Dobrý den,

prosím o radu s logem z GMER.exe a pomoc s odstraněním Rootkitu TDSSmvpt.sys:
Z níže uvedeného scanu byly červeně:
---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSmvpt.sys (*** hidden *** ) F32D1000-F32E3000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:352 F32D3D66

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSmvpt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

Přikládám celý výsledek GMER.exe scanu, níže je i log HJT.
Dík moc předem!:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-08 13:57:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2CA6618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2CA64D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2CA69B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2CA60AC]
SSDT sptd.sys ZwEnumerateKey [0xF849584C]
SSDT sptd.sys ZwEnumerateValueKey [0xF8495BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2CA65AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2CA5FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2CA6050]
SSDT sptd.sys ZwQueryKey [0xF8495CC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2CA66CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2CA668E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2CA680E]

Code E1D144B0 ZwFlushInstructionCache
Code F32D2EAB pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B527E 5 Bytes JMP E1D144B4
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F66F262C 5 Bytes JMP 8239A8F0
? System32\Drivers\axumwogl.SYS Systém nemůže nalézt uvedenou cestu. !
? System32\Drivers\ao9g7h20.SYS Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1124] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 4 Bytes [ C2, 04, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[1524] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[1524] WS2_32.dll!send 71A9428A 5 Bytes JMP 00D7000A
.text C:\WINDOWS\Explorer.EXE[1524] WS2_32.dll!closesocket 71A99639 5 Bytes JMP 00D6000A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8490ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8490C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8490B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F849172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8491604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84A3B9A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 825661D8
Device \FileSystem\Fastfat \FatCdrom 81C81980
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 82398980
Device \Driver\usbohci \Device\USBPDO-1 82398980
Device \Driver\usbehci \Device\USBPDO-2 8235D1D8
Device \Driver\00000064 \Device\00000047 sptd.sys
Device \Driver\00000064 \Device\00000048 sptd.sys
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 825D81D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 825D81D8
Device \Driver\Cdrom \Device\CdRom0 82378980
Device \Driver\Cdrom \Device\CdRom1 82378980
Device \Driver\atapi \Device\Ide\IdePort0 825671D8
Device \Driver\atapi \Device\Ide\IdePort1 825671D8
Device \Driver\atapi \Device\Ide\IdePort2 825671D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 825671D8
Device \Driver\atapi \Device\Ide\IdePort3 825671D8
Device \Driver\atapi \Device\Ide\IdePort4 825671D8
Device \Driver\atapi \Device\Ide\IdePort5 825671D8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-14 825671D8
Device \Driver\Cdrom \Device\CdRom2 82378980
Device \Driver\NetBT \Device\NetBt_Wins_Export 820D0980
Device \Driver\NetBT \Device\NetbiosSmb 820D0980
Device \Driver\NetBT \Device\NetBT_Tcpip_{CC6887A6-1EF0-4668-9EAD-FF427347F0FC} 820D0980
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A13B2B3-4675-4F6C-9A97-34321649012D} 820D0980
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\USBSTOR \Device\0000006b 81D63980
Device \Driver\usbohci \Device\USBFDO-0 82398980
Device \Driver\USBSTOR \Device\0000006c 81D63980
Device \Driver\USBSTOR \Device\0000006d 81D63980
Device \Driver\usbohci \Device\USBFDO-1 82398980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81DB81D8
Device \Driver\USBSTOR \Device\0000006e 81D63980
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbehci \Device\USBFDO-2 8235D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81DB81D8
Device \Driver\USBSTOR \Device\0000006f 81D63980
Device \Driver\Ftdisk \Device\FtControl 825D81D8
Device \Driver\axumwogl \Device\Scsi\axumwogl1 823441D8
Device \Driver\axumwogl \Device\Scsi\axumwogl1Port7Path0Target0Lun0 823441D8
Device \Driver\ao9g7h20 \Device\Scsi\ao9g7h201 822751D8
Device \Driver\ao9g7h20 \Device\Scsi\ao9g7h201Port6Path0Target0Lun0 822751D8
Device \FileSystem\Fastfat \Fat 81C81980

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 821885E0

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSmvpt.sys (*** hidden *** ) F32D1000-F32E3000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:352 F32D3D66

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSmvpt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1238726122
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 530177023
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xB9 0xA5 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x82 0x8D 0xBA 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3D 0x1A 0x1D 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0x7A 0xAA 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0x19 0x0D 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0xE5 0x98 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmvpt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmvpt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSotcv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwpyl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSbrqo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSjnst.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSublj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSckhc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSwhkc.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSbjnx.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xB9 0xA5 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x82 0x8D 0xBA 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3D 0x1A 0x1D 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0x7A 0xAA 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0x19 0x0D 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0xE5 0x98 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmvpt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmvpt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSotcv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwpyl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSbrqo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSjnst.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSublj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSckhc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSwhkc.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSbjnx.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 62
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v300
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1

---- EOF - GMER 1.0.14 ----

scan HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:24, on 8.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\mexe.com
C:\Documents and Settings\Administrator\Dokumenty\Kopie - g.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Dokumenty\HijackThis.exe

Zdravim. Vitaj na fore


1) Skus stiahnut a spustit toto: http://naughty.7u.cz/viry/abraka.com.

Je to premenovany Combofix, navod k nemu je tu:

Stiahni Combofix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez administratora a postupuj podla instrukcii. Cely sken bude trvat do 10 minut. Pocas neho moze byt PC restartovane. Log, ktory Combofix vytvori, najdes na adrese C:\Combofix.txt
Ten vloz sem.

Pozor: Kym Combofix nevytvori log, na nic neklikat, nic nestlacat !!


2) Nabuduce komplet cely log z HJT, ty si vlozil len procesy

_________________
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).

Dík, ale ten link asi není správně - v adresáři http://naughty.7u.cz/viry/
tam nic pro mne nevidím...

Mám stáhnout někde Combofix a přejmenovat ho a spustit?

http://www.riffman.ic.cz/riffman.exe

Takisto premenovany CF. Postup podla navodu vyssie.

_________________
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).

Combofix scan proveden - přikládám.
Všechny procesy jsem ukončil jak standardně, tak ukončením procesů, AVG pak už nikde ani v procesech nebylo, ale Combofix ho viděl - tak to snad nevadilo.



