Problém se spouštěním RSIT a jiných aplikací

[Kos112567]

Dobrý den, mám problém se spuštěním logu. Kliknu na ikonu a nic se neděje. To samé s ComboFixem. Dále ikony na ploše se nezobrazují. Správce úloh také nejde vyvolat. Počítač nereaguje. Děkuji předem za odpověď

[riffman]

zdravim

zkuste z pocitace vykopat logy v nouzovem rezimu

[Kos112567]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vlastník at 2010-07-20 07:34:51
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 24 GB (44%) free of 55 GB
Total RAM: 502 MB (70% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - D:\PROGRA~1\ICQTOO~1\4930\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update - D:\WINDOWS\system32\win32extension.dll [2010-06-17 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - D:\Program Files\Get Styles\enlbrdr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=D:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=D:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=D:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-08-16 16248320]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-08-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2006-08-16 69632]
"AzMixerSel"=D:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-08-16 53248]
"Broadcom Wireless Manager UI"=D:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SweetIM"=D:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Meebo Notifier"=D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-06-07 802504]
"WMPNSCFG"=D:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ICQ"=~D:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []
"PersonSecurity"=D:\Program Files\PersonSecurity\psecurity.exe [2010-06-17 1465856]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

D:\Documents and Settings\Vlastník\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\kapela - nástoje\ICQ6\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\kapela - nástoje\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\ICQ6\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\ICQ6.5\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\groove.exe"="D:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Avast\ashAvast.exe"="C:\Program Files\Avast\ashAvast.exe:*:Enabled:avast! Antivirus"
"D:\Program Files\Webteh\BSplayer\bsplayer.exe"="D:\Program Files\Webteh\BSplayer\bsplayer.exe:*:Enabled:BSplayer"
"D:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Clifford.exe"="D:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Clifford.exe:*:Enabled:Clifford Learning Activities"
"C:\Program Files\Spybot - Search & Destroy\SDShred.exe"="C:\Program Files\Spybot - Search & Destroy\SDShred.exe:*:Enabled:File Shredder"
"D:\Program Files\Internet Explorer\iexplore.exe"="D:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\LetsFun FLV Converter\FLVConverter.exe"="C:\LetsFun FLV Converter\FLVConverter.exe:*:Enabled:LetsFun FLV Converter"
"D:\Program Files\LG PC Suite II\LG_MobileSync_Launcher.exe"="D:\Program Files\LG PC Suite II\LG_MobileSync_Launcher.exe:*:Enabled:LG PC Suite II"
"D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe"="D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe:*:Enabled:Meebo Notifier"
"D:\Program Files\OpenOffice.org 3\PROGRAM\SOFFICE.EXE"="D:\Program Files\OpenOffice.org 3\PROGRAM\SOFFICE.EXE:*:Enabled:OpenOffice.org 3.0"
"D:\Program Files\OpenOffice.org 3\PROGRAM\sbase.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\sbase.exe:*:Enabled:OpenOffice.org Base"
"D:\Program Files\OpenOffice.org 3\PROGRAM\scalc.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\scalc.exe:*:Enabled:OpenOffice.org Calc"
"D:\Program Files\OpenOffice.org 3\PROGRAM\sdraw.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\sdraw.exe:*:Enabled:OpenOffice.org Draw"
"D:\Program Files\OpenOffice.org 3\PROGRAM\simpress.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\simpress.exe:*:Enabled:OpenOffice.org Impress"
"D:\Program Files\OpenOffice.org 3\PROGRAM\smath.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\smath.exe:*:Enabled:OpenOffice.org Math"
"D:\Program Files\OpenOffice.org 3\PROGRAM\swriter.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\swriter.exe:*:Enabled:OpenOffice.org Writer"
"D:\Program Files\QuickTime\PictureViewer.exe"="D:\Program Files\QuickTime\PictureViewer.exe:*:Enabled:PictureViewer"
"D:\Program Files\QuickTime\QuickTimePlayer.exe"="D:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Kerio Personal Firewall\kpf4gui.exe"="C:\Program Files\Kerio Personal Firewall\kpf4gui.exe:*:Enabled:Remote Administration"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"D:\Program Files\WinRAR\WinRAR.exe"="D:\Program Files\WinRAR\WinRAR.exe:*:Enabled:WinRAR"
"D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003703a0-22b3-11df-a816-001eecc4fe27}]
shell\AutoRun\command - RECYCLER.exe I:\
shell\Explore\command - RECYCLER.exe I:\
shell\Open\command - RECYCLER.exe I:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aeda536-1252-11de-a6d4-0016d4d55221}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b9902ef-1154-11dd-8f81-806d6172696f}]
shell\AutoRun\command - C:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-07-20 07:34:54 ----D---- D:\Program Files\trend micro
2010-07-20 07:34:51 ----D---- D:\rsit
2010-07-20 07:31:57 ----A---- D:\WINDOWS\ntbtlog.txt
2010-07-06 15:35:06 ----SHD---- D:\FOUND.022
2010-07-02 16:03:40 ----SHD---- D:\FOUND.021
2010-06-23 11:50:30 ----SHD---- D:\FOUND.020

