VIRY.CZ

Zdravím Vás
Prosím o kontrolu logu,případně o radu.Děkuji.

Nějakým mně neznámým způsobem jsem si zadělal na problémy.
V jednu chvíli přestali pracovat prohlížeče(mozilla,ie,opera,chrome) s internetem,ale icq nebo skype fungují.
Nejdou spustit superantispyware,mwav(ani v nouzovém režimu),combofix,spybot ale veškerý ostatní soft krom těchto ,,údržbových,, funguje bez problému.
Notebook nereaguje na připojení ext.HD,ani se nezobrazí.
Při zapojení jakékoliv flešky do usb ,se sice zobrazí ale hlásí že není dostupná a ,,byl překročen maximální počet tajných údajů,které lze uložit v jednom systému,,
Bod obnovy sice nabízí týden staré datum,ale v posledním kroku na obnovu nereaguje.

log z hj

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:57, on 15.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\winometer\winometer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Down2Home\Down2Home.exe
C:\Program Files\Hodiny_T\Hodiny.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Documents and Settings\ludvík\Plocha\údržba\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkID=178584
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [WinOMeter] "C:\Program Files\winometer\winometer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe
O4 - Global Startup: Hodiny_T.lnk = C:\Program Files\Hodiny_T\Hodiny.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9003 bytes

P.S.
Někde jsem tu našel a použil přejmenování combofixu na grinder.com.Spustil se a makal.
V průběhu práce se ukázala windowsí hláška o chybě PEV.exe a něco o rootkitu.Bez zásahu to dokončil.
Bod obnovy se sice spustí ale hlásí že nic neudělá protože nebyly žádné změny.

Externí HD a flešky už se zobrazují.
Prohlížeče se stále nepřipojují (combofix se taky nepřipojil) a ,,údržbové,, programy taky nejdou spustit.
Za svévolné použití combofixu už jsem to slíznul.

log

ComboFix 10-10-12.03 - ludvík 15.10.2010 4:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1706 [GMT 2:00]
Spuštěný z: c:\documents and settings\ludvík\Plocha\grinder.com.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ludvík\Data aplikací\WindowsApplication1
c:\documents and settings\ludvík\Data aplikací\WindowsApplication1\WindowsApplication1.config
c:\program files\Mozilla Firefox\extensions\{062F0FBB-FBF2-4396-93F7-128B92FC5EEE}
c:\program files\Mozilla Firefox\extensions\{062F0FBB-FBF2-4396-93F7-128B92FC5EEE}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{062F0FBB-FBF2-4396-93F7-128B92FC5EEE}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{062F0FBB-FBF2-4396-93F7-128B92FC5EEE}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8FB08EE3-75C0-4557-8797-08503231DF18}
c:\program files\Mozilla Firefox\extensions\{8FB08EE3-75C0-4557-8797-08503231DF18}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8FB08EE3-75C0-4557-8797-08503231DF18}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8FB08EE3-75C0-4557-8797-08503231DF18}\install.rdf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\drivers\ovfsthamrqupgrqqteuylqcnxnnhseeancaaar.sys
c:\windows\system32\ovfsthinmudkvhkapoembiqaujhxtosdrxeegi.dll
c:\windows\system32\ovfsthltsydvpduqjdjsplprspqdiarumvumyt.dat
c:\windows\system32\ovfsthmjbramnibxdvkjsjuuejxnxeltrppjcj.dll
c:\windows\system32\ovfsthtpbadgdihsudwyoniwsgkmmmoeahybcw.dll
c:\windows\system32\Packet.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF
-------\Service_ovfsthywmiylvoaodorockbgrqotyvttfqfkmq
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-15 do 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 00:24 . 2010-10-15 00:24 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-15 00:09 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-15 00:09 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\SUPERAntiSpyware.com
2010-10-15 00:06 . 2010-10-15 00:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-14 01:29 . 2010-10-14 01:49 -------- d-----w- c:\program files\Forum Poster 3
2010-10-13 19:10 . 2010-10-13 19:10 204800 ----a-w- c:\windows\Upyraa.exe
2010-10-11 17:14 . 2010-10-11 17:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-11 00:36 . 2010-10-11 00:36 -------- d-----w- c:\program files\FreeTime
2010-10-11 00:34 . 2010-10-11 00:35 -------- d-----w- c:\program files\FormatFactory
2010-10-07 01:16 . 2009-04-24 11:10 647872 ----a-w- c:\windows\system32\MSCOMCT2.ocx
2010-10-07 01:16 . 2000-05-22 15:58 115920 ----a-w- c:\windows\system32\msinet.ocx
2010-10-07 01:16 . 2010-10-07 01:16 -------- d-----w- c:\program files\epos_2.4
2010-10-07 01:16 . 2010-10-07 01:24 -------- d-----w- C:\Bar
2010-09-29 01:17 . 2010-09-29 01:22 -------- d-----w- c:\program files\Ztrl
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-20 01:17 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-20 01:17 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-16 21:23 . 2010-10-11 00:24 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\AVI ReComp
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Gabest
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Xvid
2010-09-16 21:19 . 2010-09-16 21:19 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-16 21:19 . 2010-09-16 21:20 -------- d-----w- c:\program files\AVI ReComp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinOMeter"="c:\program files\winometer\winometer.exe" [2005-02-27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Down2Home.lnk - c:\program files\Down2Home\Down2Home.exe [2003-3-11 307200]
Hodiny_T.lnk - c:\program files\Hodiny_T\Hodiny.exe [2010-6-11 675840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"StarWindServiceAE"=3 (0x3)
"NMSAccessU"=3 (0x3)
"mnmsrvc"=3 (0x3)
"BthServ"=3 (0x3)
"PCA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\ludvík\\Dokumenty\\Softw.Down&Up\\R.U.M\\RUM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys --> c:\windows\system32\DRIVERS\gtipci21.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2010 3:19 722416]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ludvík\Data aplikací\Mozilla\Firefox\Profiles\l5zvv7j9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-WEBTRAN - (no file)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89371EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72f8852
\Driver\iaStor -> iaStor.sys @ 0xf722eb58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf711bbb0
PacketIndicateHandler -> NDIS.sys @ 0xf710aa0d
SendHandler -> NDIS.sys @ 0xf711eb40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e9
"Therad"=dword:0000000e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,08,d4,14,3e,44,09,2c,19,f6,4f,df,6f,b8,47,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,39,5a,97,4c,b4,bf,cc,cb,57,66,40,92,29,4f,d5,bb,ca,3f,94,42,
69,04,8f,38,2c,d8,67,59,a2,bb,ef,33,ec,2e,f3,74,46,55,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2010-10-15 04:46:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-15 02:46

