Prosím o kontrolu logu, icq posílá viry všem

[Paegas]

ComboFix 10-05-11.06 - xxx 12.05.2010 15:58:38.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1013.825 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100512-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-12 do 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-04-23 06:38 . 2010-04-25 04:55 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-15 07:19 . 2010-04-23 06:44 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 07:45 . 2009-11-21 11:50 -------- d-----w- c:\program files\DivX
2010-04-23 06:38 . 2009-11-21 11:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-19 06:21 . 2008-05-23 16:03 -------- d-----w- c:\program files\FreeCommander
2010-04-02 10:51 . 2008-05-23 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 10:38 . 2010-04-02 10:38 -------- d-----w- c:\program files\Activision
2010-04-01 14:55 . 2010-04-01 14:55 -------- d-----w- c:\program files\Common Files\Skype
2010-04-01 14:55 . 2008-05-23 23:53 -------- d-----r- c:\program files\Skype
2010-03-31 01:58 . 2009-11-21 11:50 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2009-11-21 11:50 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2009-11-21 11:50 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2009-11-21 11:50 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-11-21 11:50 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-11-21 11:50 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 09:03 . 2002-12-27 11:18 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 09:03 . 2002-12-27 11:18 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 17:01 . 2009-12-18 17:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2008-10-05 14:36 . 2009-09-19 02:21 4411392 ----a-w- c:\program files\mplayerc.exe
2008-07-22 15:51 . 2008-07-22 15:51 8904808 ----a-w- c:\program files\Opera_951_in_Setup.exe
2008-07-22 12:30 . 2008-07-22 12:30 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-07-22 10:49 . 2008-07-22 10:49 7334032 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2008-12-16 21:24 62736 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Z flasky\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\QIP Infium2\\infium.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.5.2008 17:50 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.5.2008 17:50 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.4.2010 9:19 135664]
S2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [24.12.2008 6:01 3601680]
S2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [24.12.2008 6:01 8208]
S3 es1969;Zvukový ovladač ESS 1969 (WDM);c:\windows\system32\drivers\es1969.sys [25.6.2008 17:16 72192]
S3 racmirror;racmirror;c:\windows\system32\drivers\racmirror.sys [24.12.2008 6:01 32784]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:19]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\ojwb7tda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Skype Recorder - c:\program files\Skype Recorder\Skype Recorder.exe
AddRemove-HijackThis - c:\documents and settings\xxx\Plocha\HijackThis.exe
AddRemove-QIP2005 - c:\program files\QIP\unqip.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 16:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2010-05-12 16:05:28
ComboFix-quarantined-files.txt 2010-05-12 14:05

Před spuštěním: Volných bajtů: 115 705 851 904
Po spuštění: Volných bajtů: 118 428 680 192

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - -

[Paegas]

Logfile of random's system information tool 1.07 (written by random/random)
Run by xxx at 2010-05-12 16:23:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 113 GB (74%) free of 153 GB
Total RAM: 1013 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:23:52, on 12.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QIP Infium2\infium.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxx\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\xxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RACServerLogon - RACServerLogon2.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)

--
End of file - 5438 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\System32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-01-28 111928]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-11-07 21633320]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RACServerLogon]
C:\WINDOWS\system32\RACServerLogon2.dll [2008-12-16 62736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Z flasky\QIP\qip.exe"="C:\Z flasky\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\QIP infium\infium.exe"="C:\Program Files\QIP infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\PCNetSoftware\RAC Server\RACs.exe"="C:\Program Files\PCNetSoftware\RAC Server\RACs.exe:*:Enabled:Remote Administrator Control Server"
"C:\Program Files\QIP Infium2\infium.exe"="C:\Program Files\QIP Infium2\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Vzdálená pomoc - Windows Messenger a přenos hlasu"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-12 16:23:39 ----D---- C:\Program Files\trend micro
2010-05-12 16:23:38 ----D---- C:\rsit
2010-05-12 16:05:30 ----D---- C:\WINDOWS\temp
2010-05-12 16:05:29 ----A---- C:\ComboFix.txt
2010-05-12 15:56:59 ----A---- C:\Boot.bak
2010-05-12 15:56:56 ----RASHD---- C:\cmdcons
2010-05-12 15:52:29 ----A---- C:\WINDOWS\zip.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\SWSC.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\SWREG.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\sed.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\PEV.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\MBR.exe
2010-05-12 15:52:29 ----A---- C:\WINDOWS\grep.exe
2010-05-12 15:51:13 ----D---- C:\WINDOWS\CSC
2010-05-12 15:51:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-23 08:38:32 ----D---- C:\WINDOWS\SxsCaPendDel
2010-04-15 09:19:29 ----D---- C:\Program Files\Google
2010-04-15 09:18:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-04-14 21:33:32 ----D---- C:\Documents and Settings\xxx\Data aplikací\Real

======List of files/folders modified in the last 1 months======

2010-05-12 16:23:45 ----D---- C:\WINDOWS\Prefetch
2010-05-12 16:23:39 ----RD---- C:\Program Files
2010-05-12 16:09:55 ----D---- C:\Documents and Settings\xxx\Data aplikací\Skype
2010-05-12 16:08:14 ----D---- C:\Documents and Settings\xxx\Data aplikací\skypePM
2010-05-12 16:05:30 ----D---- C:\WINDOWS
2010-05-12 16:05:11 ----D---- C:\Qoobox
2010-05-12 16:04:29 ----D---- C:\WINDOWS\ERDNT
2010-05-12 16:04:08 ----A---- C:\WINDOWS\system.ini
2010-05-12 16:00:28 ----D---- C:\WINDOWS\system32\drivers
2010-05-12 15:59:49 ----D---- C:\WINDOWS\system32
2010-05-12 15:59:49 ----D---- C:\WINDOWS\AppPatch
2010-05-12 15:59:45 ----D---- C:\Program Files\Common Files
2010-05-12 15:58:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-12 15:56:59 ----RASH---- C:\boot.ini
2010-05-12 15:49:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-12 09:45:29 ----D---- C:\Program Files\DivX
2010-05-09 18:47:38 ----A---- C:\WINDOWS\ULEAD32.INI
2010-04-26 20:14:06 ----SHD---- C:\WINDOWS\Installer
2010-04-23 08:38:32 ----D---- C:\Program Files\Common Files\DivX Shared
2010-04-23 08:12:06 ----A---- C:\SGuser.txt
2010-04-19 08:21:11 ----D---- C:\Program Files\FreeCommander
2010-04-15 09:38:20 ----D---- C:\Documents and Settings\xxx\Data aplikací\DivX
2010-04-15 09:19:39 ----SD---- C:\WINDOWS\Tasks
2010-04-13 16:00:21 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 RACDriver;RAC driver; \??\C:\Program Files\PCNetSoftware\RAC Server\RACDriver.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 es1969;Zvukový ovladač ESS 1969 (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 racmirror;racmirror; C:\WINDOWS\system32\DRIVERS\racmirror.sys [2008-03-25 32784]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\xxx\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-12-27 9600]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-12-27 12160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server; C:\Program Files\PCNetSoftware\RAC Server\RACs.exe [2008-12-16 3601680]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i C:\ComboFix\REGT.cfxxe /S C:\ComboFix\CregB.dat []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

[motji]

Dobrý večer
Než projdu logy, změnilo se po použití combofixu něco?
(jinak si přžečtěte varování v podpise )

Změnte heslo na icq

Stahněte SAS http://portable.superantispyware.com/sassaferun.php
-proveďte aktualizaci a dejte uplný sken.
-Co najde, smažte,a napište co našel.
(tato verze se neinstaluje, je v angličtině. Pokud potřebujete uplný návod, klikněte mi v podpisu na SAS)

[Paegas]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2010 at 05:08 AM

Application Version : 4.37.1000

Core Rules Database Version : 4926
Trace Rules Database Version: 2738

Scan type : Complete Scan
Total Scan Time : 00:25:20

Memory items scanned : 450
Ahojenky
zálohu dat mám udělanou (před Combem),
Hesla změněna všude,..teď místo aby mi psali jiní že jim ode mě chodí vir,..chodí mi od nich i přes zapnutou ochranu, bota

Tady je log:

Memory threats detected : 0
Registry items scanned : 4102
Registry threats detected : 0
File items scanned : 25280
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\xxx\Cookies\xxx@media6degrees[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@content.yieldmanager[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@doubleclick[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@ad.yieldmanager[1].txt
C:\Documents and Settings\xxx\Cookies\xxx@content.yieldmanager[3].txt
C:\Documents and Settings\xxx\Cookies\xxx@ad2.billboard[1].txt
C:\Documents and Settings\xxx\Cookies\xxx@toplist[1].txt
C:\Documents and Settings\xxx\Cookies\xxx@ad2.billboard[2].txt
C:\Documents and Settings\xxx\Cookies\xxx@tradedoubler[2].txt

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\Program Files\SweetIM

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"DivXUpdate"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

Extra::

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Paegas]

Log z Comba

ComboFix 10-05-12.04 - xxx 13.05.2010 14:50:05.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1013.176 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100513-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-13 do 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 02:31 . 2010-05-13 02:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-13 02:31 . 2010-05-13 02:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-12 14:37 . 2010-05-12 14:37 -------- d-----w- c:\program files\QIP 2010
2010-05-12 14:23 . 2010-05-12 14:23 -------- d-----w- c:\program files\trend micro
2010-05-12 14:23 . 2010-05-12 14:23 -------- d-----w- C:\rsit
2010-04-23 06:38 . 2010-04-25 04:55 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-15 07:19 . 2010-04-23 06:44 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 07:45 . 2009-11-21 11:50 -------- d-----w- c:\program files\DivX
2010-04-23 06:38 . 2009-11-21 11:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-19 06:21 . 2008-05-23 16:03 -------- d-----w- c:\program files\FreeCommander
2010-04-02 10:51 . 2008-05-23 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 10:38 . 2010-04-02 10:38 -------- d-----w- c:\program files\Activision
2010-04-01 14:55 . 2010-04-01 14:55 -------- d-----w- c:\program files\Common Files\Skype
2010-04-01 14:55 . 2008-05-23 23:53 -------- d-----r- c:\program files\Skype
2010-03-31 01:58 . 2009-11-21 11:50 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2009-11-21 11:50 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2009-11-21 11:50 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2009-11-21 11:50 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-11-21 11:50 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-11-21 11:50 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 09:03 . 2002-12-27 11:18 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 09:03 . 2002-12-27 11:18 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 17:01 . 2009-12-18 17:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2008-10-05 14:36 . 2009-09-19 02:21 4411392 ----a-w- c:\program files\mplayerc.exe
2008-07-22 15:51 . 2008-07-22 15:51 8904808 ----a-w- c:\program files\Opera_951_in_Setup.exe
2008-07-22 12:30 . 2008-07-22 12:30 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-07-22 10:49 . 2008-07-22 10:49 7334032 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-12_14.04.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-13 01:23 . 2010-05-13 01:23 16384 c:\windows\temp\Perflib_Perfdata_544.dat
+ 2010-05-13 02:32 . 2010-05-13 02:32 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-05-13 02:32 . 2010-05-13 02:32 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-05-13 02:32 . 2010-05-13 02:32 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-05-13 02:32 . 2010-05-13 02:32 1583616 c:\windows\Installer\3ee61f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-11-07 21633320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2008-12-16 21:24 62736 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Z flasky\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"c:\\Program Files\\QIP Infium2\\infium.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.5.2008 17:50 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6.5.2010 17:10 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.5.2008 17:50 20560]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [24.12.2008 6:01 3601680]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [24.12.2008 6:01 8208]
R3 es1969;Zvukový ovladač ESS 1969 (WDM);c:\windows\system32\drivers\es1969.sys [25.6.2008 17:16 72192]
R3 racmirror;racmirror;c:\windows\system32\drivers\racmirror.sys [24.12.2008 6:01 32784]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.4.2010 9:19 135664]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
.
Obsah adresáře 'Naplánované úlohy'

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:19]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\ojwb7tda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 14:54
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\RACServerLogon2.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2010-05-13 14:58:55
ComboFix-quarantined-files.txt 2010-05-13 12:58
ComboFix2.txt 2010-05-12 14:05

Před spuštěním: Volných bajtů: 118 279 520 256
Po spuštění: Volných bajtů: 118 238 375 936

- - End Of File -

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[Paegas]

PC se načítá rychleji,.. na skype mi začali chodit odkazy..
ICQ= měnila jsem tam heslo a ok, nyní po zapojení mi to nové nebere, jen to staré a i když zadávám opět nové (zcela jiné) nejde to spustit vůbec..., jen s tím starým


Logfile of random's system information tool 1.07 (written by random/random)
Run by xxx at 2010-05-13 21:41:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 115 GB (75%) free of 153 GB
Total RAM: 1013 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:41:46, on 13.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\xxx\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\xxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RACServerLogon - RACServerLogon2.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - C:\Program Files\PCNetSoftware\RAC Server\RACs.exe

