Policie Čr

[PredyP]

Dobrý den,
teď mi volal kamarád že ho napadl vir policie čr. Je toho tady spousta napsáno ale nejsem si jistý zda to mohu použít jestli se to řeší pokaždé stejně.
Má win xp
Prosím o radu Děkuji

[Rudy]

Zdravím!
Pokud funguje alespoň nouz. režim, dejte nejprve log RSIT. Po mjeho zkontrolování lze rozhodnout, jak dál.

[PredyP]

ok, zítra mi to přiveze tak se na to mrknu. Zatím děkuji

[Rudy]

Zatím není zač.

[PredyP]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-06-04 20:38:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (63%) free of 38 GB
Total RAM: 639 MB (79% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-28 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-28 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\bin\core.4.dll [2012-01-10 1151520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"V0470Mon.exe"=C:\WINDOWS\V0470Mon.exe [2007-06-04 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]
"KB976002-v5"=advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
C:\Program Files\SlimDrivers\SlimDrivers.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
C:\WINDOWS\V0470Mon.exe [2007-06-04 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2012-09-23 40592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2013-05-11 694352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WINDOW~2\WINDOW~1.EXE [2011-01-25 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2011-01-25 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2011-01-25 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-01-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=serwvdrv.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-06-04 20:37:00 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2013-06-04 20:36:59 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-06-04 20:31:37 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2013-06-04 20:31:29 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2013-06-04 20:30:56 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-03 20:29:59 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-06-03 20:28:47 ----A---- C:\Documents and Settings\All Users\Data aplikací\q3j9.js
2013-06-03 20:22:03 ----A---- C:\Documents and Settings\All Users\Data aplikací\kjhy64.txt
2013-06-03 20:21:35 ----A---- C:\Documents and Settings\All Users\Data aplikací\9j3q.dat
2013-06-03 20:21:34 ----A---- C:\Documents and Settings\All Users\Data aplikací\rundll32.exe
2013-06-03 00:28:16 ----D---- C:\Program Files\Common Files\Skype
2013-06-03 00:28:14 ----RD---- C:\Program Files\Skype
2013-06-02 16:59:00 ----A---- C:\WINDOWS\system32\cximage.dll
2013-06-02 16:58:54 ----D---- C:\WINDOWS\CtDrvInstall
2013-06-02 16:58:43 ----D---- C:\Live! Cam
2013-05-24 23:39:40 ----D---- C:\Program Files\Mozilla Firefox
2013-05-15 21:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-05-15 21:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$

======List of files/folders modified in the last 1 month======

2013-06-04 20:36:57 ----D---- C:\Documents and Settings
2013-06-04 20:36:40 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-04 20:34:34 ----D---- C:\WINDOWS\temp
2013-06-04 20:31:37 ----D---- C:\WINDOWS\system32\drivers
2013-06-04 20:30:56 ----D---- C:\WINDOWS
2013-06-03 22:11:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-03 20:43:59 ----D---- C:\WINDOWS\Prefetch
2013-06-03 20:29:59 ----D---- C:\WINDOWS\system32
2013-06-03 00:28:26 ----SHD---- C:\WINDOWS\Installer
2013-06-03 00:28:25 ----D---- C:\Config.Msi
2013-06-03 00:28:16 ----D---- C:\Program Files\Common Files
2013-06-03 00:28:14 ----RD---- C:\Program Files
2013-06-03 00:28:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-06-02 17:15:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-06-02 17:07:55 ----A---- C:\WINDOWS\NeroDigital.ini
2013-06-02 17:03:55 ----HD---- C:\WINDOWS\inf
2013-05-25 19:13:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-16 12:32:03 ----RSD---- C:\WINDOWS\assembly
2013-05-16 12:27:56 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-15 21:31:49 ----D---- C:\Program Files\Internet Explorer
2013-05-15 21:31:03 ----D---- C:\WINDOWS\ie8updates
2013-05-15 21:17:06 ----D---- C:\WINDOWS\WinSxS
2013-05-15 21:16:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-15 21:12:41 ----A---- C:\WINDOWS\imsins.BAK
2013-05-15 21:10:22 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-15 21:03:08 ----A---- C:\WINDOWS\system32\MRT.exe
2013-05-14 22:47:56 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-13 07:39:11 ----D---- C:\WINDOWS\Minidump
2013-05-07 06:22:16 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2011-01-25 41600]
S1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2011-01-25 9472]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
S2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
S2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2011-01-25 62848]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver; C:\WINDOWS\system32\DRIVERS\m4301A.sys [2004-05-13 83552]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2011-01-25 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-05-09 146720]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2011-01-25 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2011-01-25 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2011-01-25 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-28 170912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2011-01-25 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-24 117144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2011-01-25 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-01-25 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-01-25 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

OK. Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[PredyP]

ComboFix 13-06-03.06 - Administrator 04.06.2013 21:14:54.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.639.501 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\9j3q.dat
c:\documents and settings\All Users\Data aplikací\rundll32.exe
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-04 do 2013-06-04 )))))))))))))))))))))))))))))))
.
.
2013-06-04 18:36 . 2013-06-04 18:37 -------- d-----w- c:\documents and settings\Administrator
2013-06-04 18:31 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-04 18:31 . 2008-04-13 21:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-06-03 18:28 . 2013-06-03 18:28 3047 ----a-w- c:\documents and settings\All Users\Data aplikací\q3j9.js
2013-06-02 22:28 . 2013-06-02 22:28 -------- d-----w- c:\program files\Common Files\Skype
2013-06-02 22:28 . 2013-06-02 22:28 -------- d-----r- c:\program files\Skype
2013-06-02 14:59 . 2007-02-15 11:26 811008 ----a-w- c:\windows\system32\cximage.dll
2013-06-02 14:58 . 2013-06-02 14:58 -------- d-----w- c:\windows\CtDrvInstall
2013-06-02 14:58 . 2013-06-02 14:58 -------- d-----w- C:\Live! Cam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 20:47 . 2012-10-07 08:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 20:47 . 2012-10-07 08:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2011-01-25 08:12 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2011-01-25 08:12 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 07:50 . 2013-04-07 07:50 781383 ----a-w- C:\RSIT.exe
2013-03-28 21:03 . 2013-03-28 21:03 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-28 21:02 . 2013-03-28 21:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-28 21:02 . 2012-11-20 18:46 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-28 21:02 . 2012-10-06 20:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:35 . 2011-01-25 08:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:54 . 2011-01-25 08:11 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:54 . 2010-04-28 22:19 2072192 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 23:33 . 2013-03-23 17:58 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-23 17:58 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2012-10-06 21:10 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-10-06 21:10 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-10-06 21:10 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-10-06 21:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-03-23 17:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-10-06 21:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-10-06 21:09 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-10-06 21:09 228600 ----a-w- c:\windows\system32\aswBoot.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-01-25 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2011-01-25 . 954053BC42429995A1B07E8AA9389456 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
2007-06-03 23:01 32768 ----a-w- c:\windows\V0470Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23.3.2013 19:58 49248]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.10.2012 23:10 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.10.2012 23:10 368176]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25.1.2011 10:15 9472]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.10.2012 23:10 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.3.2013 19:58 66336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23.3.2013 19:58 164736]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [13.5.2004 19:31 83552]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [6.10.2012 23:36 146720]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:47]
.
2013-06-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-06 23:32]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{CCDEA6B2-7435-4AE7-AEA2-6C88328F2A5D}: NameServer = 213.235.168.6,82.99.179.6
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-SlimDrivers - c:\program files\SlimDrivers\SlimDrivers.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2804576 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-04 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-06-04 21:29:01
ComboFix-quarantined-files.txt 2013-06-04 19:28
.
Před spuštěním: Volných bajtů: 24 942 067 712
Po spuštění: Volných bajtů: 24 953 597 952
.
- - End Of File - - B430E2D5D7B1F4834D241B72B4EB02EB