Před spuštěním: Volných bajtů: 31 035 539 456
Po spuštění: Volných bajtů: 30 924 865 536

- - End Of File - - 9A5AF9D1FAD16AF141DE62DD8F93471B

Log již vypadá čistý. Zkuste nyní použít MBR: http://www2.gmer.net/mbr/mbr.exe . Udělejte sken a dejte log.

Gmer zatím pracuje,asi to má na dýl.Ale už teď jsou tam vidět dva soubory který combofix chtěl abych zapsal bokem a říkal k tomu něco o rootkitech.
Je to v C:\windows\system32\...hodně písmen... .dll

log gmer

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-16 14:13:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LUDVK~1\LOCALS~1\Temp\uxtdapob.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xF7A2BC14]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 89584EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0013eff14333 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0013eff14333@00174b472b22 0x8D 0x65 0xA4 0x05 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0013eff14333@0024901ab6c6 0x15 0x30 0xC7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq@imagepath \systemroot\system32\drivers\ovfsthamrqupgrqqteuylqcnxnnhseeancaaar.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq@inst 0
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@ver icv310309
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@cid 01
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@bid 816106137-2394357141-4124852676-1560284293
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@aid 303365
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@sid 21
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\ff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{062F0FBB-FBF2-4396-93F7-128B92FC5EEE}
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsth.dll \systemroot\system32\ovfsthmjbramnibxdvkjsjuuejxnxeltrppjcj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthamrqupgrqqteuylqcnxnnhseeancaaar.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsthlog.dat \systemroot\system32\ovfsthltsydvpduqjdjsplprspqdiarumvumyt.dat
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsthwi.dll \systemroot\system32\ovfsthtpbadgdihsudwyoniwsgkmmmoeahybcw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsthff.dll \systemroot\system32\ovfsthinmudkvhkapoembiqaujhxtosdrxeegi.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthywmiylvoaodorockbgrqotyvttfqfkmq\modules@ovfsth.dat \systemroot\system32\ovfsthmvwswbypvptvkcaarpbahhexeeoeakpy.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD4 0x10 0xFA 0x20 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0x31 0xED 0x1F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7C 0xB8 0xB7 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff14333 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff14333@00174b472b22 0x8D 0x65 0xA4 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff14333@0024901ab6c6 0x15 0x30 0xC7 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD4 0x10 0xFA 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0x31 0xED 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7C 0xB8 0xB7 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff14333
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff14333@00174b472b22 0x8D 0x65 0xA4 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff14333@0024901ab6c6 0x15 0x30 0xC7 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD4 0x10 0xFA 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0x31 0xED 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7C 0xB8 0xB7 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}@Model 233
Reg HKLM\SOFTWARE\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}@Therad 14
Reg HKLM\SOFTWARE\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}@MData 0xCB 0x9B 0xAD 0xEF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x53 0x39 0x5A 0x97 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Vraťme se k HijackThis. otevřte poznámkový blok a zkopírujte do něj:

FCopy::
C:\WINDOWS\System32\dllcache\RDPCDD.sys | C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
File C:\WINDOWS\system32\dllcache\iaStor.sys | File C:\WINDOWS\system32\drivers\iaStor.sys

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 10-10-15.04 - ludvík 16.10.2010 19:03:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1727 [GMT 2:00]
Spuštěný z: c:\documents and settings\ludvík\Plocha\grinder.com.exe
Použité ovládací přepínače :: c:\documents and settings\ludvík\Plocha\CFScript.txt.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\rdpcdd.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-16 do 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-15 10:21 . 2010-10-15 10:21 -------- d-----w- c:\program files\trend micro
2010-10-15 00:24 . 2010-10-15 00:24 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-15 00:09 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-15 00:09 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\SUPERAntiSpyware.com
2010-10-15 00:06 . 2010-10-15 00:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-14 01:29 . 2010-10-14 01:49 -------- d-----w- c:\program files\Forum Poster 3
2010-10-13 19:10 . 2010-10-13 19:10 204800 ----a-w- c:\windows\Upyraa.exe
2010-10-11 17:14 . 2010-10-11 17:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-11 00:36 . 2010-10-11 00:36 -------- d-----w- c:\program files\FreeTime
2010-10-11 00:34 . 2010-10-11 00:35 -------- d-----w- c:\program files\FormatFactory
2010-10-07 01:16 . 2009-04-24 11:10 647872 ----a-w- c:\windows\system32\MSCOMCT2.ocx
2010-10-07 01:16 . 2000-05-22 15:58 115920 ----a-w- c:\windows\system32\msinet.ocx
2010-10-07 01:16 . 2010-10-07 01:16 -------- d-----w- c:\program files\epos_2.4
2010-10-07 01:16 . 2010-10-07 01:24 -------- d-----w- C:\Bar
2010-09-29 01:17 . 2010-09-29 01:22 -------- d-----w- c:\program files\Ztrl
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-20 01:17 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-20 01:17 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-16 21:23 . 2010-10-11 00:24 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\AVI ReComp
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Gabest
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Xvid
2010-09-16 21:19 . 2010-09-16 21:19 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-16 21:19 . 2010-09-16 21:20 -------- d-----w- c:\program files\AVI ReComp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinOMeter"="c:\program files\winometer\winometer.exe" [2005-02-27 98304]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Down2Home.lnk - c:\program files\Down2Home\Down2Home.exe [2003-3-11 307200]
Hodiny_T.lnk - c:\program files\Hodiny_T\Hodiny.exe [2010-6-11 675840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"StarWindServiceAE"=3 (0x3)
"NMSAccessU"=3 (0x3)
"mnmsrvc"=3 (0x3)
"BthServ"=3 (0x3)
"PCA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\ludvík\\Dokumenty\\Softw.Down&Up\\R.U.M\\RUM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys --> c:\windows\system32\DRIVERS\gtipci21.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2010 3:19 722416]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ludvík\Data aplikací\Mozilla\Firefox\Profiles\l5zvv7j9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e9
"Therad"=dword:0000000e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,08,d4,14,3e,44,09,2c,19,f6,4f,df,6f,b8,47,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,39,5a,97,4c,b4,bf,cc,cb,57,66,40,92,29,4f,d5,bb,ca,3f,94,42,
69,04,8f,38,2c,d8,67,59,a2,bb,ef,33,ec,2e,f3,74,46,55,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-10-16 19:10:25
ComboFix-quarantined-files.txt 2010-10-16 17:10
ComboFix2.txt 2010-10-15 02:46

Před spuštěním: Volných bajtů: 30 832 046 080
Po spuštění: Volných bajtů: 30 824 169 472

- - End Of File - - EB052DDD803E247C732C814E07CE3437

Tento soubor: c:\windows\Upyraa.exe otestujte online na www.virustotal.com . Výsledek oznamte.

hmm,je to asi nějaká mrcha

File name:
Upyraa.exe
Submission date:
2010-10-16 17:53:21 (UTC)
Current status:
queued queued analysing finished
Result:
31 / 43 (72.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.16.00 2010.10.15 Win-Trojan/Fakeav.204800.BR
AntiVir 7.10.12.230 2010.10.16 TR/Renos.20480041
Antiy-AVL 2.0.3.7 2010.10.16 Trojan/Win32.FraudPack.gen
Authentium 5.2.0.5 2010.10.16 -
Avast 4.8.1351.0 2010.10.16 Win32:MalOb-BX
Avast5 5.0.594.0 2010.10.16 Win32:MalOb-BX
AVG 9.0.0.851 2010.10.16 Generic19.BCWR
BitDefender 7.2 2010.10.16 Gen:Variant.Renos.41
CAT-QuickHeal 11.00 2010.10.15 -
ClamAV 0.96.2.0-git 2010.10.15 -
Comodo 6407 2010.10.16 MalCrypt.Indus!
DrWeb 5.0.2.03300 2010.10.16 Trojan.DownLoader1.22695
Emsisoft 5.0.0.50 2010.10.16 -
eSafe 7.0.17.0 2010.10.14 -
eTrust-Vet None 2010.10.15 Win32/Renos.D!generic
F-Prot 4.6.2.117 2010.10.16 W32/FakeAlert.IC2.gen!Eldorado
F-Secure 9.0.16160.0 2010.10.16 Gen:Variant.Renos.41
Fortinet 4.2.249.0 2010.10.16 W32/CodecPack.fam!tr.dldr
GData 21 2010.10.16 Gen:Variant.Renos.41
Ikarus T3.1.1.90.0 2010.10.16 -
Jiangmin 13.0.900 2010.10.16 -
K7AntiVirus 9.66.2760 2010.10.15 -
Kaspersky 7.0.0.125 2010.10.16 Trojan.Win32.FraudPack.cfww
McAfee 5.400.0.1158 2010.10.16 Downloader-CEW.b
McAfee-GW-Edition 2010.1C 2010.10.16 -
Microsoft 1.6201 2010.10.16 TrojanDownloader:Win32/Renos.LX
NOD32 5536 2010.10.16 a variant of Win32/Kryptik.HJK
Norman 6.06.07 2010.10.16 -
nProtect 2010-10-16.01 2010.10.16 Trojan/W32.FraudPack.204800.M
Panda 10.0.2.7 2010.10.15 Suspicious file
PCTools 7.0.3.5 2010.10.16 Trojan.FakeAV
Prevx 3.0 2010.10.16 High Risk Cloaked Malware
Rising 22.69.04.03 2010.10.15 Trojan.Win32.Generic.523B8917
Sophos 4.58.0 2010.10.16 Mal/FakeAV-CX
Sunbelt 7073 2010.10.16 VirTool.Win32.Obfuscator.hg!b1 (v)
SUPERAntiSpyware 4.40.0.1006 2010.10.16 Trojan.Agent/Gen-Kryptek
Symantec 20101.2.0.161 2010.10.16 Trojan.FakeAV!gen29
TheHacker 6.7.0.1.058 2010.10.16 Trojan/FraudPack.cfww
TrendMicro 9.120.0.1004 2010.10.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.16 -
VBA32 3.12.14.1 2010.10.15 Malware-Cryptor.Grygoryi.3
ViRobot 2010.9.25.4060 2010.10.16 Trojan.Win32.FakeAV.204800
VirusBuster 12.69.2.0 2010.10.16 Trojan.Kryptik.BHIL

Spusťte ještě jednou ComboFix pomocí skriptu:

Collect::
c:\windows\Upyraa.exe

ComboFix 10-10-15.04 - ludvík 16.10.2010 21:22:38.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1680 [GMT 2:00]
Spuštěný z: c:\documents and settings\ludvík\Plocha\grinder.com.exe
Použité ovládací přepínače :: c:\documents and settings\ludvík\Plocha\CFScript.txt.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\Upyraa.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Upyraa.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-16 do 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 18:50 . 2010-10-16 18:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-10-16 18:49 . 2010-10-16 18:49 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\Malwarebytes
2010-10-16 16:52 . 2010-10-16 17:10 -------- d-----w- C:\grinder.com
2010-10-15 10:21 . 2010-10-15 10:21 -------- d-----w- c:\program files\trend micro
2010-10-15 00:24 . 2010-10-15 00:24 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-15 00:09 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 00:09 . 2010-10-15 00:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-15 00:09 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-15 00:07 . 2010-10-15 00:07 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\SUPERAntiSpyware.com
2010-10-15 00:06 . 2010-10-15 00:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-14 01:29 . 2010-10-14 01:49 -------- d-----w- c:\program files\Forum Poster 3
2010-10-11 17:14 . 2010-10-11 17:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-11 00:36 . 2010-10-11 00:36 -------- d-----w- c:\program files\FreeTime
2010-10-11 00:34 . 2010-10-11 00:35 -------- d-----w- c:\program files\FormatFactory
2010-10-07 01:16 . 2009-04-24 11:10 647872 ----a-w- c:\windows\system32\MSCOMCT2.ocx
2010-10-07 01:16 . 2000-05-22 15:58 115920 ----a-w- c:\windows\system32\msinet.ocx
2010-10-07 01:16 . 2010-10-07 01:16 -------- d-----w- c:\program files\epos_2.4
2010-10-07 01:16 . 2010-10-07 01:24 -------- d-----w- C:\Bar
2010-09-29 01:17 . 2010-09-29 01:22 -------- d-----w- c:\program files\Ztrl
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-20 01:17 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-20 01:17 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-16 21:23 . 2010-10-11 00:24 -------- d-----w- c:\documents and settings\ludvík\Data aplikací\AVI ReComp
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Gabest
2010-09-16 21:20 . 2010-09-16 21:20 -------- d-----w- c:\program files\Xvid
2010-09-16 21:19 . 2010-09-16 21:19 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-16 21:19 . 2010-09-16 21:20 -------- d-----w- c:\program files\AVI ReComp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinOMeter"="c:\program files\winometer\winometer.exe" [2005-02-27 98304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Down2Home.lnk - c:\program files\Down2Home\Down2Home.exe [2003-3-11 307200]
Hodiny_T.lnk - c:\program files\Hodiny_T\Hodiny.exe [2010-6-11 675840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"StarWindServiceAE"=3 (0x3)
"NMSAccessU"=3 (0x3)
"mnmsrvc"=3 (0x3)
"BthServ"=3 (0x3)
"PCA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\ludvík\\Dokumenty\\Softw.Down&Up\\R.U.M\\RUM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 16:06 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 16:06 7408]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys --> c:\windows\system32\DRIVERS\gtipci21.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2010 3:19 722416]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\ludvík\Data aplikací\Mozilla\Firefox\Profiles\l5zvv7j9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75bf58c6-2a4b-4e70-91de-c4620404a72d}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e9
"Therad"=dword:0000000e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,08,d4,14,3e,44,09,2c,19,f6,4f,df,6f,b8,47,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,39,5a,97,4c,b4,bf,cc,cb,57,66,40,92,29,4f,d5,bb,ca,3f,94,42,
69,04,8f,38,2c,d8,67,59,a2,bb,ef,33,ec,2e,f3,74,46,55,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\ludvík\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Celkový čas: 2010-10-16 21:27:12
ComboFix-quarantined-files.txt 2010-10-16 19:27
ComboFix2.txt 2010-10-16 17:10
ComboFix3.txt 2010-10-15 02:46

Před spuštěním: Volných bajtů: 30 771 613 696
Po spuštění: Volných bajtů: 30 761 320 448

- - End Of File - - F8BB8BB36EE5825797D9798E6B53CB3D
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Jak se nyní PC chová?

Všechno už funguje krom připojení prohlížečů k netu.Ani jeden.Icq a skype ovšem ano.

Zkuste vypnout SaS. Pokud to nepmůže, opravte¨TCP/IP protokol pomocí WinsockFixu: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 . Máte-li parametry sítě ručně zadány, budete je muset po restartu PC znovu zadat.

sice asi až na 5. pokus ale nastavil jsem připojení a rozběhli se i prohlížeče.Už píšu z toho nemocnýho.
Takže senkjůverymuch,posílám všimné skrz paypal.

Nemáte zač a za příspěvek děkujeme!

VIRY.CZ

kontrola logu-problémy s připojením

kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením

Re: kontrola logu-problémy s připojením