chyby při otevření některých souborů

bystryi · Příspěvek od **bystryi** » sob 17. led 2009, 20:42

zdravim
ted jsem serfoval po netu a najednou,když chci do nějakého souboru,tak to píše:WARNING! VIRUS DETECTED!..........download protection software now!
když potom kliknu na ano,tak se mi stáhne windefender2009 a když dám ne tak mě to odkazuje na tuto stránku:http://webfreescan.cn/id/4912933/3/1/ a udělá scan
pak mi to ještě píše download complete.......do you watch the movie?
pls čim to je?
antivir mám PC tools internet security a ten nic nenašel a ani hjt nic nenašel(tedy podle http://www.hijackthis.cz/)
diky

jansv · Příspěvek od **jansv** » sob 17. led 2009, 21:56

Ahoj, na hijackthis.cz se vykašli, ten má spoustu mylných detekcí. Vlož sem aktuální log z HijackThis a z ComboFix:

HijackThis návod:
Stáhni si HijackThis např. odtud - http://www.stahuj.centrum.cz/internet_a ... ijackthis/

Použití
1. Spusť program a stiskněte tlačítko "Do a system scan and save a log"
2. Celý obsah textového dokumentu, který po chvilce sám "vyskočí" sem vlož normálně do příspěvku a já Ti to zkontroluju, a poté uvidíme, co dále.

ComboFix návod:
Stáhněte a uložte na plochu ComboFix.
Spusťte pod účtem s Administrátorským oprávněním, před spuštěním vypněte všechny aplikace včetně Antiviru a Firewallu.
Celá akce trvá okolo 10 minut, někdy i déle.
Nelekněte se, když Váš stroj bude restartován.
Po restartu aplikace vytvoří log, uložený na C:/Combofix.txt (Při opakovaném použití jsou logy označeny Combofix2.txt atd.), JEHO OBSAH SEM VLOŽTE.

bystryi · Příspěvek od **bystryi** » ned 18. led 2009, 10:33

tak tady je log z hjt:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:57, on 18.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\computer 2\My Documents\Programy\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BioSmuth - {72132FDD-5B51-4BC1-BCC8-860F20AF1BF9} - C:\WINDOWS\system32\kiago32a.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe

a tady z combofix

ComboFix 09-01-17.03 - computer 2 2009-01-18 10:28:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2559.2058 [GMT 1:00]
Spuštěný z: c:\documents and settings\computer 2\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated)
FW: Internet Security Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\computer 2\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\computer 2\Favorites\Search Online.url
c:\documents and settings\computer 2\Favorites\SMS TRAP.url
c:\documents and settings\computer 2\Favorites\VIP Casino.url
c:\documents and settings\computer 2\Start Menu\Cheap Pharmacy Online.url
c:\documents and settings\computer 2\Start Menu\Search Online.url
c:\documents and settings\computer 2\Start Menu\SMS TRAP.url
c:\documents and settings\computer 2\Start Menu\VIP Casino.url
c:\program files\WinDefender
c:\program files\WinDefender\wdscan.exe
c:\program files\WinDefender\WinDefender.s1
c:\windows\system32\_004941_.tmp.dll
c:\windows\system32\_004942_.tmp.dll
c:\windows\system32\_004943_.tmp.dll
c:\windows\system32\_004944_.tmp.dll
c:\windows\system32\_004951_.tmp.dll
c:\windows\system32\_004952_.tmp.dll
c:\windows\system32\_004953_.tmp.dll
c:\windows\system32\_004955_.tmp.dll
c:\windows\system32\_004956_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004960_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004963_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004974_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004977_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004992_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-18 do 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 20:03 . 2009-01-17 20:18 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-17 17:44 . 2009-01-17 17:44 110,592 --a------ c:\windows\system32\kiago32a.dll
2009-01-17 17:44 . 2009-01-17 17:44 21,446 --a------ c:\windows\system32\sf.ico
2009-01-17 17:44 . 2009-01-17 17:44 13,942 --a------ c:\windows\system32\m3.ico
2009-01-17 17:44 . 2009-01-17 19:21 3,097 --a------ c:\windows\ios.dat
2009-01-17 13:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-17 13:18 . 2009-01-17 13:18 <DIR> d-------- c:\program files\Microsoft Works
2009-01-17 13:17 . 2009-01-17 13:17 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-17 13:15 . 2009-01-17 13:15 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-17 13:14 . 2009-01-17 13:17 <DIR> d-------- c:\windows\SHELLNEW
2009-01-17 13:14 . 2009-01-17 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-17 13:13 . 2009-01-17 13:13 <DIR> dr-h----- C:\MSOCache
2009-01-17 12:54 . 2009-01-17 12:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2009-01-12 14:57 . 2009-01-12 14:57 <DIR> d-------- c:\program files\Lavalys
2009-01-03 15:45 . 2009-01-03 15:47 <DIR> d-------- c:\windows\NV2093220920.TMP
2009-01-03 15:45 . 2008-12-26 19:20 211,067 --a------ c:\windows\system32\nvapps.nvb
2009-01-03 15:44 . 2008-12-26 19:20 290,816 --a------ c:\windows\system32\nvwrsth.dll
2009-01-03 15:44 . 2008-12-26 19:20 253,952 --a------ c:\windows\system32\nvrsth.dll
2009-01-01 15:27 . 2006-12-29 00:31 19,569 --a------ c:\windows\004949_.tmp
2009-01-01 15:08 . 2008-04-14 05:42 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-01-01 15:08 . 2008-04-13 22:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-01-01 15:04 . 2009-01-01 15:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-01 15:04 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SET708.tmp
2009-01-01 15:04 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SET70E.tmp
2009-01-01 15:02 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET359.tmp
2009-01-01 15:01 . 2008-04-13 23:53 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys
2009-01-01 15:00 . 2006-12-29 00:31 19,569 --a------ c:\windows\003309_.tmp
2009-01-01 14:02 . 2009-01-01 14:02 <DIR> d-------- c:\windows\system32\xlive
2009-01-01 14:02 . 2009-01-01 15:51 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-01 13:40 . 2009-01-17 13:18 <DIR> d-------- c:\program files\MSBuild
2009-01-01 13:36 . 2009-01-01 13:36 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-01 13:35 . 2009-01-01 13:35 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-01 13:34 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-30 17:06 . 2008-12-30 17:14 <DIR> d-------- c:\program files\Astonsoft
2008-12-30 17:06 . 2008-12-30 17:11 <DIR> d-------- c:\documents and settings\computer 2\Application Data\DeepBurner
2008-12-26 16:53 . 2008-12-26 16:53 <DIR> d-------- c:\program files\ASUS
2008-12-26 16:53 . 2006-01-11 00:50 24,576 --a------ c:\windows\system32\AsIO.dll
2008-12-26 16:53 . 2007-12-18 01:14 12,400 --a------ c:\windows\system32\drivers\AsIO.sys
2008-12-26 16:53 . 2008-01-04 13:34 11,832 --a------ c:\windows\system32\drivers\AsInsHelp64.sys
2008-12-26 16:53 . 2008-01-04 13:34 10,216 --a------ c:\windows\system32\drivers\AsInsHelp32.sys
2008-12-26 16:52 . 2009-01-12 14:55 <DIR> d-------- c:\program files\SpeedFan
2008-12-26 16:52 . 2008-12-26 16:52 45 --a------ c:\windows\system32\initdebug.nfo
2008-12-26 13:11 . 2008-12-26 13:11 <DIR> d-------- c:\program files\Zoner
2008-12-26 13:11 . 2008-12-26 13:16 <DIR> d-------- c:\documents and settings\computer 2\Application Data\Zoner
2008-12-25 15:59 . 2008-12-25 15:59 <DIR> d-------- c:\program files\Nokia
2008-12-23 18:40 . 2008-12-23 18:42 <DIR> d-------- c:\program files\AudioCommander
2008-12-23 18:39 . 2008-12-23 18:39 <DIR> d-------- c:\documents and settings\computer 2\Application Data\Seven Zip
2008-12-18 12:10 . 2009-01-17 19:38 <DIR> d-------- c:\program files\HD Tune

