Fake antivir "Personal Shield Pro"

[mb.hk]

Zdravím všechny,
našel by se tu někdo, kdo by mi pomohl se co nejrychleji zbavit falešného antiviru Personal Shield Pro, který se uhnízdil v mém NTB? Od včerejška se ho snažím zbavit, hledal jsem na netu a zkoušel různé programy na odstranění, ty sice pokaždé něco našli a odstranili, ale problém nevyřešily.
Tento "antivir" se po naběhnutí PC spustí a blokuje ostatní aplikace (zavře a nejde znovu spustit antivir a cokoliv dalšího, jedině v nouzovém režimu), snad kromě internetového prohléžeče, který ale brzdí, pořád vyskakují hlášky, že PC je naúadeno apod.
Prosím o pomoc někoho, kdo už s tím má zkušenosti a ví jak na to, já už fakt nevím co s tím mám dělat...

[Rudy]

Také zdravím!
V nouz. režimu dejte nejprve log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[mb.hk]

Přidávám RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-26 09:25:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (40%) free of 45 GB
Total RAM: 502 MB (72% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496]
{855F3B16-6D32-4fe6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-08-09 151552]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-08-10 352256]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-05-22 3080704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-07-20 593920]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"CloneCDTray"=C:\Program Files\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-06-26 921600]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2011-07-19 462848]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"D:\Condition Zero\czero.exe"="D:\Condition Zero\czero.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\QIP Infium\INFIUM.EXE"="C:\Program Files\QIP Infium\INFIUM.EXE:*:Enabled:QIP Infium"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0_07\BIN\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3codecp"=

