VIRY.CZ

ComboFix 11-07-22.01 - petr 22.07.2011 15:54:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.527 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\documents and settings\petr\Plocha\Flash-Player.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.tray-7-0\svchost.exe
c:\windows\update.tray-9-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 13:33 . 2008-04-14 06:51 870784 ------w- c:\windows\system32\ati3d1ag.dll
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2006-12-28 22:31 19569 ----a-w- c:\windows\000001_.tmp
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 13:23 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 13:21 . 2011-07-22 13:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 13:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 12:43 . 2011-07-22 13:59 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-22 12:43 . 2011-07-22 12:43 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-22 11:37 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-22 11:37 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-22 11:37 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-22 11:37 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-22 11:37 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-22 11:37 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-22 11:37 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-22 11:37 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-22 11:36 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-22 11:36 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-20 09:15 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:27 . 2011-07-22 12:45 -------- d-----w- c:\windows\av_ico
2011-07-19 20:25 . 2011-07-22 13:59 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-19 20:25 . 2011-07-19 20:25 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.7.2011 15:21 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.0.10 192.168.0.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-9-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 16:06:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 14:06
.
Před spuštěním: Volných bajtů: 123 211 841 536
Po spuštění: Volných bajtů: 124 073 119 744
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 8EF7EC093A19B10010AE98A99C542137

zdravim
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\000001_.tmp
Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\av_ico
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

nejde vypnout avast nelze sním jakkoli operovat nezobrazí se mi ani už.rozhraní nejde odinstalovat win ho nevidí jako nainstalovaný program Your uninstaller také ne.
jen vyskočí tabulka s anglickým nápisem že avast pracuje v nějakým super režimu

http://www.avast.com/cs-cz/uninstall-utility
Pouzi od-instalator pre AVAST, a potom ked vycistime pc, nainstalujes spat.

udelal jsem vše podle tvých rad tady je new log
zatím moooc děkuju za snahu

ComboFix 09-03-15.01 - petr 2011-07-22 18:28:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1013.599 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -

FILE ::
c:\windows\000001_.tmp
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.

2011-07-22 16:34 . 2011-07-22 16:34 110,592 --a------ c:\windows\l1rezerv.exe
2011-07-22 16:33 . 2011-07-22 16:33 <DIR> d--h----- c:\windows\update.2
2011-07-22 16:33 . 2011-07-17 03:24 4,636,907 --a------ c:\windows\geoiplist
2011-07-22 16:33 . 2011-07-22 16:33 904,792 --a------ c:\windows\geoiplist.rar
2011-07-22 16:33 . 2011-07-22 16:33 246,272 --a------ c:\windows\unrar.exe
2011-07-22 16:33 . 2011-07-22 16:33 114,176 --a------ c:\windows\systemup.exe
2011-07-22 16:11 . 2011-07-22 16:11 <DIR> d-------- c:\program files\AVAST Software
2011-07-22 16:11 . 2011-07-22 16:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 16:09 . 2011-07-22 16:08 249,344 --a------ c:\windows\sysdriver32_.exe
2011-07-22 16:09 . 2011-07-22 16:35 179 --a------ c:\windows\info1
2011-07-22 16:09 . 2011-07-22 16:09 0 --a------ c:\windows\loader2.exe_ok
2011-07-22 16:08 . 2011-07-22 16:08 249,344 --a------ c:\windows\sysdriver32.exe
2011-07-22 15:51 . 2011-06-26 08:45 256,000 --a------ c:\windows\PEV.exe
2011-07-22 15:51 . 2010-11-07 19:20 208,896 --a------ c:\windows\MBR.exe
2011-07-22 15:31 . 2008-04-13 22:04 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2011-07-22 15:30 . 2011-07-22 15:30 <DIR> d-------- c:\windows\EHome
2011-07-22 15:24 . 2008-04-14 07:44 58,496 --a------ c:\windows\system32\drivers\redbook.sys
2011-07-22 15:24 . 2008-04-14 07:44 58,496 --a--c--- c:\windows\system32\dllcache\redbook.sys
2011-07-22 15:21 . 2011-07-22 17:17 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2011-07-22 15:20 . 2011-07-22 17:17 <DIR> d-------- c:\program files\DAEMON Tools Lite
2011-07-22 15:20 . 2011-07-22 15:24 <DIR> d-------- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 15:20 . 2011-07-22 15:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 14:53 . 2011-07-22 14:53 404,640 --a------ c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 13:37 . 2011-07-04 13:36 441,176 --a------ c:\windows\system32\drivers\aswSnx.sys
2011-07-22 13:36 . 2011-07-04 13:43 40,112 --a------ c:\windows\avastSS.scr
2011-07-22 13:17 . 2011-07-22 13:17 <DIR> d-------- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 13:16 . 2011-07-22 13:16 <DIR> d-------- c:\program files\Your Uninstaller 2010
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2011-07-20 11:15 . 2011-02-13 01:36 <DIR> dr------- c:\documents and settings\Administrator\Oblíbené položky
2011-07-20 11:15 . 2010-08-09 10:49 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2011-07-20 11:15 . 2010-08-09 11:18 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2011-07-20 11:15 . 2011-02-13 01:13 <DIR> dr------- c:\documents and settings\Administrator\Dokumenty
2011-07-20 11:15 . 2011-02-13 01:27 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Liteon
2011-07-20 11:15 . 2010-08-09 12:21 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2011-07-20 11:15 . 2011-02-13 01:27 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2011-07-20 11:15 . 2011-02-13 01:13 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software
2011-07-20 11:15 . 2011-07-22 16:16 <DIR> d-------- c:\documents and settings\Administrator
2011-07-19 22:14 . 2011-07-19 22:14 <DIR> d-------- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 11:51 . 2008-04-14 08:51 21,504 --a------ c:\windows\system32\hidserv.dll
2011-07-06 11:51 . 2008-04-14 08:51 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 11:51 . 2008-04-14 14:00 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2011-07-06 11:51 . 2008-04-14 14:00 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 16:20 --------- d-----w c:\documents and settings\petr\Data aplikací\Skype
2011-07-22 16:20 --------- d-----w c:\documents and settings\petr\Data aplikací\ICQ
2011-07-22 15:26 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2011-07-22 11:32 --------- d-----w c:\program files\Google
2011-07-20 08:13 --------- d-----w c:\program files\Acer GameZone
2011-07-14 09:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\boost_interprocess
2011-06-30 08:10 --------- d-----w c:\program files\ICQ7.5
2011-07-06 14:17 142,296 ----a-w c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 24,376 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
2011-04-17 04:27 262,144 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
2010-08-09 09:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_18.15.05.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-22 16:30:09 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 19:40 120176 --a------ c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-07-22 249344]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [2011-07-22 249344]
"systemup"="c:\windows\systemup.exe" [2011-07-22 114176]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-22 110592]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-08-09 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-07-28 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\update.2\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2010-08-09 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2010-08-09 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2010-08-09 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-09 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-05-12 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-08-09 260640]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-08-09 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-08-09 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-26 305520]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2010-08-09 69120]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-09 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-08-09 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2010-06-10 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-06-10 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-05 17:50]

