rootkity - prosim o pomoc

[Scaveng3]

zdravim, vcera pri beznem provozu pc mi zacal vyskakovat avast ze mam v pocitaci rootkit, naslo jich to v pocitaci asi 100, vse jsem odklikal do truhly... chvili pohoda, pak ale pocitac zacal celkove blbnout, nejde spustit rada programu, na dolni listu se neda kliknout atd... po aplikaci smitfraudfixu se to sice spravi, ale po restartu opet nastanou problemy, navic combofix mi pise ze vyprsela platnost, jinak bych sem dal hned log.... prosim o pomoc, mam v pocitaci dulezite dokumenty

[motji]

Hezké poledne
Poprosím o log ze Rsitu

Důežité věci si raději zazálohujte

[Scaveng3]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-02-28 11:39:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 29 GB (19%) free of 153 GB
Total RAM: 511 MB (9% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 1135968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 1135968]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Steam"=c:\program files\steam\steam.exe [2010-02-20 1217872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Steam\SteamApps\freeze700\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\SteamApps\freeze700\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Aspyr\Guitar Hero III\GH3.exe"="C:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-28 11:39:27 ----D---- C:\Program Files\trend micro
2010-02-28 11:39:14 ----D---- C:\rsit
2010-02-28 11:21:02 ----SD---- C:\ComboFix
2010-02-27 12:14:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-25 07:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 18:27:43 ----D---- C:\Program Files\TO2SSM
2010-02-23 18:23:07 ----D---- C:\Documents and Settings\Honza\Data aplikací\Motive
2010-02-23 18:22:44 ----D---- C:\Program Files\Common Files\Motive
2010-02-23 18:22:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Motive
2010-02-11 18:34:14 ----SHD---- C:\RECYCLER
2010-02-11 08:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 08:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 08:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 08:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 08:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 08:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 08:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 08:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 08:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 22:30:09 ----A---- C:\ComboFix.txt
2010-02-10 20:59:20 ----A---- C:\Boot.bak
2010-02-10 20:59:13 ----RASHD---- C:\cmdcons
2010-02-10 20:29:28 ----A---- C:\WINDOWS\PEV.exe
2010-02-10 20:29:28 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-10 20:29:28 ----A---- C:\WINDOWS\MBR.exe
2010-02-10 20:29:27 ----A---- C:\WINDOWS\zip.exe
2010-02-10 20:29:27 ----A---- C:\WINDOWS\SWSC.exe
2010-02-10 20:29:27 ----A---- C:\WINDOWS\sed.exe
2010-02-10 20:29:27 ----A---- C:\WINDOWS\grep.exe
2010-02-10 20:21:34 ----D---- C:\WINDOWS\ERDNT
2010-02-10 20:18:57 ----D---- C:\Qoobox
2010-02-07 12:27:17 ----D---- C:\Program Files\FireFly Studios

======List of files/folders modified in the last 1 months======

2010-02-28 11:39:27 ----RD---- C:\Program Files
2010-02-28 11:24:30 ----D---- C:\Program Files\Mozilla Firefox
2010-02-28 11:24:05 ----D---- C:\WINDOWS
2010-02-28 11:18:32 ----D---- C:\WINDOWS\system32
2010-02-28 10:44:28 ----D---- C:\WINDOWS\Temp
2010-02-28 10:39:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-28 10:38:42 ----A---- C:\WINDOWS\wincmd.ini
2010-02-28 10:36:13 ----A---- C:\rapport.txt
2010-02-28 10:05:22 ----A---- C:\WINDOWS\system32\tmp.txt
2010-02-28 09:50:29 ----D---- C:\Program Files\Steam
2010-02-28 09:41:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 14:17:06 ----D---- C:\WINDOWS\Prefetch
2010-02-27 13:53:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-27 13:53:17 ----D---- C:\WINDOWS\system32\drivers
2010-02-27 13:53:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 09:54:14 ----D---- C:\Documents and Settings\Honza\Data aplikací\Skype
2010-02-26 18:56:54 ----D---- C:\Documents and Settings
2010-02-26 18:54:38 ----SHD---- C:\WINDOWS\Installer
2010-02-26 18:54:38 ----D---- C:\Config.Msi
2010-02-26 18:54:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-25 07:05:20 ----HD---- C:\WINDOWS\inf
2010-02-23 18:22:44 ----D---- C:\Program Files\Common Files
2010-02-21 10:39:59 ----D---- C:\Program Files\PokerStars
2010-02-20 13:59:59 ----D---- C:\Documents and Settings\Honza\Data aplikací\Happy Foto
2010-02-16 09:10:20 ----D---- C:\Documents and Settings\Honza\Data aplikací\Creative
2010-02-11 08:37:04 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 08:36:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 22:21:47 ----A---- C:\WINDOWS\system.ini
2010-02-10 22:19:52 ----D---- C:\WINDOWS\system32\config
2010-02-10 22:14:58 ----D---- C:\WINDOWS\AppPatch
2010-02-10 21:27:23 ----D---- C:\Program Files\ICQ6.5
2010-02-10 20:59:20 ----RASH---- C:\boot.ini
2010-02-10 14:30:01 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-07 21:57:56 ----D---- C:\Documents and Settings\Honza\Data aplikací\uTorrent
2010-02-07 12:27:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-29 13:11:39 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-18 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-16 25280]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 catchme;catchme; \??\C:\DOCUME~1\Jirka\LOCALS~1\Temp\catchme.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-12 685816]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-26 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-10-29 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\fjhdyfhsn.bat
C:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění\winesm32.exe

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

[Scaveng3]

po restartu pocitac opet prestal fungovat spravne, musel jsem opet provest clean pomoci SmitfraudFix

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\fjhdyfhsn.bat" deleted successfully.
File "C:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění\winesm32.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

arrow: Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Scaveng3]

ComboFix 10-02-27.04 - Honza 28.02.2010 14:02:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.113 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\Potvora.com.exe
AV: avast! antivirus 4.8.1351 [VPS 100227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 11:20 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-27 11:20 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-27 11:19 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-27 11:19 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-27 11:19 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-27 11:19 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-23 17:27 . 2010-02-23 17:29 -------- d-----w- c:\program files\TO2SSM
2010-02-23 17:22 . 2010-02-27 11:21 -------- d-----w- c:\program files\Common Files\Motive
2010-02-07 11:27 . 2010-02-07 11:27 -------- d-----w- c:\program files\FireFly Studios

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 12:04 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 12:04 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 12:01 . 2008-08-03 15:12 -------- d-----w- c:\program files\Steam
2010-02-21 09:39 . 2009-04-18 11:26 -------- d-----w- c:\program files\PokerStars
2010-02-10 20:27 . 2009-09-20 12:49 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 11:27 . 2007-10-11 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 12:12 . 2007-12-07 16:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-29 12:11 . 2007-12-07 16:53 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 15:08 . 2007-10-12 19:50 -------- d-----w- c:\program files\Warcraft III
2010-01-15 19:05 . 2009-05-21 18:32 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-15 14:24 . 2010-01-15 14:23 -------- d-----w- c:\program files\ParadisePoker
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2004-08-18 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 08:00 . 2007-10-11 16:36 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2004-08-17 15:45 2059904 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:28 . 2004-08-18 12:00 2182528 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2004-08-18 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-02-23 19:20 . 2009-02-23 19:20 31098648 ----a-w- c:\program files\setupcze.exe
2003-03-12 04:16 . 2008-02-10 10:32 307200 ----a-w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 . 2008-02-10 10:32 311296 ----a-w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 . 2008-02-10 10:32 299008 ----a-w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 . 2008-02-10 10:32 303104 ----a-w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 . 2008-02-10 10:32 290816 ----a-w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 . 2008-02-10 10:32 122880 ----a-w- c:\program files\internet explorer\plugins\DjVuCntl.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freeze700\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:port 6112
"6881:TCP"= 6881:TCP:port 6881
"6999:TCP"= 6999:TCP:port 6999
"57258:TCP"= 57258:TCP:utorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.4.2008 16:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 16:24 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.9.2009 13:51 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2007 20:27 685816]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 2:03 65536]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\affwvf8p.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\documents and settings\Honza\Plocha\HijackThis.exe
AddRemove-Robin Hood: The Legend Of Sherwood - c:\documents and settings\Honza\Plocha\robin hood\Robin Hood The Legend Of Sherwood



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 14:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-28 14:12:45
ComboFix-quarantined-files.txt 2010-02-28 13:12

Před spuštěním: Volných bajtů: 34 248 626 176
Po spuštění: Volných bajtů: 34 236 936 192

- - End Of File - - 25321734F93757C9F690FA2FF3A9662E

[motji]

Jak to ted vypadá s počítačem?

Otestujte na http://www.virustotal.com

c:\program files\setupcze.exe
c:\program files\internet explorer\plugins\djvu0407.dll
c:\program files\internet explorer\plugins\djvu0409.dll
c:\program files\internet explorer\plugins\djvu040c.dll
c:\program files\internet explorer\plugins\djvu0411.dll



-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Tyto porty máte otevřené schválně?
"6112:TCP"= 6112:TCP:port 6112
"6881:TCP"= 6881:TCP:port 6881
"6999:TCP"= 6999:TCP:port 6999

[Scaveng3]

http://www.virustotal.com/cs/analisis/0 ... 1267365494
http://www.virustotal.com/cs/analisis/f ... 1267365890
http://www.virustotal.com/cs/analisis/0 ... 1267366201
http://www.virustotal.com/cs/analisis/2 ... 1267366422

ten setupcze tam nejde odeslat nevim proc...

pocitac jede zatim bez problemu, otazka je jestli to tak zustane po restartu

k tem portum - pamatuju si ze kdysi davno jsem otviral nejake porty kvuli necemu ale jinak sem si s nastavenim portu nehral... myslite ze by to mohlo tyhle problemy zpusobit?

[motji]

Ten soubor setupze.exe dejte do raru nebo zipu a někam uložte, já ho pak smažu,. Kdyby Vám chyběl, obnovíte ho.

Můžu Vám ty porty zavřít? Když tak je zase povolíte.

[Scaveng3]

jo klidne je zavrete...

mimo jine jako dalsi problemy se objevily ze netiskne tiskarna a pocitac nerozpozna flash disk kdyz ho pripojim

[motji]

Nerozpozná flash disk - myslíte že ho automaticky nenačte? To vypnul combofix.


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\program files\setupcze.exe

Folder::
c:\program files\ICQ6Toolbar

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"=-
"6881:TCP"=-
"6999:TCP"=-

Driver::
ICQ Service

DDS::
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

Firefox::
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\affwvf8p.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[motji]

Jak to tu vypadá?