Počítač byl označen za rozesílatele spamu

[modrasek]

Dobrý den,
chtěl bych požádat o kontrolu logu. Dnes ráno mi přišla sms, že nám odpojují na bytě internet, že máme v síti počítač, který rozesílá spam. Bohužel je nás na bytě 7 a nevím, který to je. Vyzkoušel jsem na všech pc nainstalovat marlawere bytes + ccleaner, na několi pc to něco málo našlo, tak jsme si mysleli, že by to mohlo být ono, ale asi za 10 minut nám to vypnuli znovu. Vzal jsem tedy toho největší faforita z těch 7 pc, který by to mohl být a udělal log. Mohl by se na to prosím někdo podívat?Předem díky.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2010-11-10 20:02:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (24%) free of 35 GB
Total RAM: 446 MB (38% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\20101010091254\ICQToolBar.dll [2010-10-04 1049912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"= []
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-04-27 151552]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
""= []
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-06-23 602112]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-29 188416]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-17 16207872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-05-04 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-21 56832]
"jodoohe"=C:\WINDOWS\system32\kifocy.exe [2010-11-10 201216]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2009-07-22 416408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-21 56832]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
"MSConfig"=C:\Documents and Settings\Acer\jxqrig.exe [2010-11-10 19456]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Acer\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
a3gg70ddu.exe
fa60xxojjk.exe
k0g70ddupv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snwbvhif.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\snwbvhif.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisableLocalUserRun"=1
"DisableLocalUserRunOnce"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"DisableLocalMachineRun"=1
"DisableLocalMachineRunOnce"=1
"DisableLocalUserRun"=1
"DisableLocalUserRunOnce"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\TOTALCMD\TOTALCMD.EXE"="C:\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\DOCUME~1\Acer\LOCALS~1\Temp\IXP000.TMP\gdf.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-11-10 20:02:57 ----D---- C:\Program Files\trend micro
2010-11-10 20:02:56 ----D---- C:\rsit
2010-11-10 18:58:30 ----A---- C:\WINDOWS\system32\drivers\snwbvhif.sys
2010-11-10 18:51:54 ----A---- C:\WINDOWS\system32\futafogo.exe
2010-11-10 18:48:23 ----D---- C:\Documents and Settings\Acer\Data aplikací\ESET
2010-11-10 18:45:41 ----D---- C:\Program Files\ESET
2010-11-10 18:45:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-11-10 18:18:21 ----D---- C:\Documents and Settings\Acer\Data aplikací\Malwarebytes
2010-11-10 18:18:12 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-10 18:18:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-10 18:18:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-10 18:18:10 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-10 18:14:32 ----D---- C:\Program Files\CCleaner
2010-11-10 16:27:11 ----A---- C:\27.exe
2010-11-10 11:13:27 ----A---- C:\jshd.exe
2010-11-10 10:50:45 ----A---- C:\WINDOWS\system32\vakigivoo.exe
2010-11-10 10:50:12 ----RSHD---- C:\RECYCLER
2010-11-10 10:49:27 ----A---- C:\WINDOWS\system32\kifocy.exe
2010-11-10 02:36:47 ----A---- C:\sjshd.exe
2010-11-10 02:20:17 ----RSH---- C:\Documents and Settings\Acer\Data aplikací\juzjf.exe
2010-10-21 18:23:11 ----RSH---- C:\WINDOWS\nvsvc32.exe

======List of files/folders modified in the last 1 months======

2010-11-10 19:53:50 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-11-10 19:22:12 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
R0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 snwbvhif;snwbvhif; C:\WINDOWS\System32\Drivers\snwbvhif.sys [2010-11-10 40128]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-17 691696]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-12 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-12 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-06-02 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-12 727808]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 alo4ufi9;alo4ufi9; C:\WINDOWS\system32\drivers\alo4ufi9.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 agy3oxn9at;Crystal Report Application Server; C:\WINDOWS\system32\vakigivoo.exe [2010-11-10 201216]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-04-27 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-04-27 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-04-27 61440]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[modrasek]

ComboFix 10-11-09.03 - Acer 10.11.2010 20:31:40.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.446.162 [GMT 1:00]
Spuštěný z: c:\documents and settings\Acer\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\27.exe
c:\documents and settings\Acer\jxqrig.exe
c:\windows\nvsvc32.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- c:\program files\trend micro
2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- C:\rsit
2010-11-10 17:51 . 2010-11-10 18:07 201216 ----a-w- c:\windows\system32\futafogo.exe
2010-11-10 17:48 . 2010-11-10 17:48 -------- d-----w- c:\documents and settings\Acer\Data aplikací\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\program files\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\Acer\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 17:14 . 2010-11-10 17:14 -------- d-----w- c:\program files\CCleaner
2010-11-10 10:13 . 2010-11-10 14:00 130 ----a-w- C:\jshd.exe
2010-11-10 09:50 . 2010-11-10 09:49 201216 ----a-w- c:\windows\system32\vakigivoo.exe
2010-11-10 09:49 . 2010-11-10 09:49 201216 ----a-w- c:\windows\system32\kifocy.exe
2010-11-10 01:36 . 2010-11-10 01:50 77824 ----a-w- C:\sjshd.exe
2010-11-10 01:20 . 2010-11-10 01:20 77824 --sh--r- c:\documents and settings\Acer\Data aplikací\juzjf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-07-22 416408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 16207872]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"jodoohe"="c:\windows\system32\kifocy.exe" [2010-11-10 201216]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]

c:\documents and settings\Acer\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-5-9 385024]
a3gg70ddu.exe [2010-11-10 60416]
fa60xxojjk.exe [2010-11-10 60416]
k0g70ddupv.exe [2010-11-10 60416]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snwbvhif.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 snwbvhif;snwbvhif;c:\windows\system32\Drivers\snwbvhif.sys --> c:\windows\system32\Drivers\snwbvhif.sys [?]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2010 14:47 691696]
S2 agy3oxn9at;Crystal Report Application Server;c:\windows\system32\vakigivoo.exe [10.11.2010 10:50 201216]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_EU&apn_uid=C1F957BC-0A33-4AE5-9D5B-6DAB514C10D5&apn_ptnrs=UG&apn_sauid=1BF3EBDB-1E1B-453B-9E31-A7802419BD50&apn_dtid=&q=
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-LaunchApp - (no file)
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 20:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-10 20:43:44
ComboFix-quarantined-files.txt 2010-11-10 19:43

Před spuštěním: 8 911 618 048
Po spuštění: 8 957 067 264

- - End Of File - - 86B8C89039B906985D0B9535E5F3E5DF

[modrasek]

Podařilo se vám z toho něco vyčíst?Myslíte, že by to mohl být tento počítač co ty spamy rozesílá?

[Rudy]

Spamy posílá docela jistě, máte tam "nastaláno". Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
C:\jshd.exe
c:\windows\system32\vakigivoo.exe
c:\windows\system32\kifocy.exe
C:\sjshd.exe
c:\documents and settings\Acer\Data aplikací\juzjf.exe
c:\documents and settings\Acer\Nabídka Start\Programy\Po spuštění\a3gg70ddu.exe
c:\documents and settings\Acer\Nabídka Start\Programy\Po spuštění\fa60xxojjk.exe
c:\documents and settings\Acer\Nabídka Start\Programy\Po spuštění\k0g70ddupv.exe
c:\windows\system32\Drivers\snwbvhif.sys

Driver::
snwbvhif
agy3oxn9at

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jodoohe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snwbvhif.sys]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[modrasek]

ComboFix 10-11-09.03 - Acer 10.11.2010 21:58:54.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.446.180 [GMT 1:00]
Spuštěný z: c:\documents and settings\Acer\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Acer\Plocha\CFScript.TXT
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: C:\jshd.exe
file zipped: C:\sjshd.exe
file zipped: c:\windows\system32\Drivers\snwbvhif.sys
file zipped: c:\windows\system32\kifocy.exe
file zipped: c:\windows\system32\vakigivoo.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jshd.exe
C:\sjshd.exe
c:\windows\system32\kifocy.exe
c:\windows\system32\vakigivoo.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AGY3OXN9AT
-------\Legacy_SNWBVHIF
-------\Service_agy3oxn9at
-------\Service_snwbvhif