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 02:25]

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 02:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 18:29:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\update.2\svchost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\update.2\svchost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 18:32:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 16:32:31

Před spuštěním: Volných bajtů: 127 133 315 072
Po spuštění: Volných bajtů: 127,117,955,072

238 --- E O F --- 2011-07-22 13:46:57

takto, combofix uz je po zaruke,
odinstaluj
klikni na start >>spustit>>vloz tento prikaz>>
combofix /uninstall
klkni na ok

stiahnes cerstvu verziu combofixu a spust ho podla navodu
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

ComboFix 11-07-22.02 - petr 22.07.2011 19:05:34.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.628 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
FILE ::
"c:\windows\000001_.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:33 . 2011-07-22 14:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3312)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 19:16:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 17:16
ComboFix2.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 934 872 064
Po spuštění: Volných bajtů: 126 916 988 928
.
- - End Of File - - 1A54DCE0D1F6FC7A380E7D3567D39992

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\unrar.exe
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,4f,00,4f,00,\
44,00,42,00,53,00,00,00,00,00

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

ComboFix 11-07-22.02 - petr 22.07.2011 19:30:05.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.576 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0O\0O\0D\0B\0S\0\0\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2044)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 19:40:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 17:40
ComboFix2.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 924 005 376
Po spuštění: Volných bajtů: 126 909 177 856
.
- - End Of File - - 3709E42A326B47EE158A6C10BD

tu su dajake zbytky s Mcafee firewal, odstranime to. ok
Toto je co za softver??
c:\program files\EgisTec MyWinLocker

neco ohledně šifrování dám to pryč

nemusis, len som nevedel co to je
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
TP
McMPFSvc
ICQ Service
Folder::
c:\program files\Common Files\Mcafee
Rootkit::
c:\docume~1\petr\LOCALS~1\Temp\TP.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí
[/code]

ComboFix 11-07-22.02 - petr 22.07.2011 20:33:09.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.580 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_MCMPFSVC
-------\Legacy_TP
-------\Service_ICQ Service
-------\Service_McMPFSvc
-------\Service_TP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_17.13.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-09 10:59 . 2011-07-22 18:21 327680 c:\windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe
- 2010-08-09 10:59 . 2010-08-09 10:59 327680 c:\windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0O\0O\0D\0B\0S
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.0.10 192.168.0.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SuiteTray - c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(660)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 20:49:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 18:49
ComboFix2.txt 2011-07-22 17:40
ComboFix3.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 642 143 232
Po spuštění: Volných bajtů: 126 621 757 440
.
- - End Of File - - 0324345C1886B71B465AF011EE4007F0

Vypni obnovu systemu, restart a zapnut spat.
1:odinstaluj combofix
2:Nainstaluj Antivirak[avast, Avira] http://www.viry.cz/forum/viewtopic.php?f=29&t=6152
Nainstaluj Firewall [pctools] http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

A to je vsetko.

mnohokrát ti děkuji ... jsi borec mno mám se co učit díky moc. bye

VIRY.CZ

moc prosííím o kontrolu logu je to urgentní

moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní