Nic nefunguje

[Vicious]

Jedná se o kamarádův počítač,tak že nevím podrobnosti co prováděl. Při startu pc se otevře okno nějakýho INTERNET SECURITY a spustí se scan a hlásí nějaký malware. Nejdou spustit žádné programy tudíž se nejde připojit k internetu. Scan RSIT jsem provedl v nouzovém režimu kde vše funguje i připojení k internetu. Prosím pomozte.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-03-17 10:28:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (66%) free of 57 GB
Total RAM: 446 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:09, on 17.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=kno&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [InfoMyCa.exe] C:\Program Files\Wireless 802.11g Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office 2007\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office 2007\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

--
End of file - 7297 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1005UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CA1337B8-C4B5-4B9C-B23D-7939C872DBFD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll [2011-09-05 265944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll [2011-09-05 220888]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2011-09-21 36972]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2004-11-12 143360]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-11-12 53248]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-12 73728]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-07 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-12-05 159744]
"GrooveMonitor"=C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [2006-10-26 31016]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-07-26 397992]
"InfoMyCa.exe"=C:\Program Files\Wireless 802.11g Monitor\InfoMyCa.exe []
"XPFix"=C:\Program Files\Wireless 802.11g Monitor\XPFix.exe [2004-08-12 135168]
"OdTray.exe"=C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [2011-09-05 362200]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient]
C:\WINDOWS\system32\odyEvent.dll [2011-10-09 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"vidc.mjpg"=pvmjpg30.dll

======List of files/folders created in the last 1 month======

2012-03-17 10:28:55 ----D---- C:\Program Files\trend micro
2012-03-17 10:28:53 ----D---- C:\rsit
2012-03-17 10:23:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2012-03-17 10:23:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-03-17 09:05:30 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2012-03-17 09:05:28 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2012-03-15 18:49:30 ----A---- C:\Documents and Settings\All Users\Data aplikací\isecurity.exe
2012-03-14 10:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 10:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 10:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-05 22:08:14 ----A---- C:\WINDOWS\system32\drivers\MarvinBus.sys
2012-03-05 22:08:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-03-05 22:07:26 ----D---- C:\Program Files\Common Files\Pinnacle
2012-03-05 22:05:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
2012-03-05 21:44:41 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2012-03-05 21:44:24 ----D---- C:\Program Files\Common Files\Yahoo!
2012-03-05 21:44:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Studio 15
2012-03-05 21:44:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
2012-03-05 21:09:13 ----D---- C:\Program Files\Pinnacle
2012-03-05 21:09:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle

======List of files/folders modified in the last 1 month======

2012-03-17 10:28:55 ----RD---- C:\Program Files
2012-03-17 10:26:26 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-17 10:20:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-17 10:18:57 ----HD---- C:\WINDOWS\inf
2012-03-17 10:18:55 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-17 10:15:43 ----D---- C:\WINDOWS\Temp
2012-03-17 09:05:27 ----D---- C:\Documents and Settings
2012-03-17 08:58:47 ----SHD---- C:\WINDOWS\Installer
2012-03-15 18:49:57 ----D---- C:\WINDOWS\Prefetch
2012-03-14 20:20:35 ----D---- C:\WINDOWS
2012-03-14 20:17:58 ----D---- C:\WINDOWS\system32
2012-03-14 10:43:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-14 10:43:21 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-14 10:32:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-14 10:32:02 ----A---- C:\WINDOWS\imsins.BAK
2012-03-14 10:32:01 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 15:51:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-05 22:09:46 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-05 22:07:26 ----D---- C:\Program Files\Common Files
2012-03-05 21:57:07 ----RSD---- C:\WINDOWS\Fonts
2012-03-05 21:47:50 ----D---- C:\WINDOWS\WinSxS
2012-02-24 16:12:28 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2010-09-07 190416]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2010-09-07 99792]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-24 95970]
R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2003-10-24 5632]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-01-09 42496]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-06-10 191360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-09-07 340048]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-07 1267724]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-12 2284864]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-11-12 172288]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
S2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Restartujte do nouz. režimu a dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Vicious]

ComboFix 12-03-16.05 - Administrator 17.03.2012 12:20:28.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.446.272 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\isecurity.exe
c:\documents and settings\comp\WINDOWS
C:\prefs.js
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-17 do 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 09:28 . 2012-03-17 09:29 -------- d-----w- c:\program files\trend micro
2012-03-17 09:28 . 2012-03-17 09:29 -------- d-----w- C:\rsit
2012-03-17 08:05 . 2012-03-17 08:06 -------- d-----w- c:\documents and settings\Administrator
2012-03-05 21:08 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2012-03-05 21:08 . 2012-03-05 21:08 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-05 21:07 . 2012-03-05 21:07 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-03-05 21:05 . 2012-03-05 21:15 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2012-03-05 20:44 . 2012-03-05 20:44 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2012-03-05 20:44 . 2012-03-05 20:44 -------- d-----w- c:\program files\Common Files\Yahoo!
2012-03-05 20:09 . 2012-03-05 20:44 -------- d-----w- c:\program files\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:57 . 2004-08-18 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 20:19 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-09-21 14:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 15:23 . 2011-09-24 21:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 16:23 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2011-09-21 36972]
"VTTrayp"="VTtrayp.exe" [2004-11-12 143360]
"VTTimer"="VTTimer.exe" [2004-11-12 53248]
"SoundMan"="SOUNDMAN.EXE" [2004-11-12 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-12-05 159744]
"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
"XPFix"="c:\program files\Wireless 802.11g Monitor\XPFix.exe" [2004-08-12 135168]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\comp\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office 2007\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\comp\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office 2007\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
c:\documents and settings\comp\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office 2007\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2011-10-09 10:40 106496 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.9.2011 12:14 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [22.9.2011 12:14 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [22.9.2011 12:15 99792]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [22.9.2011 7:35 5632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.9.2011 12:15 340048]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.9.2011 12:15 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2011 12:15 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [22.9.2011 12:14 119200]
S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4.5.2010 12:07 503080]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-26 16:23]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{CA1337B8-C4B5-4B9C-B23D-7939C872DBFD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-InfoMyCa.exe - c:\program files\Wireless 802.11g Monitor\InfoMyCa.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 12:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-746137067-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a0,e3,61,50,33,53,45,a6,3c,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a0,e3,61,50,33,53,45,a6,3c,cd,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\odyEvent.dll
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odLogin.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2012-03-17 12:32:02
ComboFix-quarantined-files.txt 2012-03-17 11:32
.
Před spuštěním: Volných bajtů: 39 329 382 400
Po spuštění: Volných bajtů: 39 470 743 552
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 85CBAC55DF0AF3EABFBF32CE47148A03

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com

Collect::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

RegLock::
[HKEY_USERS\S-1-5-21-515967899-746137067-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



Restartujte do normálního režimu a zkuste, zda se stále šmějd spouští. Pokud ano, vraťte se do nouz. režimu a v něm spusťte AVPTool: http://forum.viry.cz/viewtopic.php?f=29&t=58179 . Nechte sken doběhnout a dejte log.

[Vicious]

Už je pryč a počítač funguje, ale je trochu pomalej.

[Rudy]

Zkuste vyčistit CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 od balastu, příp. defragmentujte disk.

[Vicious]

Vyčistil jsem CCleanerem a defragmentoval a je to lepší, ještě potřebuju uklidit ten Combofix, nebo ho mám jen smazat ?

[Rudy]

CF odinstalujte Start>spustit>(napsat) combofix /uninstall>OK.

[Vicious]

Hotovo, moc děkuju.

[Rudy]

Nemáte zač!