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 20:58 . 2010-11-10 20:58 -------- d-----w- c:\documents and settings\Acer\Local Settings\Data aplikací\ESET
2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- c:\program files\trend micro
2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- C:\rsit
2010-11-10 17:58 . 2010-11-10 20:58 40128 ----a-w- c:\windows\system32\drivers\snwbvhif.sys
2010-11-10 17:51 . 2010-11-10 18:07 201216 ----a-w- c:\windows\system32\futafogo.exe
2010-11-10 17:48 . 2010-11-10 17:48 -------- d-----w- c:\documents and settings\Acer\Data aplikací\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\program files\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\Acer\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 17:14 . 2010-11-10 17:14 -------- d-----w- c:\program files\CCleaner
2010-11-10 01:20 . 2010-11-10 01:20 77824 --sh--r- c:\documents and settings\Acer\Data aplikací\juzjf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-07-22 416408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 16207872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]

c:\documents and settings\Acer\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-5-9 385024]
a3gg70ddu.exe [2010-11-10 60416]
fa60xxojjk.exe [2010-11-10 60416]
k0g70ddupv.exe [2010-11-10 60416]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(1a8):45,78,70,6c,6f,72,65,72,2e,65,78,65

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2010 14:47 691696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.7.2009 17:36 246520]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_EU&apn_uid=C1F957BC-0A33-4AE5-9D5B-6DAB514C10D5&apn_ptnrs=UG&apn_sauid=1BF3EBDB-1E1B-453B-9E31-A7802419BD50&apn_dtid=&q=
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 22:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2588)
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-11-10 22:16:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-10 21:16
ComboFix2.txt 2010-11-10 19:43

Před spuštěním: 8 967 553 024
Po spuštění: 8 870 395 904

- - End Of File - - AE27FC99A288521AD024AAAA7AD78FE6

[modrasek]

Podařilo se vše odstranit správně?Nebo je ještě nutné provést další krok?

[Rudy]

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\system32\drivers\snwbvhif.sys
c:\windows\system32\futafogo.exe
c:\documents and settings\Acer\Data aplikací\juzjf.exe

Driver::
snwbvhif

[modrasek]

ComboFix 10-11-09.03 - Acer 10.11.2010 23:09:03.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.446.159 [GMT 1:00]
Spuštěný z: c:\documents and settings\Acer\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Acer\Plocha\CFScript.TXT
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\system32\drivers\snwbvhif.sys
file zipped: c:\windows\system32\futafogo.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Acer\secupdat.dat
c:\windows\system32\drivers\snwbvhif.sys
c:\windows\system32\futafogo.exe
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 20:58 . 2010-11-10 20:58 -------- d-----w- c:\documents and settings\Acer\Local Settings\Data aplikací\ESET
2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- c:\program files\trend micro
2010-11-10 19:02 . 2010-11-10 19:02 -------- d-----w- C:\rsit
2010-11-10 17:48 . 2010-11-10 17:48 -------- d-----w- c:\documents and settings\Acer\Data aplikací\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\program files\ESET
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\Acer\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 17:18 . 2010-11-10 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-10 17:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 17:14 . 2010-11-10 17:14 -------- d-----w- c:\program files\CCleaner
2010-11-10 01:20 . 2010-11-10 01:20 77824 --sh--r- c:\documents and settings\Acer\Data aplikací\juzjf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-07-22 416408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 16207872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]

c:\documents and settings\Acer\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-5-9 385024]
a3gg70ddu.exe [2010-11-10 60416]
fa60xxojjk.exe [2010-11-10 60416]
k0g70ddupv.exe [2010-11-10 60416]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2010 14:47 691696]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_EU&apn_uid=C1F957BC-0A33-4AE5-9D5B-6DAB514C10D5&apn_ptnrs=UG&apn_sauid=1BF3EBDB-1E1B-453B-9E31-A7802419BD50&apn_dtid=&q=
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Acer\Data aplikací\Mozilla\Firefox\Profiles\qsh0ivn8.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 23:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-10 23:29:20
ComboFix-quarantined-files.txt 2010-11-10 22:29
ComboFix2.txt 2010-11-10 21:16
ComboFix3.txt 2010-11-10 19:43

Před spuštěním: 8 876 163 072
Po spuštění: 8 859 844 608

- - End Of File - - D6046C00037DB9D46017EC3B9622173C

[modrasek]

Chtěl bych se zeptat, podařilo se podle logu z combofixu vše odstranit?Můžu zavolat na poskytovatele internetu aby internet pustilo, že je vše již v pořádku?

[Rudy]

Není to v pořádku. ještě jeden skript, s nímž spustíte CF:

Collect::
c:\documents and settings\Acer\Data aplikací\juzjf.exe

Driver::
juzjf