======List of files/folders modified in the last 1 months======

2010-07-20 00:19:18 ----A---- D:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 fwdrv;Firewall Driver; D:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 EMSCR;EMSCR; D:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 61056]
R3 ESDCR;ESDCR; D:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 40064]
R3 ESMCR;ESMCR; D:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
S1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
S1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
S1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 khips;Kerio HIPS Driver; D:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
S2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
S2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
S2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
S3 AR5211;Atheros Wireless Network Adapter Service; D:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-04-05 546112]
S3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
S3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
S3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-16 4304384]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-09-04 19968]
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-09-04 24832]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
S2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Kerio Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
S2 wltrysvc;Broadcom Wireless LAN Tray Service; D:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[riffman]

no vida

otevrete si Poznamkovy blok, do ktereho zkopirujete tento text:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"PersonSecurity"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003703a0-22b3-11df-a816-001eecc4fe27}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aeda536-1252-11de-a6d4-0016d4d55221}]

pote ulozte vysledny soubor jako napr. uprava.reg (jako typ souboru zvolte pri ukladani Vsechny soubory) a dvojitym poklikanim spustte, pripadne hlasky o uprave registru potvrdte

restart a novy log z RSITu sem

[Kos112567]

Tak tady to je:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Vlastník at 2010-07-20 20:44:47
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 24 GB (44%) free of 55 GB
Total RAM: 502 MB (70% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - D:\PROGRA~1\ICQTOO~1\4930\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update - D:\WINDOWS\system32\win32extension.dll [2010-06-17 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - D:\Program Files\Get Styles\enlbrdr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=D:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=D:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=D:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-08-16 16248320]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-08-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2006-08-16 69632]
"AzMixerSel"=D:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-08-16 53248]
"Broadcom Wireless Manager UI"=D:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SweetIM"=D:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Meebo Notifier"=D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-06-07 802504]
"WMPNSCFG"=D:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ICQ"=~D:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []
"PersonSecurity"=D:\Program Files\PersonSecurity\psecurity.exe [2010-06-17 1465856]
"DriverMax"= []
"DriverMax_RESTART"= []

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

D:\Documents and Settings\Vlastník\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\kapela - nástoje\ICQ6\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\kapela - nástoje\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\ICQ6\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Documents and Settings\Vlastník\Plocha\ICQ6.5\ICQ.exe"="D:\Documents and Settings\Vlastník\Plocha\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\groove.exe"="D:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Avast\ashAvast.exe"="C:\Program Files\Avast\ashAvast.exe:*:Enabled:avast! Antivirus"
"D:\Program Files\Webteh\BSplayer\bsplayer.exe"="D:\Program Files\Webteh\BSplayer\bsplayer.exe:*:Enabled:BSplayer"
"D:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Clifford.exe"="D:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Clifford.exe:*:Enabled:Clifford Learning Activities"
"C:\Program Files\Spybot - Search & Destroy\SDShred.exe"="C:\Program Files\Spybot - Search & Destroy\SDShred.exe:*:Enabled:File Shredder"
"D:\Program Files\Internet Explorer\iexplore.exe"="D:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\LetsFun FLV Converter\FLVConverter.exe"="C:\LetsFun FLV Converter\FLVConverter.exe:*:Enabled:LetsFun FLV Converter"
"D:\Program Files\LG PC Suite II\LG_MobileSync_Launcher.exe"="D:\Program Files\LG PC Suite II\LG_MobileSync_Launcher.exe:*:Enabled:LG PC Suite II"
"D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe"="D:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe:*:Enabled:Meebo Notifier"
"D:\Program Files\OpenOffice.org 3\PROGRAM\SOFFICE.EXE"="D:\Program Files\OpenOffice.org 3\PROGRAM\SOFFICE.EXE:*:Enabled:OpenOffice.org 3.0"
"D:\Program Files\OpenOffice.org 3\PROGRAM\sbase.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\sbase.exe:*:Enabled:OpenOffice.org Base"
"D:\Program Files\OpenOffice.org 3\PROGRAM\scalc.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\scalc.exe:*:Enabled:OpenOffice.org Calc"
"D:\Program Files\OpenOffice.org 3\PROGRAM\sdraw.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\sdraw.exe:*:Enabled:OpenOffice.org Draw"
"D:\Program Files\OpenOffice.org 3\PROGRAM\simpress.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\simpress.exe:*:Enabled:OpenOffice.org Impress"
"D:\Program Files\OpenOffice.org 3\PROGRAM\smath.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\smath.exe:*:Enabled:OpenOffice.org Math"
"D:\Program Files\OpenOffice.org 3\PROGRAM\swriter.exe"="D:\Program Files\OpenOffice.org 3\PROGRAM\swriter.exe:*:Enabled:OpenOffice.org Writer"
"D:\Program Files\QuickTime\PictureViewer.exe"="D:\Program Files\QuickTime\PictureViewer.exe:*:Enabled:PictureViewer"
"D:\Program Files\QuickTime\QuickTimePlayer.exe"="D:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Kerio Personal Firewall\kpf4gui.exe"="C:\Program Files\Kerio Personal Firewall\kpf4gui.exe:*:Enabled:Remote Administration"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"D:\Program Files\WinRAR\WinRAR.exe"="D:\Program Files\WinRAR\WinRAR.exe:*:Enabled:WinRAR"
"D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ7.0\ICQ.exe"="D:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"D:\Program Files\ICQ7.0\aolload.exe"="D:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-07-20 20:39:15 ----D---- D:\Qoobox
2010-07-20 20:23:22 ----D---- D:\Documents and Settings\All Users\Data aplikací\Innovative Solutions
2010-07-20 20:23:07 ----D---- D:\Program Files\Innovative Solutions
2010-07-20 07:34:54 ----D---- D:\Program Files\trend micro
2010-07-20 07:34:51 ----D---- D:\rsit
2010-07-20 07:31:57 ----A---- D:\WINDOWS\ntbtlog.txt
2010-07-06 15:35:06 ----SHD---- D:\FOUND.022
2010-07-02 16:03:40 ----SHD---- D:\FOUND.021
2010-06-23 11:50:30 ----SHD---- D:\FOUND.020

======List of files/folders modified in the last 1 months======

2010-07-20 18:17:44 ----A---- D:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 fwdrv;Firewall Driver; D:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 EMSCR;EMSCR; D:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 61056]
R3 ESDCR;ESDCR; D:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 40064]
R3 ESMCR;ESMCR; D:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
S1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
S1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
S1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 khips;Kerio HIPS Driver; D:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
S2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
S2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
S2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
S3 AR5211;Atheros Wireless Network Adapter Service; D:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-04-05 546112]
S3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
S3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
S3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-16 4304384]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-09-04 19968]
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-09-04 24832]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
S2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Kerio Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
S2 wltrysvc;Broadcom Wireless LAN Tray Service; D:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[riffman]

je to tam porad...

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Kos112567]

Takže log:
ComboFix 10-07-19.01 - Vlastník 23.07.2010 7:04.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.306 [GMT 2:00]
Spuštěný z: d:\documents and settings\Vlastník\Plocha\jhk.exe
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
d:\windows\system32\detoured.dll
d:\windows\system32\lowsec
d:\windows\system32\lowsec\local.ds
d:\windows\system32\lowsec\user.ds
d:\windows\system32\lowsec\user.ds.lll
d:\windows\system32\sdra64.exe
d:\windows\system32\Thumbs.db
d:\windows\system32\win32extension.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-23 do 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 12:51 . 2010-07-22 12:51 -------- d-----w- D:\ProgramData
2010-07-22 11:22 . 2010-07-22 11:22 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-07-20 18:23 . 2010-07-20 18:23 -------- d-----w- d:\program files\Innovative Solutions
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- d:\program files\trend micro
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- D:\rsit
2010-07-06 13:35 . 2010-07-06 13:35 -------- d-----w- D:\FOUND.022
2010-07-02 14:03 . 2010-07-02 14:03 -------- d-----w- D:\FOUND.021
2010-06-23 09:50 . 2010-06-23 09:50 -------- d-----w- D:\FOUND.020

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 05:20 . 2010-03-17 19:11 2722 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-06-17 15:26 . 2010-06-17 15:26 -------- d-----w- d:\program files\Common Files\PersonSecurityUninstall
2010-06-17 15:25 . 2010-06-17 15:25 -------- d-----w- d:\program files\PersonSecurity
2010-05-12 12:13 . 2010-05-12 12:13 688 ----a-w- d:\program files\GIMP 2.lnk
2010-05-06 10:35 . 2006-03-02 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 10:00 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-26 19:05 . 2010-04-08 15:22 1641 ----a-w- d:\program files\Adobe Reader 9.lnk
2010-04-08 07:12 . 2010-04-08 05:16 8185280 ----a-w- d:\program files\Firefox Setup 3.6.3.exe
2010-01-27 18:20 . 2010-01-27 18:20 12109496 ----a-w- d:\program files\install_icq7.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meebo Notifier"="d:\documents and settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-06-07 802504]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"PersonSecurity"="d:\program files\PersonSecurity\psecurity.exe" [2010-06-17 1465856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Vlastník\\Local Settings\\Data aplikací\\Meebo\\Meebo Notifier\\MeeboNotifier.exe"=
"c:\\Program Files\\Kerio Personal Firewall\\kpf4gui.exe"=
"d:\\Program Files\\WinRAR\\WinRAR.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Opera\\opera.exe"=

R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [25.2.2009 22:24 246520]
S2 lrhdae;Manager Config;d:\windows\system32\svchost.exe -k netsvcs [2.3.2006 12:00 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lrhdae
.
Obsah adresáře 'Naplánované úlohy'

2010-07-23 d:\windows\Tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - d:\program files\Get Styles\ct.htm
FF - ProfilePath - d:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\5mtlujze.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{A3CF7606-E683-4375-A372-96B75DA0AEF7} - d:\program files\Get Styles\enlbrdr.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-ICQ - ~d:\program files\ICQ7.0\ICQ.exe
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
AddRemove-Get Styles - d:\program files\Get Styles\uninstall.exe
AddRemove-MotoRacer2CurVer - d:\program files\MotoRacer2\DeIsL1.isu
AddRemove-Xilisoft Video Converter Standard - d:\program files\Xilisoft\Video Converter Standard\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 07:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrhdae]
"ServiceDll"="d:\windows\system32\bqapksu.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1952)
d:\progra~1\WINDOW~2\wmpband.dll
.
Celkový čas: 2010-07-23 07:28:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-23 05:28

Před spuštěním: Volných bajtů: 26 800 484 352
Po spuštění: Volných bajtů: 29 413 433 344

- - End Of File - - D74D7302163C215D6DA2B9DEB32FA942

[riffman]

stahni, http://download.bleepingcomputer.com/sU ... etsvcs.zip , rozbal, spust, potvrd pripadna dialogova okno. Restart pc, spust ComboFix a z neho opet vloz log

[Kos112567]

Tady:
ComboFix 10-07-19.01 - Vlastník 25.07.2010 20:20:38.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.364 [GMT 2:00]
Spuštěný z: d:\documents and settings\Vlastník\Plocha\jhk.exe
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-25 do 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-22 12:51 . 2010-07-22 12:51 -------- d-----w- D:\ProgramData
2010-07-22 11:22 . 2010-07-22 11:22 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-07-20 18:23 . 2010-07-20 18:23 -------- d-----w- d:\program files\Innovative Solutions
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- d:\program files\trend micro
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- D:\rsit
2010-07-06 13:35 . 2010-07-06 13:35 -------- d-----w- D:\FOUND.022
2010-07-02 14:03 . 2010-07-02 14:03 -------- d-----w- D:\FOUND.021

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 18:16 . 2010-03-17 19:11 3052 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-06-17 15:26 . 2010-06-17 15:26 -------- d-----w- d:\program files\Common Files\PersonSecurityUninstall
2010-06-17 15:25 . 2010-06-17 15:25 -------- d-----w- d:\program files\PersonSecurity
2010-05-12 12:13 . 2010-05-12 12:13 688 ----a-w- d:\program files\GIMP 2.lnk
2010-05-06 10:35 . 2006-03-02 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 10:00 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-26 19:05 . 2010-04-08 15:22 1641 ----a-w- d:\program files\Adobe Reader 9.lnk
2010-04-08 07:12 . 2010-04-08 05:16 8185280 ----a-w- d:\program files\Firefox Setup 3.6.3.exe
2010-01-27 18:20 . 2010-01-27 18:20 12109496 ----a-w- d:\program files\install_icq7.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meebo Notifier"="d:\documents and settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-06-07 802504]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"PersonSecurity"="d:\program files\PersonSecurity\psecurity.exe" [2010-06-17 1465856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Vlastník\\Local Settings\\Data aplikací\\Meebo\\Meebo Notifier\\MeeboNotifier.exe"=
"c:\\Program Files\\Kerio Personal Firewall\\kpf4gui.exe"=
"d:\\Program Files\\WinRAR\\WinRAR.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Opera\\opera.exe"=

R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [25.2.2009 22:24 246520]
S2 lrhdae;Manager Config;d:\windows\system32\svchost.exe -k netsvcs [2.3.2006 12:00 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK
.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 d:\windows\Tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - d:\program files\Get Styles\ct.htm
FF - ProfilePath - d:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\5mtlujze.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 20:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrhdae]
"ServiceDll"="d:\windows\system32\bqapksu.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1204)
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\PortableDeviceApi.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-07-25 20:27:00
ComboFix-quarantined-files.txt 2010-07-25 18:26

Před spuštěním: Volných bajtů: 29 385 084 928
Po spuštění: Volných bajtů: 29 370 949 632

- - End Of File - - 84AD78580AB19CFE58E86B14BEE61B22

[riffman]

dobry, posun smerem kupredu...jedem dal

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrhdae]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PersonSecurity"=-

Folder::
d:\program files\PersonSecurity

Driver::
lrhdae

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

[Kos112567]

Zde:
ComboFix 10-07-19.01 - Vlastník 25.07.2010 20:37:19.3.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.303 [GMT 2:00]
Spuštěný z: d:\documents and settings\Vlastník\Plocha\jhk.exe
Použité ovládací přepínače :: d:\documents and settings\Vlastník\Plocha\CFScript.txt
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\PersonSecurity
d:\program files\PersonSecurity\psecurity.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-25 do 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-22 12:51 . 2010-07-22 12:51 -------- d-----w- D:\ProgramData
2010-07-22 11:22 . 2010-07-22 11:22 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-07-20 18:23 . 2010-07-20 18:23 -------- d-----w- d:\program files\Innovative Solutions
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- d:\program files\trend micro
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- D:\rsit
2010-07-06 13:35 . 2010-07-06 13:35 -------- d-----w- D:\FOUND.022
2010-07-02 14:03 . 2010-07-02 14:03 -------- d-----w- D:\FOUND.021

