3 infikovane soubory - nejdou smazat

[thOma$]

Zdravim, Avast hlasi 3 infikovane soubory:

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cryptnet32.dll
C:\WINDOWS\system32\winlogon.exe

Předem díky za pomoc

Zde je log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Misa at 2010-12-11 12:45:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (35%) free of 50 GB
Total RAM: 895 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:18, on 11.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extras\ViOrb\ViOrb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Misa\Dokumenty\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Misa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>Index of /saval</title>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <h1>Index of /saval</h1>
O1 - Hosts: <table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr>
O1 - Hosts: <tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/">Parent Directory</a></td><td>&nbsp;</td><td align="right"> - </td><td>&nbsp;</td></tr>
O1 - Hosts: <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="dns.txt">dns.txt</a></td><td align="right">01-Nov-2010 02:56 </td><td align="right">564 </td><td>&nbsp;</td></tr>
O1 - Hosts: <tr><th colspan="5"><hr></th></tr>
O1 - Hosts: </table>
O1 - Hosts: <address>Apache/2.2.16 (CentOS) Server at vida-gamer.com Port 80</address>
O1 - Hosts: </body></html>
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extras\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{16D98207-B447-4876-AF23-21E301BD5483}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extras\ViOrb\ViOrb.exe [2008-12-07 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-18 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-11-30 32768]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-12-19 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\explorer.exe [2010-11-21 1486336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Misa\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-14 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Windows XP Ultimate 2009\Windows XP Ultimate 2009.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Windows XP Ultimate 2009.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Misa\Data aplikací\S-4535-6842-8745\winsnvc.exe"="C:\Documents and Settings\Misa\Data aplikací\S-4535-6842-8745\winsnvc.exe:*:Enabled:Windows Update Services"
"C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrsvn.exe"="C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrsvn.exe:*:Enabled:Windows Boot Control"
"C:\Documents and Settings\Misa\Data aplikací\U-2535-6853-8747\winusbmgr.exe"="C:\Documents and Settings\Misa\Data aplikací\U-2535-6853-8747\winusbmgr.exe:*:Enabled:Windows USB Service"
"C:\DOCUME~1\Misa\LOCALS~1\Temp\7874286.exe"="C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse"
"C:\Documents and Settings\Misa\Data aplikací\N-7695-6489-5842\winvsrcn.exe"="C:\Documents and Settings\Misa\Data aplikací\N-7695-6489-5842\winvsrcn.exe:*:Enabled:WinSysMngrUpdate"
"C:\Documents and Settings\Misa\Data aplikací\G-2535-6853-2745\winusbmngr.exe"="C:\Documents and Settings\Misa\Data aplikací\G-2535-6853-2745\winusbmngr.exe:*:Enabled:Windows USB Control"
"C:\DOCUME~1\Misa\LOCALS~1\Temp\867.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrcsnc.exe"="C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrcsnc.exe:*:Enabled:WinCtrlSrvc"
"C:\Documents and Settings\Misa\Local Settings\Temporary Internet Files\Content.IE5\SXO3R2T9\Facemoods[1].exe"="C:\Documents and Settings\Misa\Local Settings\Temporary Internet Files\Content.IE5\SXO3R2T9\Facemoods[1].exe:*:Enabled:Facemoods Installer"
"C:\Documents and Settings\Misa\Data aplikací\Microsoft-5858-2574\winsvcrn.exe"="C:\Documents and Settings\Misa\Data aplikací\Microsoft-5858-2574\winsvcrn.exe:*:Enabled:MicrosoftMSDUpdateService"
"C:\Program Files\Java\jre-07\bin\jusched.exe"="C:\Program Files\Java\jre-07\bin\jusched.exe:*:Enabled:JavaUpdate,"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-11 12:45:05 ----D---- C:\rsit
2010-12-11 12:45:05 ----D---- C:\Program Files\trend micro
2010-12-11 12:40:08 ----A---- C:\WINDOWS\system32\dll.dll
2010-11-22 22:03:38 ----D---- C:\Program Files\CCleaner
2010-11-22 21:58:01 ----HD---- C:\WINDOWS\PIF
2010-11-22 21:54:46 ----ASH---- C:\hiberfil.sys
2010-11-21 20:42:32 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-21 16:31:13 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-21 16:31:12 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-21 16:31:10 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-21 16:31:08 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-21 16:31:02 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-21 16:31:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-21 16:30:58 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-21 16:29:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-21 16:28:17 ----D---- C:\Program Files\Alwil Software
2010-11-21 16:28:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-21 16:19:56 ----RA---- C:\Documents and Settings\Misa\Data aplikací\BG0Ai.txt

======List of files/folders modified in the last 1 months======

2010-12-11 12:45:15 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-11 12:45:11 ----AD---- C:\WINDOWS\Temp
2010-12-11 12:45:05 ----RD---- C:\Program Files
2010-12-11 12:44:51 ----D---- C:\WINDOWS\Prefetch
2010-12-11 12:43:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-11 12:43:03 ----D---- C:\WINDOWS\Registration
2010-12-11 12:42:48 ----D---- C:\WINDOWS
2010-12-11 12:40:39 ----D---- C:\WINDOWS\system32
2010-12-11 12:39:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-11 12:39:03 ----A---- C:\WINDOWS\wincmd.ini
2010-12-11 12:24:27 ----D---- C:\Documents and Settings\Misa\Data aplikací\Mozilla
2010-12-11 12:24:09 ----D---- C:\Program Files\Mozilla Firefox
2010-12-11 12:20:46 ----SD---- C:\WINDOWS\Tasks
2010-11-22 22:16:15 ----D---- C:\Documents and Settings\Misa\Data aplikací\Skype
2010-11-22 22:15:54 ----D---- C:\Documents and Settings\Misa\Data aplikací\skypePM
2010-11-22 22:11:50 ----D---- C:\Documents and Settings\Misa\Data aplikací\Winamp
2010-11-22 22:11:05 ----D---- C:\WINDOWS\Minidump
2010-11-22 22:11:05 ----D---- C:\WINDOWS\Debug
2010-11-22 21:58:16 ----A---- C:\WINDOWS\system.ini
2010-11-22 15:24:36 ----D---- C:\WINDOWS\system32\drivers
2010-11-22 15:12:01 ----SHD---- C:\RECYCLER
2010-11-22 15:11:51 ----AH---- C:\Documents and Settings\Misa\Data aplikací\winsavesrc.txt
2010-11-22 15:11:49 ----AH---- C:\WINDOWS\soms.txt
2010-11-21 20:42:32 ----SHD---- C:\WINDOWS\Installer
2010-11-21 20:39:51 ----HD---- C:\Config.Msi
2010-11-21 20:39:45 ----HD---- C:\WINDOWS\inf
2010-11-21 19:56:18 ----D---- C:\WINDOWS\Network Diagnostic
2010-11-21 19:46:33 ----D---- C:\Program Files\Google
2010-11-21 19:46:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-11-21 19:12:17 ----A---- C:\WINDOWS\explorer.exe
2010-11-21 17:37:57 ----RSHD---- C:\Documents and Settings\Misa\Data aplikací\U-2535-6853-8747
2010-11-21 17:37:57 ----RSHD---- C:\Documents and Settings\Misa\Data aplikací\S-4535-6842-8745
2010-11-21 17:37:57 ----RSHD---- C:\Documents and Settings\Misa\Data aplikací\N-7695-6489-5842
2010-11-21 17:27:23 ----RSHD---- C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745
2010-11-21 17:10:01 ----AH---- C:\WINDOWS\system32\winrtsnr.txt
2010-11-21 16:58:41 ----SHD---- C:\WINDOWS\system32\lowsec
2010-11-21 16:57:13 ----D---- C:\Documents and Settings
2010-11-21 16:50:16 ----RSD---- C:\WINDOWS\Fonts
2010-11-21 16:49:19 ----RSHD---- C:\Documents and Settings\Misa\Data aplikací\G-2535-6853-2745
2010-11-21 16:30:25 ----D---- C:\WINDOWS\WinSxS
2010-11-21 16:21:01 ----D---- C:\Program Files\Java
2010-11-15 15:00:19 ----A---- C:\WINDOWS\system32\shimg.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-12-14 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2008-12-26 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2008-12-26 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2008-12-26 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2008-12-26 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2008-12-26 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-12-26 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-04 105856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 akibudfj;akibudfj; \??\C:\WINDOWS\System32\Drivers\akibudfj.sys []
S3 bdqldfjw;bdqldfjw; \??\C:\WINDOWS\System32\Drivers\bdqldfjw.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 creqbdwt;creqbdwt; \??\C:\WINDOWS\System32\Drivers\creqbdwt.sys []
S3 ctatsjug;ctatsjug; \??\C:\WINDOWS\System32\Drivers\ctatsjug.sys []
S3 cvwxlpxw;cvwxlpxw; \??\C:\WINDOWS\System32\Drivers\cvwxlpxw.sys []
S3 diqrhapg;diqrhapg; \??\C:\WINDOWS\System32\Drivers\diqrhapg.sys []
S3 ebcrhavg;ebcrhavg; \??\C:\WINDOWS\System32\Drivers\ebcrhavg.sys []
S3 eknpnjua;eknpnjua; \??\C:\WINDOWS\System32\Drivers\eknpnjua.sys []
S3 elsgpiqq;elsgpiqq; \??\C:\WINDOWS\System32\Drivers\elsgpiqq.sys []
S3 fhklnqka;fhklnqka; \??\C:\WINDOWS\System32\Drivers\fhklnqka.sys []
S3 fvruvatk;fvruvatk; \??\C:\WINDOWS\System32\Drivers\fvruvatk.sys []
S3 ghhjnutn;ghhjnutn; \??\C:\WINDOWS\System32\Drivers\ghhjnutn.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 hssswmgb;hssswmgb; \??\C:\WINDOWS\System32\Drivers\hssswmgb.sys []
S3 hsubenwa;hsubenwa; \??\C:\WINDOWS\System32\Drivers\hsubenwa.sys []
S3 kerrvoud;kerrvoud; \??\C:\WINDOWS\System32\Drivers\kerrvoud.sys []
S3 khrqihus;khrqihus; \??\C:\WINDOWS\System32\Drivers\khrqihus.sys []
S3 ksmrgole;ksmrgole; \??\C:\WINDOWS\System32\Drivers\ksmrgole.sys []
S3 lmkxiyqo;lmkxiyqo; \??\C:\WINDOWS\System32\Drivers\lmkxiyqo.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxonumbp;mxonumbp; \??\C:\WINDOWS\System32\Drivers\mxonumbp.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nihcjuit;nihcjuit; \??\C:\WINDOWS\System32\Drivers\nihcjuit.sys []
S3 nzjkfpai;nzjkfpai; \??\C:\WINDOWS\System32\Drivers\nzjkfpai.sys []
S3 octkrqno;octkrqno; \??\C:\WINDOWS\System32\Drivers\octkrqno.sys []
S3 ohuzubjr;ohuzubjr; \??\C:\WINDOWS\System32\Drivers\ohuzubjr.sys []
S3 PAC207;VideoCAM GE111; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pnqmvfxw;pnqmvfxw; \??\C:\WINDOWS\System32\Drivers\pnqmvfxw.sys []
S3 prbmamtj;prbmamtj; \??\C:\WINDOWS\System32\Drivers\prbmamtj.sys []
S3 pufobvoo;pufobvoo; \??\C:\WINDOWS\System32\Drivers\pufobvoo.sys []
S3 pzmewpiv;pzmewpiv; \??\C:\WINDOWS\System32\Drivers\pzmewpiv.sys []
S3 raqyvslg;raqyvslg; \??\C:\WINDOWS\System32\Drivers\raqyvslg.sys []
S3 rpprelqt;rpprelqt; \??\C:\WINDOWS\System32\Drivers\rpprelqt.sys []
S3 sgydsajd;sgydsajd; \??\C:\WINDOWS\System32\Drivers\sgydsajd.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 slqztlkk;slqztlkk; \??\C:\WINDOWS\System32\Drivers\slqztlkk.sys []
S3 sontlvnk;sontlvnk; \??\C:\WINDOWS\System32\Drivers\sontlvnk.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tezsvsjq;tezsvsjq; \??\C:\WINDOWS\System32\Drivers\tezsvsjq.sys []
S3 thwicbdu;thwicbdu; \??\C:\WINDOWS\System32\Drivers\thwicbdu.sys []
S3 ujsigazn;ujsigazn; \??\C:\WINDOWS\System32\Drivers\ujsigazn.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 uwbxdubb;uwbxdubb; \??\C:\WINDOWS\System32\Drivers\uwbxdubb.sys []
S3 uyiotzls;uyiotzls; \??\C:\WINDOWS\System32\Drivers\uyiotzls.sys []
S3 wizylqtx;wizylqtx; \??\C:\WINDOWS\System32\Drivers\wizylqtx.sys []
S3 wleuvmeq;wleuvmeq; \??\C:\WINDOWS\System32\Drivers\wleuvmeq.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-12-14 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-12-14 82944]
S3 wzaqrtbp;wzaqrtbp; \??\C:\WINDOWS\System32\Drivers\wzaqrtbp.sys []
S3 xtailmwi;xtailmwi; \??\C:\WINDOWS\System32\Drivers\xtailmwi.sys []
S3 ykzvffgj;ykzvffgj; \??\C:\WINDOWS\System32\Drivers\ykzvffgj.sys []
S3 zdoyzamm;zdoyzamm; \??\C:\WINDOWS\System32\Drivers\zdoyzamm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2008-12-26 58880]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2008-12-22 238592]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2008-12-22 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Nesmaze je, jelikoz jsou to systemove soubory, ale vypada to, ze jsou patchnute nejakou havet, ktere je tam tedy pozehnane

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[thOma$]

Tak ComboFix log je tu:

ComboFix 10-12-10.01 - Misa 11.12.2010 13:49:01.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.438 [GMT 1:00]
Spuštěný z: c:\documents and settings\Misa\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\Server\admin.txt
c:\documents and settings\All Users\Dokumenty\Server\server.dat
c:\documents and settings\Misa\Data aplikací\Desktopicon
c:\documents and settings\Misa\Data aplikací\Desktopicon\config.ini
c:\documents and settings\Misa\Data aplikací\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Misa\Data aplikací\facemoods.com
c:\documents and settings\Misa\Data aplikací\facemoods.com\facemoods\Online Games.ico
c:\documents and settings\Misa\secupdat.dat
c:\windows\mdlu.dl
c:\windows\prefetch\explorer.exe
c:\windows\system32\crt.dat
c:\windows\system32\Dll.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\secupdat.dat
c:\windows\system32\shimg.dll
c:\windows\system32\spool\prtprocs\w32x86\1.tmp
c:\windows\system32\winrtsnr.txt
c:\windows\wintybrd.png
c:\windows\wintybrdf.jpg

c:\windows\regedit.exe . . . je infikován!!

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
c:\windows\system32\winlogon.exe . . . je infikován!!

c:\windows\explorer.exe . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GOOGLEUPDATEBETA
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- C:\rsit
2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- c:\program files\trend micro
2010-11-22 21:03 . 2010-11-22 21:03 -------- d-----w- c:\program files\CCleaner
2010-11-22 20:58 . 2010-11-22 20:58 -------- d--h--w- c:\windows\PIF
2010-11-21 15:57 . 2010-11-21 16:35 -------- d-----w- c:\documents and settings\Administrator
2010-11-21 15:31 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-21 15:31 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-21 15:31 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-21 15:31 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-21 15:31 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-21 15:31 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-21 15:30 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-21 15:29 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-21 15:29 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\program files\Alwil Software
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-20 16:13 . 2010-11-20 16:13 -------- d-sh--w- c:\documents and settings\Misa\IECompatCache
2010-11-11 15:22 . 2010-11-11 15:22 -------- d-sh--r- c:\documents and settings\Misa\Data aplikací\Microsoft-5858-2574

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 18:12 . 2008-12-19 12:43 1486336 ----a-w- c:\windows\explorer.exe
.

------- Sigcheck -------

[-] 2008-12-19 . 2A0EA41CB6AA9DD377374D1962A971DA . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-12-19 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-12-19 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2010-11-21 . B52C358A117C846FF509157A7DB7B222 . 1486336 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-12-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViOrb"="c:\program files\extras\ViOrb\ViOrb.exe" [2008-12-07 69632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-18 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Misa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:20cbb5e7cb60

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.11.2010 16:31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.11.2010 16:31 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
S3 akibudfj;akibudfj;\??\c:\windows\System32\Drivers\akibudfj.sys --> c:\windows\System32\Drivers\akibudfj.sys [?]
S3 bdqldfjw;bdqldfjw;\??\c:\windows\System32\Drivers\bdqldfjw.sys --> c:\windows\System32\Drivers\bdqldfjw.sys [?]
S3 creqbdwt;creqbdwt;\??\c:\windows\System32\Drivers\creqbdwt.sys --> c:\windows\System32\Drivers\creqbdwt.sys [?]
S3 ctatsjug;ctatsjug;\??\c:\windows\System32\Drivers\ctatsjug.sys --> c:\windows\System32\Drivers\ctatsjug.sys [?]
S3 cvwxlpxw;cvwxlpxw;\??\c:\windows\System32\Drivers\cvwxlpxw.sys --> c:\windows\System32\Drivers\cvwxlpxw.sys [?]
S3 diqrhapg;diqrhapg;\??\c:\windows\System32\Drivers\diqrhapg.sys --> c:\windows\System32\Drivers\diqrhapg.sys [?]
S3 ebcrhavg;ebcrhavg;\??\c:\windows\System32\Drivers\ebcrhavg.sys --> c:\windows\System32\Drivers\ebcrhavg.sys [?]
S3 eknpnjua;eknpnjua;\??\c:\windows\System32\Drivers\eknpnjua.sys --> c:\windows\System32\Drivers\eknpnjua.sys [?]
S3 elsgpiqq;elsgpiqq;\??\c:\windows\System32\Drivers\elsgpiqq.sys --> c:\windows\System32\Drivers\elsgpiqq.sys [?]
S3 fhklnqka;fhklnqka;\??\c:\windows\System32\Drivers\fhklnqka.sys --> c:\windows\System32\Drivers\fhklnqka.sys [?]
S3 fvruvatk;fvruvatk;\??\c:\windows\System32\Drivers\fvruvatk.sys --> c:\windows\System32\Drivers\fvruvatk.sys [?]
S3 ghhjnutn;ghhjnutn;\??\c:\windows\System32\Drivers\ghhjnutn.sys --> c:\windows\System32\Drivers\ghhjnutn.sys [?]
S3 hssswmgb;hssswmgb;\??\c:\windows\System32\Drivers\hssswmgb.sys --> c:\windows\System32\Drivers\hssswmgb.sys [?]
S3 hsubenwa;hsubenwa;\??\c:\windows\System32\Drivers\hsubenwa.sys --> c:\windows\System32\Drivers\hsubenwa.sys [?]
S3 kerrvoud;kerrvoud;\??\c:\windows\System32\Drivers\kerrvoud.sys --> c:\windows\System32\Drivers\kerrvoud.sys [?]
S3 khrqihus;khrqihus;\??\c:\windows\System32\Drivers\khrqihus.sys --> c:\windows\System32\Drivers\khrqihus.sys [?]
S3 ksmrgole;ksmrgole;\??\c:\windows\System32\Drivers\ksmrgole.sys --> c:\windows\System32\Drivers\ksmrgole.sys [?]
S3 lmkxiyqo;lmkxiyqo;\??\c:\windows\System32\Drivers\lmkxiyqo.sys --> c:\windows\System32\Drivers\lmkxiyqo.sys [?]
S3 mxonumbp;mxonumbp;\??\c:\windows\System32\Drivers\mxonumbp.sys --> c:\windows\System32\Drivers\mxonumbp.sys [?]
S3 nihcjuit;nihcjuit;\??\c:\windows\System32\Drivers\nihcjuit.sys --> c:\windows\System32\Drivers\nihcjuit.sys [?]
S3 nzjkfpai;nzjkfpai;\??\c:\windows\System32\Drivers\nzjkfpai.sys --> c:\windows\System32\Drivers\nzjkfpai.sys [?]
S3 octkrqno;octkrqno;\??\c:\windows\System32\Drivers\octkrqno.sys --> c:\windows\System32\Drivers\octkrqno.sys [?]
S3 ohuzubjr;ohuzubjr;\??\c:\windows\System32\Drivers\ohuzubjr.sys --> c:\windows\System32\Drivers\ohuzubjr.sys [?]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 9:46 162176]
S3 pnqmvfxw;pnqmvfxw;\??\c:\windows\System32\Drivers\pnqmvfxw.sys --> c:\windows\System32\Drivers\pnqmvfxw.sys [?]
S3 prbmamtj;prbmamtj;\??\c:\windows\System32\Drivers\prbmamtj.sys --> c:\windows\System32\Drivers\prbmamtj.sys [?]
S3 pufobvoo;pufobvoo;\??\c:\windows\System32\Drivers\pufobvoo.sys --> c:\windows\System32\Drivers\pufobvoo.sys [?]
S3 pzmewpiv;pzmewpiv;\??\c:\windows\System32\Drivers\pzmewpiv.sys --> c:\windows\System32\Drivers\pzmewpiv.sys [?]
S3 raqyvslg;raqyvslg;\??\c:\windows\System32\Drivers\raqyvslg.sys --> c:\windows\System32\Drivers\raqyvslg.sys [?]
S3 rpprelqt;rpprelqt;\??\c:\windows\System32\Drivers\rpprelqt.sys --> c:\windows\System32\Drivers\rpprelqt.sys [?]
S3 sgydsajd;sgydsajd;\??\c:\windows\System32\Drivers\sgydsajd.sys --> c:\windows\System32\Drivers\sgydsajd.sys [?]
S3 slqztlkk;slqztlkk;\??\c:\windows\System32\Drivers\slqztlkk.sys --> c:\windows\System32\Drivers\slqztlkk.sys [?]
S3 sontlvnk;sontlvnk;\??\c:\windows\System32\Drivers\sontlvnk.sys --> c:\windows\System32\Drivers\sontlvnk.sys [?]
S3 tezsvsjq;tezsvsjq;\??\c:\windows\System32\Drivers\tezsvsjq.sys --> c:\windows\System32\Drivers\tezsvsjq.sys [?]
S3 thwicbdu;thwicbdu;\??\c:\windows\System32\Drivers\thwicbdu.sys --> c:\windows\System32\Drivers\thwicbdu.sys [?]
S3 ujsigazn;ujsigazn;\??\c:\windows\System32\Drivers\ujsigazn.sys --> c:\windows\System32\Drivers\ujsigazn.sys [?]
S3 uwbxdubb;uwbxdubb;\??\c:\windows\System32\Drivers\uwbxdubb.sys --> c:\windows\System32\Drivers\uwbxdubb.sys [?]
S3 uyiotzls;uyiotzls;\??\c:\windows\System32\Drivers\uyiotzls.sys --> c:\windows\System32\Drivers\uyiotzls.sys [?]
S3 wizylqtx;wizylqtx;\??\c:\windows\System32\Drivers\wizylqtx.sys --> c:\windows\System32\Drivers\wizylqtx.sys [?]
S3 wleuvmeq;wleuvmeq;\??\c:\windows\System32\Drivers\wleuvmeq.sys --> c:\windows\System32\Drivers\wleuvmeq.sys [?]
S3 wzaqrtbp;wzaqrtbp;\??\c:\windows\System32\Drivers\wzaqrtbp.sys --> c:\windows\System32\Drivers\wzaqrtbp.sys [?]
S3 xtailmwi;xtailmwi;\??\c:\windows\System32\Drivers\xtailmwi.sys --> c:\windows\System32\Drivers\xtailmwi.sys [?]
S3 ykzvffgj;ykzvffgj;\??\c:\windows\System32\Drivers\ykzvffgj.sys --> c:\windows\System32\Drivers\ykzvffgj.sys [?]
S3 zdoyzamm;zdoyzamm;\??\c:\windows\System32\Drivers\zdoyzamm.sys --> c:\windows\System32\Drivers\zdoyzamm.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{16D98207-B447-4876-AF23-21E301BD5483}.job
- c:\windows\system32\msfeedssync.exe [2008-12-14 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 13:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msacm32.drv

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\extras\ViOrb\StartHook.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-12-11 13:58:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-11 12:58

Před spuštěním: Volných bajtů: 18 235 584 512
Po spuštění: Volných bajtů: 18 264 510 464

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8F2DCB81F5BD38E2464E6DA7D81DC896

[vyosek]

Mate instalacni CD od Windows, Avast se nemylil, soubory jsou infikovane Zkusime je obnovit pres CF ale nevim zda se po povede...A doufam ze tam nemate viruta

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  ebcrhavg
  eknpnjua
  elsgpiqq
  fhklnqka
  fvruvatk
  ghhjnutn
  hssswmgb
  hsubenwa
  kerrvoud
  khrqihus
  ksmrgole
  lmkxiyqo
  mxonumbp
  nihcjuit
  nzjkfpai
  octkrqno
  ohuzubjr
  pnqmvfxw
  prbmamtj
  pufobvoo
  pzmewpiv
  raqyvslg
  rpprelqt
  sgydsajd
  slqztlkk
  sontlvnk
  tezsvsjq
  thwicbdu
  ujsigazn
  uwbxdubb
  uyiotzls
  wizylqtx
  wleuvmeq
  wzaqrtbp
  xtailmwi
  ykzvffgj
  zdoyzamm
  
  Collect::
  c:\windows\System32\Drivers\ebcrhavg.sys 
  c:\windows\System32\Drivers\eknpnjua.sys 
  c:\windows\System32\Drivers\elsgpiqq.sys 
  c:\windows\System32\Drivers\fhklnqka.sys 
  c:\windows\System32\Drivers\fvruvatk.sys 
  c:\windows\System32\Drivers\ghhjnutn.sys 
  c:\windows\System32\Drivers\hssswmgb.sys 
  c:\windows\System32\Drivers\hsubenwa.sys 
  c:\windows\System32\Drivers\kerrvoud.sys 
  c:\windows\System32\Drivers\khrqihus.sys 
  c:\windows\System32\Drivers\ksmrgole.sys 
  c:\windows\System32\Drivers\lmkxiyqo.sys 
  c:\windows\System32\Drivers\mxonumbp.sys 
  c:\windows\System32\Drivers\nihcjuit.sys 
  c:\windows\System32\Drivers\nzjkfpai.sys 
  c:\windows\System32\Drivers\octkrqno.sys 
  c:\windows\System32\Drivers\ohuzubjr.sys 
  c:\windows\System32\Drivers\pnqmvfxw.sys 
  c:\windows\System32\Drivers\prbmamtj.sys 
  c:\windows\System32\Drivers\pufobvoo.sys 
  c:\windows\System32\Drivers\pzmewpiv.sys 
  c:\windows\System32\Drivers\raqyvslg.sys 
  c:\windows\System32\Drivers\rpprelqt.sys 
  c:\windows\System32\Drivers\sgydsajd.sys 
  c:\windows\System32\Drivers\slqztlkk.sys 
  c:\windows\System32\Drivers\sontlvnk.sys 
  c:\windows\System32\Drivers\tezsvsjq.sys 
  c:\windows\System32\Drivers\thwicbdu.sys 
  c:\windows\System32\Drivers\ujsigazn.sys 
  c:\windows\System32\Drivers\uwbxdubb.sys 
  c:\windows\System32\Drivers\uyiotzls.sys 
  c:\windows\System32\Drivers\wizylqtx.sys 
  c:\windows\System32\Drivers\wleuvmeq.sys 
  c:\windows\System32\Drivers\wzaqrtbp.sys 
  c:\windows\System32\Drivers\xtailmwi.sys 
  c:\windows\System32\Drivers\ykzvffgj.sys 
  c:\windows\System32\Drivers\zdoyzamm.sys
  C:\DOCUME~1\Misa\LOCALS~1\Temp\7874286.exe
  C:\WINDOWS\jusched.exe
  C:\DOCUME~1\Misa\LOCALS~1\Temp\867.exe
  C:\WINDOWS\nvsvc32.exe
  C:\Documents and Settings\Misa\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
  C:\Documents and Settings\Misa\Local Settings\Temporary Internet Files\Content.IE5\SXO3R2T9\Facemoods[1].exe
  C:\Documents and Settings\Misa\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
  
  File::
  c:\windows\Tasks\User_Feed_Synchronization-{16D98207-B447-4876-AF23-21E301BD5483}.job
  
  Folder::
  C:\Documents and Settings\Misa\Data aplikací\U-2535-6853-8747
  C:\Documents and Settings\Misa\Data aplikací\S-4535-6842-8745
  C:\Documents and Settings\Misa\Data aplikací\N-7695-6489-5842
  C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745
  
  Registry::
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Documents and Settings\Misa\Data aplikací\S-4535-6842-8745\winsnvc.exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrsvn.exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\U-2535-6853-8747\winusbmgr.exe"=-
  "C:\DOCUME~1\Misa\LOCALS~1\Temp\7874286.exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\N-7695-6489-5842\winvsrcn.exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\G-2535-6853-2745\winusbmngr.exe"=-
  "C:\DOCUME~1\Misa\LOCALS~1\Temp\867.exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\S-2535-6853-2745\winrcsnc.exe"=-
  "C:\Documents and Settings\Misa\Local Settings\Temporary Internet Files\Content.IE5\SXO3R2T9\Facemoods[1].exe"=-
  "C:\Documents and Settings\Misa\Data aplikací\Microsoft-5858-2574\winsvcrn.exe"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "_nltide_2"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HP Software Update"=-
  "SunJavaUpdateSched"=-
  "RemoteControl"=-
  
  DirLook::
  C:\Documents and Settings\Misa\Data aplikací
  
  FCopy::
  c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll | c:\windows\system32\comctl32.dll
  
  Restore::
  c:\windows\system32\winlogon.exe
  c:\windows\system32\user32.dll
  c:\windows\explorer.exe
  c:\windows\system32\sfcfiles.dll
  c:\windows\system32\ctfmon.exe
  
  SRPeek::
  c:\windows\system32\winlogon.exe
  c:\windows\system32\user32.dll
  c:\windows\explorer.exe
  c:\windows\system32\sfcfiles.dll
  c:\windows\system32\ctfmon.exe

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[thOma$]

Instalacni cd by se nekde naslo, takze pokud ComboFix nepomuze (a vypadato ze nepomohl), tak muzeme zkusit jinou moznost. Btw kdyby melo být po mém, tak provedu reinstal windows , ale jelikoz pc neni muj a osoba, ktera me pozadala o napravu si reinstal nepreje, tak doufam, ze to nejak pujde

Výsledný log z CF:
(Bohužel se do zpravy nevejde)

[vyosek]

Nedavejte prosim logy do code -spatne se to lusti a boli z toho oci - do code davaji jen radci skripty

Stahnete si tento rar soubor http://leteckaposta.cz/800030374, ktery obsahuje nahradni soubory, rozbalte jej primo na disk C:\ takze ty soubory nebudou v zadne slozce

Dalsi skript pro ComboFix - postup je stejny

Kód: Vybrat vše

Driver::
akibudf
bdqldfjw
creqbdwt
ctatsjug
cvwxlpxw
diqrhapg

Collect::
c:\windows\System32\Drivers\akibudfj.sys
c:\windows\System32\Drivers\bdqldfjw.sys
c:\windows\System32\Drivers\creqbdwt.sys
c:\windows\System32\Drivers\ctatsjug.sys
c:\windows\System32\Drivers\cvwxlpxw.sys
c:\windows\System32\Drivers\diqrhapg.sys

FCopy::
C:\winlogon.exe | c:\windows\system32\winlogon.exe
c:\user32.dll | c:\windows\system32\user32.dll
c:\explorer.exe | c:\windows\explorer.exe
c:\ctfmon.exe c:\windows\system32\ctfmon.exe
c:\sfcfiles.dll | c:\windows\system32\sfcfiles.dll

Restore::
c:\windows\regedit.exe

SRPeek::
c:\windows\regedit.exe

Ono je mozne ze na reinstal dojde, jestli je tam virut tak 95% PC tak konci, jelikoz virut napada spustitelne soubory, stale se meni a jeho leceni je velmi velmi obtizne

Udelejte sken AVPToolem http://viry.cz/forum/viewtopic.php?f=29&t=58179 - log pak sem

[thOma$]

Combofix:

ComboFix 10-12-10.01 - Misa 11.12.2010 17:21:12.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.393 [GMT 1:00]
Spuštěný z: c:\documents and settings\Misa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Misa\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\winlogon.exe

c:\windows\regedit.exe . . . je infikován!!

c:\windows\system32\winlogon.exe . . . je infikován!!

c:\windows\explorer.exe . . . je infikován!!

.
--------------- FCopy ---------------

c:\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\user32.dll --> c:\windows\system32\user32.dll
c:\explorer.exe --> c:\windows\explorer.exe
c:\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_bdqldfjw
-------\Service_creqbdwt
-------\Service_ctatsjug
-------\Service_cvwxlpxw
-------\Service_diqrhapg


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 16:08 . 2009-08-17 14:27 578560 ------w- C:\user32.dll
2010-12-11 16:08 . 2009-08-17 14:26 1571840 ------w- C:\sfcfiles.dll
2010-12-11 16:08 . 2009-08-17 14:26 15360 ----a-w- C:\ctfmon.exe
2010-12-11 13:51 . 2010-12-11 13:52 -------- d-----w- c:\windows\system32\NtmsData
2010-12-11 13:02 . 2010-11-16 11:01 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{FB6D6FFC-CCB7-43C5-BE00-C03DE4102065}\mpengine.dll
2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- C:\rsit
2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- c:\program files\trend micro
2010-11-22 21:03 . 2010-11-22 21:03 -------- d-----w- c:\program files\CCleaner
2010-11-22 20:58 . 2010-11-22 20:58 -------- d--h--w- c:\windows\PIF
2010-11-21 15:57 . 2010-11-21 16:35 -------- d-----w- c:\documents and settings\Administrator
2010-11-21 15:31 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-21 15:31 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-21 15:31 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-21 15:31 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-21 15:31 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-21 15:31 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-21 15:30 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-21 15:29 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-21 15:29 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\program files\Alwil Software
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-20 16:13 . 2010-11-20 16:13 -------- d-sh--w- c:\documents and settings\Misa\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 10:53 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2009-08-17 . 83A27E40D15B3F3A3599330701A93B16 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-08-17 . E25FBB87C685C229EC14022FAB5117DC . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-12-11_12.54.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 15:00 . 2010-12-11 15:00 16384 c:\windows\temp\Perflib_Perfdata_740.dat
+ 2010-12-11 16:25 . 2010-12-11 16:25 16384 c:\windows\temp\Perflib_Perfdata_1a8.dat
+ 2010-12-11 13:59 . 2010-12-11 13:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2008-12-19 12:28 . 2009-08-17 14:27 578560 c:\windows\system32\dllcache\user32.dll
+ 2010-12-11 13:59 . 2010-12-11 13:59 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-19 12:23 . 2008-04-14 06:37 1054208 c:\windows\system32\dllcache\comctl32.dll
+ 2008-12-19 12:23 . 2008-04-14 06:37 1054208 c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViOrb"="c:\program files\extras\ViOrb\ViOrb.exe" [2008-12-07 69632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

c:\documents and settings\Misa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:20cbb5e7cb60

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.11.2010 16:31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.11.2010 16:31 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
S3 akibudfj;akibudfj;\??\c:\windows\System32\Drivers\akibudfj.sys --> c:\windows\System32\Drivers\akibudfj.sys [?]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 9:46 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 17:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(964)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\extras\ViOrb\StartHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-12-11 17:28:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-11 16:28
ComboFix2.txt 2010-12-11 15:02
ComboFix3.txt 2010-12-11 14:33
ComboFix4.txt 2010-12-11 12:58

Před spuštěním: Volných bajtů: 17 843 683 328
Po spuštění: Volných bajtů: 17 831 161 856

- - End Of File - - 4518F658F65A8BC247F989494E2C9E8E

AVPTool:

Automatická kontrola: dokončeno před 1 min. (události: 68, objekty: 185819, čas: 00:27:02)
11.12.2010 17:31:50 Úloha byla spuštěna
11.12.2010 17:31:57 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:31:58 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:31:58 Dezinfikováno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:31:58 Bude dezinfikováno při restartování systému: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:00 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:00 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:00 Dezinfikováno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:00 Bude dezinfikováno při restartování systému: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:01 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:01 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:01 Dezinfikováno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:01 Bude dezinfikováno při restartování systému: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:34:17 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:17 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:17 Dezinfikováno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:18 Bude dezinfikováno při restartování systému: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:24 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:24 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:24 Dezinfikováno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:34:24 Bude dezinfikováno při restartování systému: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:43:59 Zjištěno: Backdoor.Win32.Gootkit.ix C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip/sdra64.exe
11.12.2010 17:44:00 Odstraněno: Backdoor.Win32.Gootkit.ix C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip/sdra64.exe
11.12.2010 17:44:04 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Misa\secupdat.dat.vir/PE-Crypt.XorPE
11.12.2010 17:44:04 Zjištěno: Trojan.Win32.Delf.afvf C:\Qoobox\Quarantine\C\WINDOWS\system32\dll.dll.vir
11.12.2010 17:44:05 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Misa\secupdat.dat.vir
11.12.2010 17:44:05 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir/PE-Crypt.XorPE
11.12.2010 17:44:06 Zjištěno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
11.12.2010 17:44:07 Dezinfikováno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
11.12.2010 17:44:07 Dezinfikováno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
11.12.2010 17:44:07 Zjištěno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
11.12.2010 17:44:08 Dezinfikováno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
11.12.2010 17:44:08 Dezinfikováno: Trojan.Win32.Patched.kl C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
11.12.2010 17:44:08 Zjištěno: Virus.Win32.TDSS.b C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir
11.12.2010 17:44:08 Dezinfikováno: Virus.Win32.TDSS.b C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir
11.12.2010 17:44:08 Dezinfikováno: Virus.Win32.TDSS.b C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir
11.12.2010 17:44:18 Odstraněno: Trojan.Win32.Delf.afvf C:\Qoobox\Quarantine\C\WINDOWS\system32\dll.dll.vir
11.12.2010 17:44:21 Zjištěno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0054280.exe
11.12.2010 17:44:25 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir
11.12.2010 17:44:33 Odstraněno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0054280.exe
11.12.2010 17:44:38 Zjištěno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0054939.dll
11.12.2010 17:44:39 Zjištěno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0055939.dll
11.12.2010 17:44:40 Zjištěno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056939.dll
11.12.2010 17:44:47 Odstraněno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0054939.dll
11.12.2010 17:44:47 Zjištěno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056942.exe
11.12.2010 17:44:52 Odstraněno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0055939.dll
11.12.2010 17:44:52 Zjištěno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056943.exe
11.12.2010 17:44:57 Odstraněno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056939.dll
11.12.2010 17:44:57 Zjištěno: Trojan.Win32.Delf.afuq C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0057983.dll
11.12.2010 17:45:02 Odstraněno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056942.exe
11.12.2010 17:45:02 Zjištěno: Trojan.Win32.Delf.afuq C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0057991.dll
11.12.2010 17:45:06 Odstraněno: Trojan.Win32.Pincav.akkf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0056943.exe
11.12.2010 17:45:12 Odstraněno: Trojan.Win32.Delf.afuq C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0057983.dll
11.12.2010 17:45:13 Zjištěno: Virus.Win32.TDSS.b C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP21\A0061120.sys
11.12.2010 17:45:13 Dezinfikováno: Virus.Win32.TDSS.b C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP21\A0061120.sys
11.12.2010 17:45:13 Dezinfikováno: Virus.Win32.TDSS.b C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP21\A0061120.sys
11.12.2010 17:45:15 Zjištěno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP21\A0061213.dll
11.12.2010 17:45:19 Odstraněno: Trojan.Win32.Delf.afuq C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP20\A0057991.dll
11.12.2010 17:45:27 Odstraněno: Trojan.Win32.Delf.afvf C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP21\A0061213.dll
11.12.2010 17:45:28 Zjištěno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062372.exe
11.12.2010 17:45:28 Dezinfikováno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062372.exe
11.12.2010 17:45:29 Dezinfikováno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062372.exe
11.12.2010 17:45:30 Zjištěno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062374.exe
11.12.2010 17:45:31 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\explorer.exe
11.12.2010 17:45:31 Dezinfikováno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062374.exe
11.12.2010 17:45:31 Dezinfikováno: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{68A263FF-B14D-4539-86E0-EF4815D270AD}\RP23\A0062374.exe
11.12.2010 17:49:30 Zjištěno: Trojan.Win32.Patched.kl C:\WINDOWS\system32\winlogon.exe
11.12.2010 17:58:52 Úloha byla dokončena

[vyosek]

Zatim to vidim hodne blede

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\WINDOWS\explorer.exe
  c:\windows\system32\winlogon.exe
  c:\windows\system32\ctfmon.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[thOma$]

http://www.virustotal.com/file-scan/rep ... 1292093614
http://www.virustotal.com/file-scan/rep ... 1292093827
http://www.virustotal.com/file-scan/rep ... 1292094049

[vyosek]

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Odinstalujte AVPTool

Udelejte sken Combofixem, log sem...

[thOma$]

Takze vypnul jsem Obnovu Systemu, restartoval, zapnul obnovu systemu, odinstaloval AVPtool a ComboFix na to tohle:

ComboFix 10-12-11.01 - Misa 11.12.2010 20:14:43.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.466 [GMT 1:00]
Spuštěný z: c:\documents and settings\Misa\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . je infikován!!

c:\windows\system32\winlogon.exe . . . je infikován!!

c:\windows\explorer.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 16:08 . 2009-08-17 14:27 578560 ------w- C:\user32.dll
2010-12-11 16:08 . 2009-08-17 14:26 1571840 ------w- C:\sfcfiles.dll
2010-12-11 16:08 . 2009-08-17 14:26 15360 ----a-w- C:\ctfmon.exe
2010-12-11 13:51 . 2010-12-11 13:52 -------- d-----w- c:\windows\system32\NtmsData
2010-12-11 13:02 . 2010-11-16 11:01 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{FB6D6FFC-CCB7-43C5-BE00-C03DE4102065}\mpengine.dll
2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- C:\rsit
2010-12-11 11:45 . 2010-12-11 11:45 -------- d-----w- c:\program files\trend micro
2010-11-22 21:03 . 2010-11-22 21:03 -------- d-----w- c:\program files\CCleaner
2010-11-22 20:58 . 2010-11-22 20:58 -------- d--h--w- c:\windows\PIF
2010-11-21 15:57 . 2010-11-21 16:35 -------- d-----w- c:\documents and settings\Administrator
2010-11-21 15:31 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-21 15:31 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-21 15:31 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-21 15:31 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-21 15:31 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-21 15:31 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-21 15:30 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-21 15:29 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-21 15:29 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\program files\Alwil Software
2010-11-21 15:28 . 2010-11-21 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-20 16:13 . 2010-11-20 16:13 -------- d-sh--w- c:\documents and settings\Misa\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 17:06 . 2008-12-19 12:43 1034240 ----a-w- c:\windows\explorer.exe
2010-12-11 17:06 . 2008-12-19 12:29 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-10-19 09:41 . 2009-10-03 10:53 222080 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[-] 2010-12-11 . BE6CFE69243276F00E0DEC5A3F5ACBB9 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-12-11 . 59A215CF6DAC54BF3F8835AF31098AE9 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-12-19 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-12-11_12.54.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 19:10 . 2010-12-11 19:10 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
+ 2008-12-19 12:28 . 2009-08-17 14:27 578560 c:\windows\system32\user32.dll
- 2008-12-19 12:28 . 2008-12-19 12:28 578560 c:\windows\system32\user32.dll
+ 2010-12-11 13:59 . 2010-12-11 13:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2008-12-19 12:28 . 2009-08-17 14:27 578560 c:\windows\system32\dllcache\user32.dll
+ 2008-12-26 20:23 . 2009-08-17 14:26 1571840 c:\windows\system32\sfcfiles.dll
- 2008-12-26 20:23 . 2008-12-26 20:23 1571840 c:\windows\system32\sfcfiles.dll
+ 2010-12-11 13:59 . 2010-12-11 13:59 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-19 12:23 . 2008-04-14 06:37 1054208 c:\windows\system32\dllcache\comctl32.dll
+ 2008-12-19 12:23 . 2008-04-14 06:37 1054208 c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViOrb"="c:\program files\extras\ViOrb\ViOrb.exe" [2008-12-07 69632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

c:\documents and settings\Misa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:20cbb5e7cb60

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.11.2010 16:31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.11.2010 16:31 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
S3 akibudfj;akibudfj;\??\c:\windows\System32\Drivers\akibudfj.sys --> c:\windows\System32\Drivers\akibudfj.sys [?]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 9:46 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\w9i739we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 20:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\SETUPAPI.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2010-12-11 20:18:57
ComboFix-quarantined-files.txt 2010-12-11 19:18
ComboFix2.txt 2010-12-11 16:28
ComboFix3.txt 2010-12-11 15:02
ComboFix4.txt 2010-12-11 14:33
ComboFix5.txt 2010-12-11 19:13

Před spuštěním: Volných bajtů: 18 471 636 992
Po spuštění: Volných bajtů: 18 462 642 176

- - End Of File - - 78D8032724C6721ED988879DC80C9273

[vyosek]

Dle meho je uz CF paranoidni...Jeste zkusime jeden velmi kvalitniho lecitele...

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Udelejte sken pomoci CureIT http://viry.cz/forum/viewtopic.php?f=29&t=47721 a napiste co nasel ci lecil...

[thOma$]

Tak to vypada ciste... CrueIT nic nenasel a avast uz taky ne.
Moc dekuji za pomoc!! a hlavne za tvuj cas

[vyosek]

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A melo by to byt tedy vse

Nemate zac, rad jsem pomohl Zase nekdy