======List of files/folders created in the last 1 month======

2011-07-26 09:25:25 ----D---- C:\Program Files\trend micro
2011-07-26 09:25:24 ----D---- C:\rsit
2011-07-26 08:32:34 ----D---- C:\Kaspersky Rescue Disk 10.0
2011-07-25 23:00:54 ----ASH---- C:\pagefile.sys
2011-07-25 22:15:28 ----SHD---- C:\Recycled
2011-07-25 22:09:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2011-07-25 22:08:24 ----D---- C:\WINDOWS\temp
2011-07-25 22:08:22 ----A---- C:\ComboFix.txt
2011-07-25 21:13:59 ----A---- C:\Boot.bak
2011-07-25 21:13:57 ----RASHD---- C:\cmdcons
2011-07-25 21:11:55 ----A---- C:\WINDOWS\zip.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\SWSC.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\SWREG.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\sed.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\PEV.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\MBR.exe
2011-07-25 21:11:55 ----A---- C:\WINDOWS\grep.exe
2011-07-25 21:11:50 ----D---- C:\WINDOWS\ERDNT
2011-07-25 21:09:41 ----AD---- C:\Qoobox
2011-07-25 20:04:35 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-25 18:54:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 18:11:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2011-07-25 17:26:37 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2011-07-25 17:26:36 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-07-25 17:26:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2011-07-25 17:26:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Acer
2011-07-25 13:42:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\mD02300CkNbF02300
2011-07-24 12:57:12 ----A---- C:\WINDOWS\system32\drivers\zgscwqlu.sys
2011-07-14 16:59:32 ----HD---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 16:52:24 ----HD---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 19:32:31 ----D---- C:\Config.Msi
2011-06-30 19:22:41 ----HD---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-26 01:24:20 ----RD---- C:\Download
2011-07-25 22:52:24 ----A---- C:\WINDOWS\system32\eRLog.ini
2011-07-25 22:52:14 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2011-07-25 22:06:36 ----A---- C:\WINDOWS\system.ini
2011-07-25 21:14:00 ----RASH---- C:\boot.ini
2011-07-14 16:53:16 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-06 10:32:18 ----A---- C:\WINDOWS\avisplitter.ini
2011-06-30 19:34:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-09-28 43528]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2006-12-14 11984]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-28 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S0 snbtgj;snbtgj; C:\WINDOWS\system32\drivers\snbtgj.sys []
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
S1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
S2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
S2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
S2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
S2 zgscwqlu;zgscwqlu; C:\WINDOWS\system32\drivers\zgscwqlu.sys [2011-07-24 100352]
S3 0499c25276c15976;0499c25276c15976; \??\C:\WINDOWS\TEMP\10560bc4b0c5c []
S3 0637ebeca377c932;0637ebeca377c932; \??\C:\WINDOWS\TEMP\1052099ccf70c []
S3 0bafa66e91ece68f;0bafa66e91ece68f; \??\C:\WINDOWS\TEMP\105201663e8a4 []
S3 24b1e08353f28cc2;24b1e08353f28cc2; \??\C:\WINDOWS\TEMP\10520e3a0b9c0 []
S3 26d24817e9b3875b;26d24817e9b3875b; \??\C:\WINDOWS\TEMP\10520a068d31c []
S3 2cbe92f3705e1ce4;2cbe92f3705e1ce4; \??\C:\WINDOWS\TEMP\1052043814a74 []
S3 300987ea9be03b25;300987ea9be03b25; \??\C:\WINDOWS\TEMP\1052050a5ae98 []
S3 44bfa5b4146114d5;44bfa5b4146114d5; \??\C:\WINDOWS\TEMP\10560c118198 []
S3 59a106159134adb7;59a106159134adb7; \??\C:\WINDOWS\TEMP\10520874bf754 []
S3 7c8a9b297eaf5d92;7c8a9b297eaf5d92; \??\C:\WINDOWS\TEMP\10520db6613ac []
S3 7f3436be5ade665c;7f3436be5ade665c; \??\C:\WINDOWS\TEMP\10521d5344328 []
S3 810c1d9fd27e521b;810c1d9fd27e521b; \??\C:\WINDOWS\TEMP\105207acb7704 []
S3 8d6c76050ce3e2c3;8d6c76050ce3e2c3; \??\C:\WINDOWS\TEMP\105205e4313f4 []
S3 a74bd38007fd0bde;a74bd38007fd0bde; \??\C:\WINDOWS\TEMP\10520733d43a8 []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 b29ce8df6069a09d;b29ce8df6069a09d; \??\C:\WINDOWS\TEMP\105205d05c430 []
S3 b2e4a3091d6e03de;b2e4a3091d6e03de; \??\C:\WINDOWS\TEMP\105206efbcb2c []
S3 b996d33d88343e90;b996d33d88343e90; \??\C:\WINDOWS\TEMP\10520fb5920b0 []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-06-30 775936]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 d3dc9f3307e084c6;d3dc9f3307e084c6; \??\C:\WINDOWS\TEMP\105206956e408 []
S3 d9558d29fb0714c6;d9558d29fb0714c6; \??\C:\WINDOWS\TEMP\10520cff3d5cc []
S3 da1eb02627c96a23;da1eb02627c96a23; \??\C:\WINDOWS\TEMP\1052084dd8fd4 []
S3 e9e99b9bd8add747;e9e99b9bd8add747; \??\C:\WINDOWS\TEMP\10520bfa6d800 []
S3 f0cb6631aeb4f667;f0cb6631aeb4f667; \??\C:\WINDOWS\TEMP\10560459bbb6c []
S3 f76f15cd6b3a6825;f76f15cd6b3a6825; \??\C:\WINDOWS\TEMP\105208770df2c []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070525.001\symidsco.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe []
S2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-08-09 254050]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-08-09 114784]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-08-09 61440]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-06-26 507904]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-01-29 1174152]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Měl jste rovnou říci, že jste včera dělal sken ComboFix. Tento log je potom k ničemu, neboť skryje všechny stopy po šmejdu. Dejte log z CF, měl by být uložen v C:\combofix.txt.

[mb.hk]

To jsem nevěděl, omlouvám se.
Zkoušel jsem už všechno možné, ale výsledek vždy stejný...

