:\windows\ie7updates\KB980182-IE7\url.dll
+ 2010-04-07 01:00 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
+ 2010-04-07 01:00 . 2009-05-26 11:40 233848 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
+ 2010-04-07 01:00 . 2010-01-05 09:58 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll
+ 2010-04-07 01:00 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB980182-IE7\iexplore.exe
+ 2010-04-07 01:00 . 2010-01-05 09:58 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 192512 c:\windows\ie7updates\KB980182-IE7\iepeers.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 380928 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll
+ 2010-04-07 01:00 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll
+ 2010-04-07 01:00 . 2010-01-05 09:57 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 1168384 c:\windows\system32\urlmon.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 3599872 c:\windows\system32\mshtml.dll
- 2007-08-13 16:54 . 2010-01-05 09:58 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 16:54 . 2010-03-11 12:36 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-17 13:49 . 2010-01-05 09:58 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-17 13:49 . 2010-03-11 12:36 3599872 c:\windows\system32\dllcache\mshtml.dll
- 2008-12-17 10:44 . 2010-01-05 09:58 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-17 10:44 . 2010-03-11 12:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 1168384 c:\windows\ie7updates\KB980182-IE7\urlmon.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 3599360 c:\windows\ie7updates\KB980182-IE7\mshtml.dll
+ 2010-04-07 01:00 . 2010-01-05 09:58 6067200 c:\windows\ie7updates\KB980182-IE7\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-11 98304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Image Transfer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqmaplibrary]
2010-03-10 11:17 86016 ----a-w- c:\documents and settings\jana\Local Settings\Data aplikací\sqmaplibrary\sqmaplibrary.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 11:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 11:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 11:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.7.2009 22:16 222968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 19:44]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {4DA28362-9D1C-4B96-B3AA-B3C8B15FF4CF} = 10.0.0.22
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\yablpua5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-VX1000 - c:\windows\vVX1000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 08:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-08 08:26:40
ComboFix-quarantined-files.txt 2010-04-08 06:26
ComboFix2.txt 2010-04-07 08:33
ComboFix3.txt 2010-04-06 07:21
ComboFix4.txt 2010-04-03 09:08
ComboFix5.txt 2010-04-08 06:18

Před spuštěním: Volných bajtů: 152 840 065 024
Po spuštění: Volných bajtů: 152 800 899 072

- - End Of File - - 4CD71B8097E7A345D9F117B33B57885C

Dobře to vypadá - ještě jeden scan

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9.4.2010 8:22:04
mbam-log-2010-04-09 (08-22-04).txt

Typ skenu: Rychlý sken
Skenované objekty: 102239
Uplynulý čas: 3 minuta(y), 56 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 4
Infikované soubory: 15

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\ExtSecurityCenter (Rogue.ExtSecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009 (Rogue.VirusRemover) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009\Logs (Rogue.VirusRemover) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antimalware Defender (Rogue.AntimalwareDefender) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender (Rogue.AntimalwareDefender) -> No action taken.

Infikované soubory:
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender\Uninstall Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Plocha\Antimalware Defender.LNK (Rogue.AntimalwareDefender) -> No action taken.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> No action taken.

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

Napiš jak se chová PC - ještě nějaký problém?
Podle toho budeme buď pokračovat nebo uklízet

Tak pc se momentálně tváří velice zdravě

hlášky typu chybná bitová kopie jsou pryč, internet je 100% funkční a věčné hlášky z esetu v00d00 zablokováno jsou také pryč.

Přikládám log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9.4.2010 10:05:49
mbam-log-2010-04-09 (10-05-49).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 223752
Uplynulý čas: 35 minuta(y), 26 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 4
Infikované soubory: 52

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\ExtSecurityCenter (Rogue.ExtSecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\krgual.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009130.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009100.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009102.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009103.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009119.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009125.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009131.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009132.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009163.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0009164.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010162.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010173.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010175.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010176.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010177.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010178.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010179.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010181.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010191.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010192.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010193.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010194.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010196.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010199.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010200.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010202.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010203.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010204.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0010208.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP10\A0013195.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C77F193-E932-4AEB-BCFB-F2D1E947A9E9}\RP13\A0013670.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Data aplikací\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Nabídka Start\Programy\Antimalware Defender\Uninstall Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Plocha\Antimalware Defender.LNK (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jana\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7823eea1-994b-4c15-ba9e-66618ecf52fb_26.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.

VIRY.CZ

zavirováno

zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno

Re: zavirováno