ComboFix 09-01-20.05 - ADMIN 2009-02-08 16:18:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.510.214 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\riffman.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 13:07 . 2009-02-08 13:07 0 --a------ C:\23990098.$$$
2009-02-08 11:12 . 2009-02-08 11:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-02-08 11:12 . 2009-02-08 11:12 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-02-08 11:12 . 2009-02-08 11:12 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-02-08 11:12 . 2006-03-02 13:00 147,968 --a------ c:\windows\R.COM
2009-02-08 11:12 . 2006-03-02 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-02-08 11:12 . 2009-02-08 11:12 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-02-08 11:12 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-08 11:12 . 2009-02-08 13:35 28 --a------ c:\windows\Lic.xxx
2009-02-08 10:47 . 2009-02-08 10:47 <DIR> d-------- c:\program files\Resource Kit
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-02-07 23:01 . 2006-12-19 15:44 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-02-07 23:01 . 2009-02-08 15:51 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-02-07 23:01 . 2009-02-07 23:02 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-02-07 23:01 . 2009-02-07 23:01 <DIR> d-------- c:\documents and settings\Administrator
2009-01-30 13:38 . 2009-01-30 13:40 <DIR> d-------- c:\program files\WinClamAVShield
2009-01-30 13:32 . 2009-01-30 13:33 <DIR> d-------- c:\program files\Crawler
2009-01-30 13:31 . 2009-01-30 22:04 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-30 13:31 . 2009-01-30 22:00 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-01-30 13:31 . 2009-02-08 07:36 <DIR> d-------- c:\documents and settings\ADMIN\Data aplikací\Spyware Terminator
2009-01-30 13:31 . 2009-01-30 13:31 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-30 13:29 . 2009-01-30 13:29 0 --a------ c:\windows\nsreg.dat
2009-01-30 11:51 . 2009-01-30 11:51 <DIR> d-------- c:\program files\ESET
2009-01-30 11:51 . 2009-01-30 11:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-23 15:33 . 2009-01-23 16:48 <DIR> d-------- c:\program files\War2Combat
2009-01-15 18:12 . 2009-01-15 18:12 <DIR> d-------- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 12:31 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\Skype
2009-02-08 12:18 --------- d-----w c:\program files\World of Warcraft
2009-02-08 09:43 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\AVG7
2009-01-31 17:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 17:36 --------- d-----w c:\program files\Team17
2009-01-30 16:24 --------- d-----w c:\program files\Google
2009-01-30 10:28 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\Hamachi
2009-01-24 12:43 --------- d-----w c:\program files\GameSpy Arcade
2009-01-20 21:34 --------- d-----w c:\program files\Warcraft III
2009-01-09 22:04 --------- d-----w c:\program files\Valve
2009-01-01 21:43 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\My Battle for Middle-earth(tm) II Files
2008-12-31 15:09 --------- d-----w c:\program files\Electronic Arts
2008-12-24 19:03 --------- d-----w c:\program files\Cenega Czech
2008-12-23 16:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Blizzard
2008-12-19 19:57 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-16 19:47 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\U3
2008-12-05 15:22 31 ----a-w c:\documents and settings\ADMIN\jagex_runescape_preferences.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2008-10-08 1410296]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-30 2267136]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Starcraft Shareware(ED)\\Starcraft.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\condition zero\\hl.exe"=
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\LieroX v0.56 Pack 1.9\\LieroX.exe"=
"c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\bulanci.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-30 222456]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PROCEXP111
*Deregistered* - PROCEXP111
*Deregistered* - TDSSserv.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fee9928-cbaa-11dd-b5c7-001676b2cfa9}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: {CC6887A6-1EF0-4668-9EAD-FF427347F0FC} = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:19:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmvpt.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\TDSSmvpt.sys"
"group"="file system"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2009-02-08 16:20:31
ComboFix-quarantined-files.txt 2009-02-08 15:20:29

Před spuštěním: Volných bajtů: 85 209 305 088
Po spuštění: Volných bajtů: 88,879,448,064

221

Jo, a ještě přikládám celý (čerstvý) scan HJT, nejen procesy (omylem jsem vzal jen část):
Taky si uvědomuju, že jsem nepopsal příznaky nákazy - co ta mrška dělá. Zejména začala blokovat aktualizace antivirů a antispyware a spouštění některých programů (např Gmer jsem musel taky přejmenovat).
Gmer ji tam stále vidí (jestli je to ona).

Dík moc.

Z.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:57, on 8.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Administrator\Dokumenty\gmer.exe
C:\Documents and Settings\Administrator\Dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8464 bytes

zaskok,
stiahni T-Cleaner a precisti _PC
http://sweb.cz/Marinus/T-Cleaner.exe
klik A-[enter].....
stiahnes AVANGER z mojho podpisu a podla navodu vlozis zeleny text

potom stiahnes aktualny combofix
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
log vloz sem.

_________________
Dôležité informácie.

Počas liečby dodržujte inštrukcie a nerobte nič naviac a ani menej,,nespúšťajte žiaden iný program z vlastnej iniciatívy,,
Opravy a poradenstva v tomto vlákne sú len pre tento stroj. Neprenášajte pokyny z tohto vlákna na váš počítač,môžete poškodiť systém



Thanks! Vďaka!

Log combofix následuje.

Zdá se čistý, ani Gmer zatím nic nenašel.

Díky za fakt skvělou pomoc! Hned zítra jdu do Sazky dotovat forum :-)

Z.