--
End of file - 4109 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RACServerLogon]
C:\WINDOWS\system32\RACServerLogon2.dll [2008-12-16 62736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Z flasky\QIP\qip.exe"="C:\Z flasky\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\PCNetSoftware\RAC Server\RACs.exe"="C:\Program Files\PCNetSoftware\RAC Server\RACs.exe:*:Enabled:Remote Administrator Control Server"
"C:\Program Files\QIP Infium2\infium.exe"="C:\Program Files\QIP Infium2\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Vzdálená pomoc - Windows Messenger a přenos hlasu"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-13 21:41:42 ----D---- C:\rsit
2010-05-13 21:19:39 ----D---- C:\Program Files\CCleaner
2010-05-13 20:45:30 ----SHD---- C:\RECYCLER
2010-05-13 04:32:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-05-13 04:31:58 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-13 04:31:58 ----D---- C:\Documents and Settings\xxx\Data aplikací\SUPERAntiSpyware.com
2010-05-13 04:31:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-12 16:37:26 ----D---- C:\Program Files\QIP 2010
2010-05-12 16:23:39 ----D---- C:\Program Files\trend micro
2010-05-12 16:05:30 ----D---- C:\WINDOWS\temp
2010-05-12 15:56:59 ----A---- C:\Boot.bak
2010-05-12 15:56:56 ----RASHD---- C:\cmdcons
2010-05-12 15:51:13 ----D---- C:\WINDOWS\CSC
2010-04-23 08:38:32 ----D---- C:\WINDOWS\SxsCaPendDel
2010-04-15 09:19:29 ----D---- C:\Program Files\Google
2010-04-15 09:18:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-04-14 21:33:32 ----D---- C:\Documents and Settings\xxx\Data aplikací\Real

======List of files/folders modified in the last 1 months======

2010-05-13 21:39:05 ----D---- C:\WINDOWS\Prefetch
2010-05-13 21:38:28 ----D---- C:\Documents and Settings\xxx\Data aplikací\Skype
2010-05-13 21:37:57 ----D---- C:\WINDOWS
2010-05-13 21:36:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-13 21:21:54 ----D---- C:\WINDOWS\Debug
2010-05-13 21:19:39 ----RD---- C:\Program Files
2010-05-13 20:41:21 ----D---- C:\WINDOWS\Minidump
2010-05-13 20:40:29 ----D---- C:\WINDOWS\system32
2010-05-13 20:36:46 ----SHD---- C:\System Volume Information
2010-05-13 20:36:46 ----D---- C:\WINDOWS\system32\Restore
2010-05-13 20:36:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-13 16:05:10 ----D---- C:\Documents and Settings\xxx\Data aplikací\skypePM
2010-05-13 14:54:38 ----A---- C:\WINDOWS\system.ini
2010-05-13 14:52:30 ----D---- C:\WINDOWS\system32\drivers
2010-05-13 14:52:30 ----D---- C:\WINDOWS\AppPatch
2010-05-13 14:52:25 ----D---- C:\Program Files\Common Files
2010-05-13 04:32:06 ----SHD---- C:\WINDOWS\Installer
2010-05-12 15:56:59 ----RASH---- C:\boot.ini
2010-05-12 09:45:29 ----D---- C:\Program Files\DivX
2010-05-09 18:47:38 ----A---- C:\WINDOWS\ULEAD32.INI
2010-04-23 08:38:32 ----D---- C:\Program Files\Common Files\DivX Shared
2010-04-23 08:12:06 ----A---- C:\SGuser.txt
2010-04-19 08:21:11 ----D---- C:\Program Files\FreeCommander
2010-04-15 09:38:20 ----D---- C:\Documents and Settings\xxx\Data aplikací\DivX
2010-04-15 09:19:39 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 RACDriver;RAC driver; \??\C:\Program Files\PCNetSoftware\RAC Server\RACDriver.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 es1969;Zvukový ovladač ESS 1969 (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 racmirror;racmirror; C:\WINDOWS\system32\DRIVERS\racmirror.sys [2008-03-25 32784]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-12-27 9600]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-12-27 12160]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server; C:\Program Files\PCNetSoftware\RAC Server\RACs.exe [2008-12-16 3601680]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

[motji]

Na skype Vám chodí odkazy od ostatních,ne? Tam si také změňte heslo.
Na ICQ si ho zkuste změnit znovu .

spusťte přejmenované HJT C:\Program Files\trend micro\xxx.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE

- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc

Na tomto počítači máte zapnutou vzdálenou správu počítače?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky