Prosím o kontrolu logu po odvirování. Díky

[Caroprd111]

Dejte nový log z RSIT.

[korda]

Logfile of random's system information tool 1.06 (written by random/random)
Run by u at 2010-03-08 16:10:08
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 33 GB (87%) free of 38 GB
Total RAM: 255 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:21, on 8.3.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DK - INSTALL\ POTVORY\RSIT.exe
C:\Program Files\trend micro\u.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4699846062
O16 - DPF: {702B8921-6171-4375-A8DA-474D4054B8CA} (ICAEnroll Class) - https://download.ica.cz/ICAEnroll.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Atlas Registration Server (AtlasRegServer) - ATLAS consulting, spol. s r.o. - C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

--
End of file - 3434 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe [2003-04-16 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-07-30 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintPack dispatcher]
C:\Program Files\Software602\PrintPack\PrnPack.exe [2005-08-05 741376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrMan]
C:\PCFPRINT\PRMAN32.EXE [2008-01-31 1520348]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RadioTray]
C:\PCIRADIO\Radiotray.exe [2000-05-11 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\substPDATA]
subst p: c:\profidata []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EPSON Status Monitor 3 Environment Check 2.lnk]
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2002-06-10 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2005-11-16 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^u^Nabídka Start^Programy^Po spuštění^ˇˇˇˇˇˇ.lnk]
C:\WINDOWS\system32\XP-7B1E2F27.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-08 15:14:31 ----SHD---- C:\RECYCLER
2010-03-08 14:46:24 ----D---- C:\WINDOWS\temp
2010-03-08 14:46:22 ----A---- C:\ComboFix.txt
2010-03-08 14:40:15 ----A---- C:\Boot.bak
2010-03-08 14:40:06 ----RASHD---- C:\cmdcons
2010-03-08 14:39:07 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-08 14:39:07 ----A---- C:\WINDOWS\MBR.exe
2010-03-08 14:39:03 ----A---- C:\WINDOWS\PEV.exe
2010-03-08 14:39:02 ----A---- C:\WINDOWS\zip.exe
2010-03-08 14:39:02 ----A---- C:\WINDOWS\SWREG.exe
2010-03-08 14:39:02 ----A---- C:\WINDOWS\sed.exe
2010-03-08 14:39:02 ----A---- C:\WINDOWS\grep.exe
2010-03-08 14:39:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-08 14:39:01 ----A---- C:\WINDOWS\SWSC.exe
2010-03-08 14:38:54 ----D---- C:\WINDOWS\ERDNT
2010-03-08 14:38:19 ----D---- C:\Qoobox
2010-03-08 13:17:12 ----D---- C:\Documents and Settings\u\Data aplikací\Macromedia
2010-03-08 13:15:06 ----D---- C:\Program Files\trend micro
2010-03-08 13:15:05 ----D---- C:\rsit
2010-03-08 12:52:53 ----D---- C:\Documents and Settings\u\Data aplikací\ESET
2010-03-08 12:51:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-08 12:41:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 12:38:07 ----D---- C:\Documents and Settings\u\Data aplikací\Malwarebytes
2010-03-08 12:37:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-08 11:57:46 ----D---- C:\DK - INSTALL

======List of files/folders modified in the last 1 months======

2010-03-08 16:10:16 ----D---- C:\WINDOWS\Prefetch
2010-03-08 14:46:31 ----D---- C:\WINDOWS\System32\CatRoot2
2010-03-08 14:46:24 ----D---- C:\WINDOWS
2010-03-08 14:44:49 ----N---- C:\WINDOWS\system.ini
2010-03-08 14:44:19 ----D---- C:\WINDOWS\system32
2010-03-08 14:43:18 ----D---- C:\WINDOWS\System32\drivers
2010-03-08 14:43:18 ----D---- C:\WINDOWS\AppPatch
2010-03-08 14:43:10 ----D---- C:\Program Files\Common Files
2010-03-08 14:40:15 ----RASH---- C:\boot.ini
2010-03-08 14:35:57 ----A---- C:\WINDOWS\win.ini
2010-03-08 13:15:06 ----RD---- C:\Program Files
2010-03-08 13:10:41 ----D---- C:\WINDOWS\Debug
2010-03-08 13:08:28 ----D---- C:\WINDOWS\Driver Cache
2010-03-08 12:52:40 ----SHD---- C:\WINDOWS\Installer
2010-03-08 12:52:16 ----HD---- C:\WINDOWS\inf
2010-03-08 12:51:14 ----D---- C:\Program Files\ESET
2010-03-08 12:48:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-08 12:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-08 12:42:24 ----D---- C:\Program Files\Lavasoft
2010-03-08 11:41:28 ----D---- C:\Temp
2010-03-08 11:39:52 ----D---- C:\nod32.ins
2010-03-08 11:18:28 ----SHD---- C:\System Volume Information
2010-03-08 11:13:49 ----AD---- C:\ufand42
2010-03-08 11:11:49 ----D---- C:\FANDPRN
2010-03-08 11:11:48 ----A---- C:\WINDOWS\PRMANPCF.INI
2010-03-08 09:49:09 ----D---- C:\WINDOWS\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-04-16 34944]
R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 611328]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-04-16 19328]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-04-16 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-04-16 19328]
S3 catchme;catchme; \??\C:\DOCUME~1\u\LOCALS~1\Temp\catchme.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\System32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 mbr;mbr; \??\C:\DOCUME~1\u\LOCALS~1\Temp\mbr.sys []
S3 pxtdapow;pxtdapow; \??\C:\DOCUME~1\u\LOCALS~1\Temp\pxtdapow.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
S3 sf256pcr;sf256pcr; C:\WINDOWS\System32\DRIVERS\sf256pcr.sys [2000-04-24 39519]
S3 sf64pcr;sf64pcr; C:\WINDOWS\System32\DRIVERS\sf64pcr.sys [2000-05-29 7766]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 376832]
R2 AtlasRegServer;Atlas Registration Server; C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe [2004-10-13 445440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-09-12 114688]
S2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

[korda]

OK, díky.

[Caroprd111]

Nemáte zač