ComboFix 09-02-07.01 - ADMIN 2009-02-08 20:40:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.510.217 [GMT 1:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Outdated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Nabídka Start\Programy\Videos.url

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 16:11 . 2009-02-08 16:20 <DIR> d-------- C:\riffman
2009-02-08 11:12 . 2009-02-08 11:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-02-08 11:12 . 2009-02-08 11:12 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-02-08 11:12 . 2009-02-08 11:12 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-02-08 11:12 . 2009-02-08 11:12 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-02-08 11:12 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-08 10:47 . 2009-02-08 10:47 <DIR> d-------- c:\program files\Resource Kit
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-02-07 23:01 . 2006-12-19 15:44 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-02-07 23:01 . 2006-12-19 10:12 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-02-07 23:01 . 2009-02-08 20:19 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-02-07 23:01 . 2009-02-07 23:02 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-02-07 23:01 . 2009-02-07 23:01 <DIR> d-------- c:\documents and settings\Administrator
2009-01-30 13:38 . 2009-01-30 13:40 <DIR> d-------- c:\program files\WinClamAVShield
2009-01-30 13:32 . 2009-01-30 13:33 <DIR> d-------- c:\program files\Crawler
2009-01-30 13:31 . 2009-01-30 22:04 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-30 13:31 . 2009-02-08 16:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-01-30 13:31 . 2009-02-08 20:03 <DIR> d-------- c:\documents and settings\ADMIN\Data aplikací\Spyware Terminator
2009-01-30 13:31 . 2009-01-30 13:31 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-30 13:29 . 2009-01-30 13:29 0 --a------ c:\windows\nsreg.dat
2009-01-30 11:51 . 2009-01-30 11:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-23 15:33 . 2009-01-23 16:48 <DIR> d-------- c:\program files\War2Combat
2009-01-15 18:12 . 2009-01-15 18:12 <DIR> d-------- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 19:23 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\Skype
2009-02-08 12:18 --------- d-----w c:\program files\World of Warcraft
2009-02-08 09:43 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\AVG7
2009-01-31 17:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 17:36 --------- d-----w c:\program files\Team17
2009-01-30 16:24 --------- d-----w c:\program files\Google
2009-01-30 10:28 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\Hamachi
2009-01-24 12:43 --------- d-----w c:\program files\GameSpy Arcade
2009-01-20 21:34 --------- d-----w c:\program files\Warcraft III
2009-01-09 22:04 --------- d-----w c:\program files\Valve
2009-01-01 21:43 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\My Battle for Middle-earth(tm) II Files
2008-12-31 15:09 --------- d-----w c:\program files\Electronic Arts
2008-12-24 19:03 --------- d-----w c:\program files\Cenega Czech
2008-12-23 16:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Blizzard
2008-12-19 19:57 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-16 19:47 --------- d-----w c:\documents and settings\ADMIN\Data aplikací\U3
2008-12-05 15:22 31 ----a-w c:\documents and settings\ADMIN\jagex_runescape_preferences.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2008-10-08 1410296]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-30 2267136]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Starcraft Shareware(ED)\\Starcraft.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\condition zero\\hl.exe"=
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\LieroX v0.56 Pack 1.9\\LieroX.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\bulanci.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II The Conquerors Expansion Trial\\age2_x1t.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-30 142592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-30 222456]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PROCEXP111

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fee9928-cbaa-11dd-b5c7-001676b2cfa9}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: {CC6887A6-1EF0-4668-9EAD-FF427347F0FC} = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 20:47:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2009-02-08 20:50:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-08 19:50:18

Před spuštěním: Volných bajtů: 90 294 108 160
Po spuštění: Volných bajtů: 90,226,974,720

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

216

odinstaluj combofix

Pouzijes T-Cleaner a CCleaner
http://sweb.cz/Marinus/T-Cleaner.exe


dikes za podporu a nemas zaco aj za kolegu.

_________________
Dôležité informácie.

Počas liečby dodržujte inštrukcie a nerobte nič naviac a ani menej,,nespúšťajte žiaden iný program z vlastnej iniciatívy,,
Opravy a poradenstva v tomto vlákne sú len pre tento stroj. Neprenášajte pokyny z tohto vlákna na váš počítač,môžete poškodiť systém



Thanks! Vďaka!

Provedu!

Ještě jednou dík.

Z.

NZ,,

_________________
Dôležité informácie.

Počas liečby dodržujte inštrukcie a nerobte nič naviac a ani menej,,nespúšťajte žiaden iný program z vlastnej iniciatívy,,
Opravy a poradenstva v tomto vlákne sú len pre tento stroj. Neprenášajte pokyny z tohto vlákna na váš počítač,môžete poškodiť systém



Thanks! Vďaka!