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Collect::
c:\documents and settings\All Users\Data aplikací\q3j9.js

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[PredyP]

Cf se po restartu chtěl připojit internetu ale u tohodle pc je internet připojen přez usb, vytvořil nějaký odkaz který uložil na C:
K internetu bych se ale mohl připojit musím tam ale dát síťovku. Budu tedy čekat na další vaše rozkazy.
toto cf vytvořil http://leteckaposta.cz/165568861

ComboFix 13-06-03.06 - Karel 05.06.2013 14:39:29.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.639.308 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\documents and settings\All Users\Data aplikací\q3j9.js
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\q3j9.js
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-05 do 2013-06-05 )))))))))))))))))))))))))))))))
.
.
2013-06-04 18:36 . 2013-06-04 18:37 -------- d-----w- c:\documents and settings\Administrator
2013-06-04 18:31 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-04 18:31 . 2008-04-13 21:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-06-02 22:28 . 2013-06-02 22:28 -------- d-----w- c:\program files\Common Files\Skype
2013-06-02 22:28 . 2013-06-02 22:28 -------- d-----r- c:\program files\Skype
2013-06-02 14:59 . 2007-02-15 11:26 811008 ----a-w- c:\windows\system32\cximage.dll
2013-06-02 14:58 . 2013-06-02 14:58 -------- d-----w- c:\windows\CtDrvInstall
2013-06-02 14:58 . 2013-06-02 14:58 -------- d-----w- C:\Live! Cam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 20:47 . 2012-10-07 08:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 20:47 . 2012-10-07 08:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2011-01-25 08:12 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2011-01-25 08:12 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 07:50 . 2013-04-07 07:50 781383 ----a-w- C:\RSIT.exe
2013-03-28 21:03 . 2013-03-28 21:03 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-28 21:02 . 2013-03-28 21:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-28 21:02 . 2012-11-20 18:46 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-28 21:02 . 2012-10-06 20:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:35 . 2011-01-25 08:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:54 . 2011-01-25 08:11 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:54 . 2010-04-28 22:19 2072192 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\Karel\Data aplikací\Seznam.cz\szninstall.exe" [2013-03-21 1061960]
"cz.seznam.software.szndesktop"="c:\documents and settings\Karel\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
.
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\
regmonstd.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
2007-06-03 23:01 32768 ----a-w- c:\windows\V0470Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23.3.2013 19:58 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.10.2012 23:10 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.10.2012 23:10 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.10.2012 23:10 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.3.2013 19:58 66336]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25.1.2011 10:15 9472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23.3.2013 19:58 164736]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [13.5.2004 19:31 83552]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [6.10.2012 23:36 146720]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:47]
.
2013-06-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-06 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/www.seznam.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{CCDEA6B2-7435-4AE7-AEA2-6C88328F2A5D}: NameServer = 213.235.168.6,82.99.179.6
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\9ipdxbwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ctfmon32.exe - c:\docume~1\ALLUSE~1\DATAAP~1\rundll32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 14:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\documents and settings\Karel\Data aplikací\Seznam.cz\bin\szndesktop.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2013-06-05 15:04:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-05 13:04
ComboFix2.txt 2013-06-04 19:29
.
Před spuštěním: Volných bajtů: 24 245 256 192
Po spuštění: Volných bajtů: 24 382 214 144
.
- - End Of File - - E1E84436DCA052974E86557DF9D4274F

[Rudy]

Log je již OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Pokud se k internetu nemůžete připojit, nic neodesílejte.

[PredyP]

CF odinstalován, k internetu jsem se připojil

[Rudy]

Vyhledejte ten soubor (pokud dosud nebyl smazán), kliknutím na >procházet<, vložte do okénka a klikněte na >send<. PC by již měl být čistý.

[PredyP]

Tcleaner ho smazal tak moc děkuji za pomoc.

[Rudy]

Kdybych věděl, že se k netu připojíte, byl bych postup obrátil. Autor CF nedostane vzorek toho šmejda, jinak se nic neděje. Nemáte zač!