ComboFix 11-07-25.02 - Administrator 25.07.2011 21:59:33.2.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.257 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dna69\Local Settings\temp\RtkBtMnt.exe
.
---- Předchozí spuštění -------
.
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\ScreenSaver\Images\00ABD0BD.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BRovly.dll
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00ABA1DD
c:\program files\MyWebSearch\bar\Cache\00ABAA4A
c:\program files\MyWebSearch\bar\Cache\00ABACBB.bin
c:\program files\MyWebSearch\bar\Cache\00ABAE51.bin
c:\program files\MyWebSearch\bar\Cache\00ABAFE7.bin
c:\program files\MyWebSearch\bar\Cache\00ABB17D.bin
c:\program files\MyWebSearch\bar\Cache\00B6BFA1.bin
c:\program files\MyWebSearch\bar\Cache\00B6C2ED.bin
c:\program files\MyWebSearch\bar\Cache\00B6C4F0.bin
c:\program files\MyWebSearch\bar\Cache\00B6D173.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\driVERs\jjwgo.sys
c:\windows\system32\f3PSSavr.scr
H:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_jjwgo
-------\Service_jjwgo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:30 . 2011-07-25 17:30 -------- d-----w- C:\FOUND.014
2011-07-25 15:26 . 2011-07-25 15:26 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 11:42 . 2011-07-25 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\mD02300CkNbF02300
2011-07-24 10:57 . 2011-07-24 10:57 100352 ----a-w- c:\windows\system32\drivers\zgscwqlu.sys
2011-07-23 17:32 . 2011-07-23 17:32 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 16:42 . 2011-05-27 06:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2007-04-04 16:35 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2004-08-18 18:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 18:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 18:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 151552]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-26 921600]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-19 462848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\dna69\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Opera.lnk - c:\program files\Opera\Opera.exe [2007-10-15 79360]
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2005-2-26 303616]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"d:\\Condition Zero\\czero.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\QIP Infium\\INFIUM.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\BIN\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
S0 snbtgj;snbtgj; [x]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 zgscwqlu;zgscwqlu;c:\windows\system32\drivers\zgscwqlu.sys [24.7.2011 12:57 100352]
S3 0499c25276c15976;0499c25276c15976;\??\c:\windows\TEMP\10560bc4b0c5c --> c:\windows\TEMP\10560bc4b0c5c [?]
S3 0637ebeca377c932;0637ebeca377c932;\??\c:\windows\TEMP\1052099ccf70c --> c:\windows\TEMP\1052099ccf70c [?]
S3 0bafa66e91ece68f;0bafa66e91ece68f;\??\c:\windows\TEMP\105201663e8a4 --> c:\windows\TEMP\105201663e8a4 [?]
S3 24b1e08353f28cc2;24b1e08353f28cc2;\??\c:\windows\TEMP\10520e3a0b9c0 --> c:\windows\TEMP\10520e3a0b9c0 [?]
S3 26d24817e9b3875b;26d24817e9b3875b;\??\c:\windows\TEMP\10520a068d31c --> c:\windows\TEMP\10520a068d31c [?]
S3 2cbe92f3705e1ce4;2cbe92f3705e1ce4;\??\c:\windows\TEMP\1052043814a74 --> c:\windows\TEMP\1052043814a74 [?]
S3 300987ea9be03b25;300987ea9be03b25;\??\c:\windows\TEMP\1052050a5ae98 --> c:\windows\TEMP\1052050a5ae98 [?]
S3 44bfa5b4146114d5;44bfa5b4146114d5;\??\c:\windows\TEMP\10560c118198 --> c:\windows\TEMP\10560c118198 [?]
S3 59a106159134adb7;59a106159134adb7;\??\c:\windows\TEMP\10520874bf754 --> c:\windows\TEMP\10520874bf754 [?]
S3 7c8a9b297eaf5d92;7c8a9b297eaf5d92;\??\c:\windows\TEMP\10520db6613ac --> c:\windows\TEMP\10520db6613ac [?]
S3 7f3436be5ade665c;7f3436be5ade665c;\??\c:\windows\TEMP\10521d5344328 --> c:\windows\TEMP\10521d5344328 [?]
S3 810c1d9fd27e521b;810c1d9fd27e521b;\??\c:\windows\TEMP\105207acb7704 --> c:\windows\TEMP\105207acb7704 [?]
S3 8d6c76050ce3e2c3;8d6c76050ce3e2c3;\??\c:\windows\TEMP\105205e4313f4 --> c:\windows\TEMP\105205e4313f4 [?]
S3 a74bd38007fd0bde;a74bd38007fd0bde;\??\c:\windows\TEMP\10520733d43a8 --> c:\windows\TEMP\10520733d43a8 [?]
S3 b29ce8df6069a09d;b29ce8df6069a09d;\??\c:\windows\TEMP\105205d05c430 --> c:\windows\TEMP\105205d05c430 [?]
S3 b2e4a3091d6e03de;b2e4a3091d6e03de;\??\c:\windows\TEMP\105206efbcb2c --> c:\windows\TEMP\105206efbcb2c [?]
S3 b996d33d88343e90;b996d33d88343e90;\??\c:\windows\TEMP\10520fb5920b0 --> c:\windows\TEMP\10520fb5920b0 [?]
S3 d3dc9f3307e084c6;d3dc9f3307e084c6;\??\c:\windows\TEMP\105206956e408 --> c:\windows\TEMP\105206956e408 [?]
S3 d9558d29fb0714c6;d9558d29fb0714c6;\??\c:\windows\TEMP\10520cff3d5cc --> c:\windows\TEMP\10520cff3d5cc [?]
S3 da1eb02627c96a23;da1eb02627c96a23;\??\c:\windows\TEMP\1052084dd8fd4 --> c:\windows\TEMP\1052084dd8fd4 [?]
S3 e9e99b9bd8add747;e9e99b9bd8add747;\??\c:\windows\TEMP\10520bfa6d800 --> c:\windows\TEMP\10520bfa6d800 [?]
S3 f0cb6631aeb4f667;f0cb6631aeb4f667;\??\c:\windows\TEMP\10560459bbb6c --> c:\windows\TEMP\10560459bbb6c [?]
S3 f76f15cd6b3a6825;f76f15cd6b3a6825;\??\c:\windows\TEMP\105208770df2c --> c:\windows\TEMP\105208770df2c [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.107.52.1 10.107.4.100
TCP: Interfaces\{8617164D-C891-448E-9395-C136971A7643}: NameServer = 10.107.52.1,10.107.4.100
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 22:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\0499c25276c15976]
"ImagePath"="\??\c:\windows\TEMP\10560bc4b0c5c"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\0637ebeca377c932]
"ImagePath"="\??\c:\windows\TEMP\1052099ccf70c"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\0bafa66e91ece68f]
"ImagePath"="\??\c:\windows\TEMP\105201663e8a4"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\24b1e08353f28cc2]
"ImagePath"="\??\c:\windows\TEMP\10520e3a0b9c0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\26d24817e9b3875b]
"ImagePath"="\??\c:\windows\TEMP\10520a068d31c"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\2cbe92f3705e1ce4]
"ImagePath"="\??\c:\windows\TEMP\1052043814a74"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\300987ea9be03b25]
"ImagePath"="\??\c:\windows\TEMP\1052050a5ae98"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\44bfa5b4146114d5]
"ImagePath"="\??\c:\windows\TEMP\10560c118198"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\59a106159134adb7]
"ImagePath"="\??\c:\windows\TEMP\10520874bf754"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\7c8a9b297eaf5d92]
"ImagePath"="\??\c:\windows\TEMP\10520db6613ac"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\7f3436be5ade665c]
"ImagePath"="\??\c:\windows\TEMP\10521d5344328"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\810c1d9fd27e521b]
"ImagePath"="\??\c:\windows\TEMP\105207acb7704"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\8d6c76050ce3e2c3]
"ImagePath"="\??\c:\windows\TEMP\105205e4313f4"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\a74bd38007fd0bde]
"ImagePath"="\??\c:\windows\TEMP\10520733d43a8"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\b29ce8df6069a09d]
"ImagePath"="\??\c:\windows\TEMP\105205d05c430"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\b2e4a3091d6e03de]
"ImagePath"="\??\c:\windows\TEMP\105206efbcb2c"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\b996d33d88343e90]
"ImagePath"="\??\c:\windows\TEMP\10520fb5920b0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\d3dc9f3307e084c6]
"ImagePath"="\??\c:\windows\TEMP\105206956e408"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\d9558d29fb0714c6]
"ImagePath"="\??\c:\windows\TEMP\10520cff3d5cc"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\da1eb02627c96a23]
"ImagePath"="\??\c:\windows\TEMP\1052084dd8fd4"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\e9e99b9bd8add747]
"ImagePath"="\??\c:\windows\TEMP\10520bfa6d800"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\f0cb6631aeb4f667]
"ImagePath"="\??\c:\windows\TEMP\10560459bbb6c"
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\f76f15cd6b3a6825]
"ImagePath"="\??\c:\windows\TEMP\105208770df2c"
.
Celkový čas: 2011-07-25 22:08:22
ComboFix-quarantined-files.txt 2011-07-25 20:08
.
Před spuštěním: Volných bajtů: 18 864 340 992
Po spuštění: Volných bajtů: 18 817 548 288
.
- - End Of File - - 529285E0CD8A1CFB8B27315FCB0CC210

[mb.hk]

Zkoušel jsem i program "Remove Fake Antivirus", který na nějakém fóru doporučovali, že bude hned po problému, ten sice taky něco našel a odstranil, ale problém nevyřešil.
NOD32, který mám v PC jsem zkoušel jako první, ale stejné jako viz výše.

[Rudy]

Otevřte poznámkový blok a zkpírujte do něj:

KillAll::

Collect::
c:\windows\system32\drivers\zgscwqlu.sys
c:\windows\TEMP\10560bc4b0c5c
c:\windows\TEMP\1052099ccf70c
c:\windows\TEMP\105201663e8ac
c:\windows\TEMP\10520e3a0b9c0
c:\windows\TEMP\10520e3a0b9c0
c:\windows\TEMP\10520a068d31c
c:\windows\TEMP\1052043814a74
c:\windows\TEMP\1052050a5ae98
c:\windows\TEMP\10560c118198
c:\windows\TEMP\10520874bf754
c:\windows\TEMP\10520db6613ac
c:\windows\TEMP\10521d5344328
c:\windows\TEMP\105207acb7704
c:\windows\TEMP\105205e4313f4
c:\windows\TEMP\10520733d43a8
c:\windows\TEMP\105205d05c430
c:\windows\TEMP\105206efbcb2c
c:\windows\TEMP\10520fb5920b0
c:\windows\TEMP\105206956e408
c:\windows\TEMP\10520cff3d5cc
c:\windows\TEMP\1052084dd8fd4
c:\windows\TEMP\10520bfa6d800
c:\windows\TEMP\10560459bbb6c
c:\windows\TEMP\105208770df2c

Folder::
c:\documents and settings\All Users\Data aplikací\mD02300CkNbF02300

Driver::
snbtgj
zgscwqlu
0499c25276c15976
0637ebeca377c932
0bafa66e91ece68f
24b1e08353f28cc2
26d24817e9b3875b
2cbe92f3705e1ce4
300987ea9be03b25
44bfa5b4146114d5
59a106159134adb7
7c8a9b297eaf5d92
7f3436be5ade665c
810c1d9fd27e521b
8d6c76050ce3e2c3
a74bd38007fd0bde
b29ce8df6069a09d
b2e4a3091d6e03de
b996d33d88343e90
d3dc9f3307e084c6
d9558d29fb0714c6
da1eb02627c96a23
e9e99b9bd8add747
f0cb6631aeb4f667
f76f15cd6b3a6825

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[mb.hk]

Jsem tu s dalším logem z CF.
Musel jsem to udělat podruhé, protože poprvé, když se pc restartoval, tak PSP zabránil CF dokončit práci a udělat log. Takže jsem si musel počkat na restart a nechat systém naběhnout opět v nouzovém režimu.

ComboFix 11-07-26.02 - Administrator 26.07.2011 10:23:10.4.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.256 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Eset NOD32 antivirus system 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dna69\Local Settings\temp\RtkBtMnt.exe
.
---- Předchozí spuštění -------
.
c:\documents and settings\dna69\Local Settings\temp\RtkBtMnt.exe
c:\windows\system32\drivers\zgscwqlu.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SNBTGJ
-------\Legacy_ZGSCWQLU
-------\Service_0499c25276c15976
-------\Service_0637ebeca377c932
-------\Service_0bafa66e91ece68f
-------\Service_24b1e08353f28cc2
-------\Service_26d24817e9b3875b
-------\Service_2cbe92f3705e1ce4
-------\Service_300987ea9be03b25
-------\Service_44bfa5b4146114d5
-------\Service_59a106159134adb7
-------\Service_7c8a9b297eaf5d92
-------\Service_7f3436be5ade665c
-------\Service_810c1d9fd27e521b
-------\Service_8d6c76050ce3e2c3
-------\Service_a74bd38007fd0bde
-------\Service_b29ce8df6069a09d
-------\Service_b2e4a3091d6e03de
-------\Service_b996d33d88343e90
-------\Service_d3dc9f3307e084c6
-------\Service_d9558d29fb0714c6
-------\Service_da1eb02627c96a23
-------\Service_e9e99b9bd8add747
-------\Service_f0cb6631aeb4f667
-------\Service_f76f15cd6b3a6825
-------\Service_snbtgj
-------\Service_zgscwqlu
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 07:25 . 2011-07-26 07:25 -------- d-----w- c:\program files\trend micro
2011-07-26 07:25 . 2011-07-26 07:25 -------- d-----w- C:\rsit
2011-07-26 06:32 . 2011-07-26 06:32 -------- d-----w- C:\Kaspersky Rescue Disk 10.0
2011-07-25 15:26 . 2011-07-25 15:26 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 11:42 . 2011-07-25 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\mD02300CkNbF02300
2011-07-23 17:32 . 2011-07-23 17:32 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 16:42 . 2011-05-27 06:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2007-04-04 16:35 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2004-08-18 18:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 18:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 18:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 151552]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-26 921600]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-19 462848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\dna69\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Opera.lnk - c:\program files\Opera\Opera.exe [2007-10-15 79360]
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2005-2-26 303616]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-18 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-07-20 20:15 593920 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-18 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-18 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-18 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"d:\\Condition Zero\\czero.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\QIP Infium\\INFIUM.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\BIN\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.107.52.1 10.107.4.100
TCP: Interfaces\{8617164D-C891-448E-9395-C136971A7643}: NameServer = 10.107.52.1,10.107.4.100
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 10:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-26 10:33:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 08:33
ComboFix2.txt 2011-07-25 20:08
.
Před spuštěním: Volných bajtů: 18 951 077 888
Po spuštění: Volných bajtů: 18 934 530 048
.
- - End Of File - - A3C6700B3196BB882A598501603A72CA
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Log již vypadá čistý, CF vše smazal. Nastala nějaká změna?

[mb.hk]

Bohužel ne, po naběhnutí Win v normálním režimu se opět po pár vteřinách spusti PSP, změní se pozadí na modré, shodí všechny ostatní programy a neustále otravuje s hláškou, že počítač je nakažen a je třeba zaktualizovat PSP (po zaplacení nějakého poplatku v USD).

[Rudy]

Personal Shield Pro je pěkný prevít, dokáže rozhodit systém tak, že nezbude, než reinstal. Udělajte zálohu důležitých dat a pak PC proskenujte AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

[mb.hk]

Tak tu mám log z KVRT:

Status: Deleted (events: 22)
26.7.2011 16:30:13 Deleted Trojan program Trojan-Ransom.Win32.Digitala.aqf C:\Program Files\ESET\infected\JOU1IACA.NQF High
26.7.2011 16:30:13 Deleted Trojan program Trojan-Ransom.Win32.Digitala.aqe C:\Program Files\ESET\infected\JIKLJZDA.NQF High
26.7.2011 16:30:13 Deleted Trojan program Trojan-Ransom.Win32.Digitala.aqe C:\Program Files\ESET\infected\JIKLJZDA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:13 Deleted Trojan program Trojan-Ransom.Win32.Digitala.aqf C:\Program Files\ESET\infected\JOU1IACA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:13 Deleted Trojan program Rootkit.Win32.Bubnix.bao C:\Program Files\ESET\infected\4R5SD5BA.NQF High
26.7.2011 16:30:13 Deleted Trojan program Rootkit.Win32.Bubnix.bao C:\Program Files\ESET\infected\4R5SD5BA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:14 Deleted Trojan program Packed.Win32.Krap.ao C:\Program Files\ESET\infected\TNQMWNDA.NQF High
26.7.2011 16:30:14 Deleted Trojan program Packed.Win32.Krap.ao C:\Program Files\ESET\infected\TNQMWNDA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:14 Deleted Trojan program Packed.Win32.Krap.ao C:\Program Files\ESET\infected\C3UHRZDA.NQF High
26.7.2011 16:30:14 Deleted Trojan program Packed.Win32.Krap.ao C:\Program Files\ESET\infected\C3UHRZDA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:14 Deleted Trojan program Trojan-PSW.Win32.Agent.rkg C:\Program Files\ESET\infected\DSF1YCDA.NQF High
26.7.2011 16:30:14 Deleted Trojan program Trojan-PSW.Win32.Agent.rkg C:\Program Files\ESET\infected\DSF1YCDA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:15 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\M2A50OCA.NQF High
26.7.2011 16:30:15 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\M2A50OCA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:14 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\GPI1CWCA.NQF High
26.7.2011 16:30:14 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\GPI1CWCA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:15 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\3MALICDA.NQF High
26.7.2011 16:30:15 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\3MALICDA.NQF//PE-Crypt.XorPE High
26.7.2011 16:30:19 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\400JMMBA.NQF High
26.7.2011 16:30:19 Deleted Trojan program Backdoor.Win32.Bredolab.pcz C:\Program Files\ESET\infected\400JMMBA.NQF//PE-Crypt.XorPE High
26.7.2011 16:35:54 Deleted malware Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{7AB74447-C735-46C1-BBC5-1690C963B3B7}\RP1120\A0171061.DLL Medium
26.7.2011 16:37:58 Deleted malware Hoax.Win32.Screensaver.b C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Medium

[mb.hk]

Tak bohužel i přes to, že program opět odstranil několik nákaz, problém stále trvá.

[mb.hk]

Nějaká další rada co zkusit?

[Rudy]

Zkuste ještě jednou ComboFix. Uvidíme, co se změnilo.