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 18:16 . 2010-03-17 19:11 3052 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-06-17 15:26 . 2010-06-17 15:26 -------- d-----w- d:\program files\Common Files\PersonSecurityUninstall
2010-05-12 12:13 . 2010-05-12 12:13 688 ----a-w- d:\program files\GIMP 2.lnk
2010-05-06 10:35 . 2006-03-02 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 10:00 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-26 19:05 . 2010-04-08 15:22 1641 ----a-w- d:\program files\Adobe Reader 9.lnk
2010-04-08 07:12 . 2010-04-08 05:16 8185280 ----a-w- d:\program files\Firefox Setup 3.6.3.exe
2010-01-27 18:20 . 2010-01-27 18:20 12109496 ----a-w- d:\program files\install_icq7.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meebo Notifier"="d:\documents and settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-06-07 802504]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Vlastník\\Local Settings\\Data aplikací\\Meebo\\Meebo Notifier\\MeeboNotifier.exe"=
"c:\\Program Files\\Kerio Personal Firewall\\kpf4gui.exe"=
"d:\\Program Files\\WinRAR\\WinRAR.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Opera\\opera.exe"=

R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [25.2.2009 22:24 246520]
S2 lrhdae;Manager Config;d:\windows\system32\svchost.exe -k netsvcs [2.3.2006 12:00 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK
.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 d:\windows\Tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - d:\program files\Get Styles\ct.htm
FF - ProfilePath - d:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\5mtlujze.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PersonSecurity - d:\program files\PersonSecurity\psecurity.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 20:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrhdae]
"ServiceDll"="d:\windows\system32\bqapksu.dll"
.
Celkový čas: 2010-07-25 20:42:07
ComboFix-quarantined-files.txt 2010-07-25 18:42

Před spuštěním: Volných bajtů: 29 380 354 048
Po spuštění: Volných bajtů: 29 365 227 520

- - End Of File - - 74152EE13F18DD867A7FF7A6B825B962

[riffman]

jeste ne

stahnete GMER , rozbalte a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

[Kos112567]

Takže menší log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-26 23:55:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\Vlastník\LOCALS~1\Temp\afpoafod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Services - GMER 1.0.15 ----

Service D:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] lrhdae <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


Větší:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 14:19:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\Vlastník\LOCALS~1\Temp\afpoafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF8366F80] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF8366552] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF8362882] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF8365A1A] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF8365910] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF8365F2A] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF8367034] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF8362D54] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF8362E70] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF8366906] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF8362B78] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF83660DC] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF8366CE0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF8363038] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF8366BB2] <-- ROOTKIT !!!

Code \??\D:\DOCUME~1\Vlastník\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? D:\DOCUME~1\Vlastník\LOCALS~1\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? D:\DOCUME~1\Vlastník\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Services - GMER 1.0.15 ----

Service D:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] lrhdae <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@DisplayName Manager Config
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Description Umo??uje spu?t?n? n?pov?dy a odborn? pomoci v tomto po??ta?i. Pokud je tato slu?ba zastavena, n?pov?da a odborn? pomoc nebude k dispozici. Pokud je tato slu?ba vypnuta, nebude mo?n? spustit ??dnou z explicitn? z?visl?ch slu?eb.
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae\Parameters@ServiceDll D:\WINDOWS\system32\bqapksu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@DisplayName Manager Config
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Description Umo??uje spu?t?n? n?pov?dy a odborn? pomoci v tomto po??ta?i. Pokud je tato slu?ba zastavena, n?pov?da a odborn? pomoc nebude k dispozici. Pokud je tato slu?ba vypnuta, nebude mo?n? spustit ??dnou z explicitn? z?visl?ch slu?eb.
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae\Parameters@ServiceDll D:\WINDOWS\system32\bqapksu.dll

---- EOF - GMER 1.0.15 ----

[riffman]

spustte znovu GMER

v zalozce Processes kliknete na Kill All

pote prejdete nazalozku CMD, kde vypiste tento prikaz:

Kód: Vybrat vše

gmer -killall
gmer -del service "lrhdae"

kliknete na Run, restart a novy dlouhy log z GMERu

[Kos112567]

Bohužel nevím jak to udělat, kill all ukončí všechny procesy, pak pomocí CMD vyvolám příkazový řádek (řádek vyvolávám v programu GMER) , poté napíšu gmer -killall - což mi vypne GMER, dále na příkaz gmer -del service "lrhdae" nic nereaguje.