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 09:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-18 09:21 --------- d-----w c:\program files\PC Tools Internet Security
2009-01-08 13:35 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-03 15:34 --------- d-----w c:\program files\fraps
2009-01-01 12:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-23 17:24 --------- d-----w c:\documents and settings\computer 2\Application Data\dvdcss
2008-12-19 17:39 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-17 15:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-13 13:04 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-12-13 13:04 22,328 ----a-w c:\documents and settings\computer 2\Application Data\PnkBstrK.sys
2008-12-12 20:18 --------- d-----w c:\program files\totalcmd
2008-12-10 15:01 --------- d-----w c:\program files\WinAVI Video Converter 9.0
2008-12-10 14:55 --------- d-----w c:\program files\SlySoft
2008-12-10 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2008-12-09 16:20 --------- d-----w c:\documents and settings\computer 2\Application Data\Nero
2008-12-08 15:57 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-08 15:56 --------- d-----w c:\documents and settings\computer 2\Application Data\PC Tools
2008-12-08 15:53 --------- d-----w c:\program files\VideoLAN
2008-12-08 15:53 --------- d-----w c:\documents and settings\computer 2\Application Data\vlc
2008-12-08 15:49 737,280 ----a-w c:\windows\iun6002.exe
2008-12-08 15:49 --------- d-----w c:\program files\Codec Pack - All In 1
2008-12-08 15:46 --------- d-----w c:\documents and settings\computer 2\Application Data\GRETECH
2008-12-08 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-12-08 15:45 --------- d-----w c:\program files\GRETECH
2008-12-08 15:41 --------- d-----w c:\program files\GNU
2008-12-08 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-12-08 15:33 --------- d-----w c:\program files\EXPERTool
2008-12-08 14:59 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 16:49 --------- d-----w c:\program files\ASUS WiFi-AP Solo
2008-12-05 12:59 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-04 18:07 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-04 18:03 --------- d-----w c:\documents and settings\computer 2\Application Data\Leadertech
2008-12-04 17:48 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-12-04 17:44 --------- d-----w c:\documents and settings\computer 2\Application Data\ICQ
2008-12-04 17:43 --------- d-----w c:\program files\ICQ6Toolbar
2008-12-04 17:43 --------- d-----w c:\program files\ICQ6
2008-12-04 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\ICQ
2008-12-04 17:37 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-04 17:37 --------- d-----w c:\documents and settings\computer 2\Application Data\DAEMON Tools
2008-12-04 17:20 --------- d-----w c:\documents and settings\computer 2\Application Data\My Battle for Middle-earth(tm) II Files
2008-12-04 16:44 --------- d-----w c:\program files\Intel
2008-12-04 16:42 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-12-04 16:42 --------- d-----w c:\program files\Common Files\Nero
2008-12-04 16:41 --------- d-----w c:\program files\Nero
2008-12-04 16:41 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-04 16:31 --------- d-----w c:\program files\Analog Devices
2008-12-04 16:19 --------- d-----w c:\program files\MSXML 6.0
2008-12-04 16:17 --------- d-----w c:\program files\MSXML 4.0
2008-12-04 16:05 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-12-04 16:00 --------- d-----w c:\documents and settings\computer 2\Application Data\TuneUp Software
2008-12-04 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-04 15:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 15:54 --------- d-----w c:\documents and settings\computer 2\Application Data\PCToolsSpamMonitorPlus
2008-12-04 15:54 --------- d-----w c:\documents and settings\computer 2\Application Data\PCToolsFirewallPlus
2008-12-04 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-04 15:38 --------- d-----w c:\program files\Marvell
2008-12-04 15:35 --------- d-----w c:\program files\Realtek
2008-12-04 15:35 --------- d-----w c:\documents and settings\computer 2\Application Data\InstallShield
2008-12-04 14:53 --------- d-----w c:\program files\microsoft frontpage
2008-12-04 14:50 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-05-23 2170880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-02-01 1103272]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\hry\\CS\\cstrike.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\hry\\nhl 09\\nhl2009.exe"=
"d:\\hry\\crisis\\Bin32\\Crysis.exe"=
"d:\\hry\\crisis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\hry\\cod 5\\CoDWaWmp.exe"=
"d:\\hry\\cod 5\\CoDWaW.exe"=
"d:\\hry\\gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\hry\\gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-08 159144]
R1 pctmp;PC Tools Firewall Memory Protection Driver;c:\windows\system32\drivers\pctmp.sys [2008-12-08 40872]
R1 pctssipc;PC Tools Security Suite IPC Driver;c:\windows\system32\drivers\pctssipc.sys [2008-12-08 18344]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-04 222456]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [2008-12-08 747944]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\COMPUT~1\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\COMPUT~1\LOCALS~1\Temp\GPU-Z.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-12-04 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-12-04 13532]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\computer 2\Application Data\Mozilla\Firefox\Profiles\3e3u7f0m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 10:29:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1056)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Celkový čas: 2009-01-18 10:30:37
ComboFix-quarantined-files.txt 2009-01-18 09:30:35

Před spuštěním: 2 905 112 576 bytes free
Po spuštění: 3,659,976,704

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

280 --- E O F --- 2008-12-29 11:58:43

jansv · Příspěvek od **jansv** » ned 18. led 2009, 12:03

Nyní sem ještě vlož log z MBAMu, a poté domažeme zbývající šmejdy.

Nyní stahněte a spusťte
Stáhněte Malwarebytes' Anti-Malware - http://viry.cz/forum/viewtopic.php?f=29&t=67229
Dejte úplný sken C systém
Log sem, nic nemazat až po posouzení logu

bystryi · Příspěvek od **bystryi** » ned 18. led 2009, 13:33

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

18.1.2009 13:33:13
mbam-log-2009-01-18 (13-33-10).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 100507
Uplynulý cas: 31 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\kkamla.1 (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> No action taken.
C:\Documents and Settings\computer 2\Favorites\Cheap Software.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\computer 2\Start Menu\Cheap Software.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\computer 2\Favorites\MP3 Download.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\computer 2\Start Menu\MP3 Download.url (Rogue.Link) -> No action taken.

jansv · Příspěvek od **jansv** » ned 18. led 2009, 13:50

Vše, co našel MBAM, smaž (provést nový sken a potvrdit odstranění všech infikovaných souborů - dle návodu).

bystryi · Příspěvek od **bystryi** » ned 18. led 2009, 13:59

ok odstraněno tady je log po odstranění:

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

18.1.2009 13:58:10
mbam-log-2009-01-18 (13-58-10).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 100507
Uplynulý cas: 31 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\kkamla.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\computer 2\Favorites\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\computer 2\Start Menu\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\computer 2\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\computer 2\Start Menu\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.

bystryi · Příspěvek od **bystryi** » ned 18. led 2009, 14:00

jeste bych prosil o kontrolu logu na ntb,ale tam mi nejde nějak vypnout základní antivir ve windows

bystryi · Příspěvek od **bystryi** » ned 18. led 2009, 14:10

uz jsem ho vypnul,tady je log z combofix:

ComboFix 09-01-17.03 - Uzivatel 2009-01-18 14:04:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1022.677 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-12-18 do 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d-------- c:\program files\Alwil Software
2009-01-18 13:30 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-18 13:30 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-01-18 13:30 . 2003-02-21 04:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2009-01-17 19:23 . 2009-01-17 21:18 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\2DBoy
2009-01-17 12:10 . 2009-01-17 12:10 <DIR> d--h----- c:\windows\PIF
2009-01-17 12:09 . 2009-01-17 12:41 <DIR> d-------- c:\program files\DOSBox-0.72
2009-01-17 11:27 . 2009-01-17 11:27 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-16 18:59 . 2009-01-16 18:59 <DIR> d-------- c:\program files\MSBuild
2009-01-16 18:39 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-15 21:50 . 2009-01-16 19:02 <DIR> d-------- c:\program files\Microsoft Works
2009-01-15 21:47 . 2009-01-15 21:47 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-15 21:43 . 2009-01-15 21:43 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-15 21:42 . 2009-01-16 18:57 <DIR> d-------- c:\windows\SHELLNEW
2009-01-15 21:41 . 2009-01-16 19:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-15 21:40 . 2009-01-15 21:40 <DIR> dr-h----- C:\MSOCache
2009-01-15 21:17 . 2009-01-15 21:17 174,198 ---h----- C:\treeinfo.wc
2009-01-15 21:16 . 2009-01-15 21:35 742 --a------ c:\windows\wincmd.ini
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-15 21:16 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-15 21:15 . 2009-01-15 21:16 <DIR> d-------- c:\program files\totalcmd
2009-01-15 20:20 . 2009-01-15 20:20 <DIR> d-------- c:\windows\Sun
2009-01-15 18:23 . 2009-01-15 18:23 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\vlc
2009-01-15 18:17 . 2009-01-15 18:17 <DIR> d-------- c:\program files\VideoLAN
2009-01-13 20:45 . 2009-01-13 20:45 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-13 20:45 . 2009-01-13 20:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-13 17:55 . 2009-01-13 17:55 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-13 17:15 . 2009-01-13 17:15 <DIR> d-------- c:\windows\Logs
2009-01-13 15:56 . 2009-01-18 12:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-13 15:50 . 2008-12-25 12:08 801,312 --a------ c:\windows\system32\nvcplui.exe
2009-01-13 15:50 . 2008-12-25 12:08 420,384 --a------ c:\windows\system32\nvcpl.cpl
2009-01-13 15:50 . 2008-12-25 12:08 73,728 --a------ c:\windows\system32\nvtuicpl.cpl
2009-01-13 15:49 . 2008-12-25 12:08 4,710,400 --a------ c:\windows\system32\nvdisps.dll
2009-01-13 15:49 . 2008-12-25 12:08 3,796,992 --a------ c:\windows\system32\nvvitvs.dll
2009-01-13 15:49 . 2008-12-25 12:08 3,489,792 --a------ c:\windows\system32\nvgames.dll
2009-01-13 15:49 . 2008-12-25 12:08 2,744,320 --a------ c:\windows\system32\nvwss.dll
2009-01-13 15:49 . 2008-12-25 12:08 1,560,576 --a------ c:\windows\system32\nvcuda.dll
2009-01-13 15:49 . 2008-12-25 12:08 1,286,144 --a------ c:\windows\system32\nvmobls.dll
2009-01-13 15:49 . 2008-12-26 01:08 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-13 15:49 . 2008-12-25 12:08 229,376 --a------ c:\windows\system32\nvmccs.dll
2009-01-13 15:49 . 2008-12-25 12:08 188,416 --a------ c:\windows\system32\nvmccss.dll
2009-01-12 19:57 . 2009-01-12 19:57 <DIR> d-------- c:\program files\uTorrent
2009-01-12 19:57 . 2009-01-12 20:09 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\uTorrent
2009-01-12 19:51 . 2009-01-12 20:01 <DIR> d-------- c:\program files\BitComet
2009-01-12 19:36 . 2009-01-12 20:00 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Azureus
2009-01-12 19:36 . 2009-01-12 19:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Azureus
2009-01-12 15:25 . 2009-01-12 15:25 <DIR> d-------- C:\Logs
2009-01-11 20:08 . 2009-01-11 20:08 <DIR> d-------- c:\program files\Notebook Hardware Control
2009-01-11 20:08 . 2009-01-18 13:42 22,528 --a------ c:\windows\system32\drivers\nhcDriver.sys
2009-01-11 19:37 . 2009-01-15 18:38 69 --a------ c:\windows\NeroDigital.ini
2009-01-11 18:54 . 2009-01-11 18:54 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-11 18:53 . 2009-01-11 18:53 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\DAEMON Tools Pro
2009-01-11 18:53 . 2009-01-11 18:53 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\DAEMON Tools
2009-01-11 18:52 . 2009-01-11 18:52 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-11 18:52 . 2009-01-11 18:52 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-01-11 18:51 . 2009-01-11 20:21 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-11 18:49 . 2009-01-11 18:53 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\DAEMON Tools Lite
2009-01-11 18:49 . 2009-01-11 18:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-11 11:37 . 2009-01-15 19:03 <DIR> d-------- c:\program files\fraps
2009-01-11 11:29 . 2009-01-11 11:29 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-11 11:27 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-11 11:27 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-11 11:27 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-11 11:27 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-11 11:27 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-11 11:27 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-11 11:27 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-11 11:26 . 2009-01-11 11:26 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-11 11:26 . 2009-01-11 11:27 <DIR> d-------- c:\program files\Ahead
2009-01-10 11:13 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-10 11:13 . 2009-01-10 11:13 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-10 11:13 . 2009-01-10 11:13 22,328 --a------ c:\documents and settings\Uzivatel\Data aplikací\PnkBstrK.sys
2009-01-10 11:12 . 2009-01-10 11:12 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-10 11:12 . 2009-01-10 11:12 103,736 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-10 11:12 . 2009-01-10 11:12 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-10 11:12 . 2009-01-10 11:12 271 --a------ c:\windows\game.ini
2009-01-09 21:48 . 2006-05-16 18:04 2,879,488 --a------ c:\windows\SkyTel.exe
2009-01-09 21:47 . 2005-05-03 18:43 69,632 --a------ c:\windows\Alcmtr.exe
2009-01-09 21:45 . 2009-01-09 21:45 <DIR> d-------- c:\program files\HybridTV
2009-01-09 21:44 . 2009-01-09 21:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-09 21:15 . 2009-01-09 21:15 <DIR> d-------- c:\program files\Lavalys
2009-01-09 20:49 . 2009-01-09 20:49 <DIR> d-------- c:\program files\AC3Filter
2009-01-09 20:49 . 2007-08-18 08:54 380,928 --a------ c:\windows\system32\ac3filter.acm
2009-01-09 20:48 . 2009-01-09 20:48 <DIR> d-------- c:\program files\GNU
2009-01-09 20:48 . 2009-01-09 20:48 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\GRETECH
2009-01-09 20:46 . 2009-01-09 20:46 <DIR> d-------- c:\program files\GRETECH
2009-01-09 20:07 . 2009-01-09 20:07 <DIR> d-------- c:\windows\system32\cs-cz
2009-01-09 20:07 . 2009-01-09 20:07 <DIR> d-------- c:\windows\system32\cs
2009-01-09 20:07 . 2009-01-09 20:07 <DIR> d-------- c:\windows\system32\bits
2009-01-09 20:07 . 2009-01-09 20:07 <DIR> d-------- c:\windows\l2schemas
2009-01-09 20:04 . 2009-01-09 20:07 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-09 20:03 . 2009-01-10 10:54 <DIR> d-------- c:\program files\SpeedFan
2009-01-09 20:03 . 2009-01-09 20:03 45 --a------ c:\windows\system32\initdebug.nfo
2009-01-09 19:56 . 2009-01-09 19:56 <DIR> d-------- c:\windows\EHome
2009-01-09 19:32 . 2009-01-09 19:32 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\PCToolsSpamMonitorPlus
2009-01-09 19:32 . 2009-01-09 19:32 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\PCToolsFirewallPlus
2009-01-09 19:31 . 2009-01-18 12:23 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-09 19:30 . 2009-01-18 12:25 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-01-09 19:30 . 2009-01-18 12:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Tools
2009-01-09 19:03 . 2009-01-09 19:03 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-01-09 19:03 . 2009-01-11 18:24 <DIR> d-------- c:\program files\ICQ6.5
2009-01-09 19:03 . 2009-01-10 12:51 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\ICQ
2009-01-09 19:03 . 2009-01-09 19:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-01-09 18:54 . 2009-01-09 18:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-01-09 18:46 . 2009-01-09 18:46 0 --a------ c:\windows\nsreg.dat
2009-01-09 18:45 . 2009-01-17 21:18 <DIR> d-------- C:\hry
2009-01-03 11:59 . 2009-01-03 11:59 81,920 --a------ c:\windows\system32\frapsvid.dll
2008-12-25 04:51 . 2004-08-03 22:41 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys
2008-12-25 04:48 . 2004-08-17 15:43 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-25 04:07 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-25 04:07 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-25 04:07 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-25 04:07 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-25 04:03 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-25 03:59 . 2008-12-12 18:03 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-25 03:59 . 2008-10-16 02:03 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-25 03:59 . 2008-10-16 02:03 667,136 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-25 03:59 . 2008-10-16 02:03 619,008 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-25 03:59 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-25 03:57 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 15:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 19:45 --------- d-----w c:\program files\Java
2009-01-09 20:47 --------- d-----w c:\program files\Realtek
2009-01-09 20:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-25 11:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-11 11:07 --------- d-----w c:\program files\Synaptics
2008-12-11 11:05 --------- d-----w c:\program files\Intel
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 16:44 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF
2008-12-10 16:44 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF
2008-12-10 16:44 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF
2008-12-10 16:44 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF
2008-12-10 16:44 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1
2008-12-10 16:44 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF
2008-12-10 16:44 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF
2008-12-10 16:44 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF
2008-12-10 16:00 --------- d-----w c:\program files\microsoft frontpage
2008-12-10 15:58 --------- d-----w c:\program files\Common Files\Java
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-03 7405568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-03 86016]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-05-03 c:\windows\system32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\hry\\cod4\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\hry\\cs\\hl.exe"=
"c:\\Documents and Settings\\Uzivatel\\Dokumenty\\Program\\OpenLieroX_0.57_beta8.win32\\OpenLieroX\\OpenLieroX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26516:TCP"= 26516:TCP:BitComet 26516 TCP
"26516:UDP"= 26516:UDP:BitComet 26516 UDP

R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-01-09 222456]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\qzh0lu2e.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 14:06:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-01-18 14:07:59
ComboFix-quarantined-files.txt 2009-01-18 13:07:57

Před spuštěním: Volných bajtů: 75 776 331 776
Po spuštění: Volných bajtů: 75,853,258,752

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

233 --- E O F --- 2009-01-15 14:04:19

a tady hjt:

Logfile of HijackThis v1.99.1
Scan saved at 14:10:34, on 18.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

bystryi · Příspěvek od **bystryi** » úte 20. led 2009, 20:41

?pls o zkontrolovani

jansv · Příspěvek od **jansv** » čtv 22. led 2009, 14:12

Druhý PC vypadá v pořádku.

chyby při otevření některých souborů

chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů

Re: chyby při otevření některých souborů