nejdou nektere www ani nainstalovat napr. nod32

[darkous]

Dobry den, prosim o pomoc pri reseni nasledujiciho problemu.
Mam tu asi nejak zavirovanej pocitac, jelikoz nemohu na nektere stranky a mezi nima je napr. nod32.cz, tudiz nemohu ani nainstalovat antivir. Seznam.cz norma;lne funguje a nektere dalsi take... Dale to pak zahadne nastavi adresare na flashce jako skryte a jako viditelne z nich udela linky. Prikladam log z RSIT a combofixu

RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by a at 2011-11-13 21:32:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 450 GB (94%) free of 477 GB
Total RAM: 3503 MB (80% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\a\Data aplikací\Mozilla\Firefox\Profiles\ix42sim2.default

prefs.js - "browser.startup.homepage" - "seznam.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-08-08 56712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2011-05-06 142616]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2011-05-06 182552]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2011-05-06 166680]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-05-12 20053608]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-11-07 4617600]
"Microsoft DLL Registration"=C:\Documents and Settings\a\Data aplikací\regsrv64.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2011-05-02 268288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm

======List of files/folders created in the last 1 month======

2011-11-13 21:32:26 ----D---- C:\rsit
2011-11-13 21:32:26 ----D---- C:\Program Files\trend micro
2011-11-13 21:17:53 ----SHD---- C:\RECYCLER
2011-11-13 19:00:59 ----A---- C:\ComboFix.txt
2011-11-13 18:52:41 ----A---- C:\Boot.bak
2011-11-13 18:52:36 ----RASHD---- C:\cmdcons
2011-11-13 18:45:09 ----A---- C:\WINDOWS\zip.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\SWSC.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\SWREG.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\sed.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\PEV.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\MBR.exe
2011-11-13 18:45:09 ----A---- C:\WINDOWS\grep.exe
2011-11-13 18:31:59 ----D---- C:\WINDOWS\ERDNT
2011-11-13 18:31:48 ----D---- C:\Qoobox
2011-11-13 18:31:08 ----A---- C:\WINDOWS\ScanSpyware.INI
2011-11-13 18:30:46 ----D---- C:\Documents and Settings\a\Data aplikací\SUPERAntiSpyware.com
2011-11-13 18:30:21 ----D---- C:\Program Files\SUPERAntiSpyware
2011-11-13 18:30:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-13 18:19:47 ----D---- C:\WINDOWS\pss
2011-11-13 18:17:29 ----D---- C:\Documents and Settings\a\Data aplikací\ScanSpyware
2011-11-13 18:17:29 ----A---- C:\WINDOWS\system32\ssbtsr.exe
2011-11-13 18:17:28 ----D---- C:\Program Files\ScanSpyware
2011-11-13 16:25:49 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-11-12 14:21:15 ----A---- C:\WINDOWS\WINCMD.INI
2011-11-11 12:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 13:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-11-04 08:04:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2011-11-04 08:01:34 ----D---- C:\Documents and Settings\a\Data aplikací\Mozilla
2011-11-04 08:01:30 ----D---- C:\Program Files\Mozilla Firefox
2011-10-17 19:36:10 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 month======

2011-11-13 21:32:26 ----RD---- C:\Program Files
2011-11-13 21:28:11 ----D---- C:\WINDOWS\Prefetch
2011-11-13 19:00:37 ----D---- C:\WINDOWS\Temp
2011-11-13 18:59:03 ----D---- C:\WINDOWS
2011-11-13 18:59:03 ----A---- C:\WINDOWS\system.ini
2011-11-13 18:55:51 ----D---- C:\WINDOWS\system32\drivers
2011-11-13 18:55:51 ----D---- C:\WINDOWS\system32
2011-11-13 18:55:51 ----D---- C:\WINDOWS\AppPatch
2011-11-13 18:55:49 ----D---- C:\Program Files\Common Files
2011-11-13 18:52:41 ----RASH---- C:\boot.ini
2011-11-13 18:45:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-13 18:30:52 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-13 18:21:07 ----A---- C:\WINDOWS\win.ini
2011-11-13 16:24:57 ----D---- C:\Documents and Settings\a\Data aplikací\Skype
2011-11-12 14:12:56 ----HD---- C:\WINDOWS\inf
2011-11-12 10:39:35 ----D---- C:\install
2011-11-11 12:11:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 11:55:54 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-11 10:15:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-09 13:55:12 ----A---- C:\WINDOWS\imsins.BAK
2011-11-09 13:54:07 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-17 19:36:13 ----SHD---- C:\WINDOWS\Installer
2011-10-17 19:36:01 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2011-05-02 2184736]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-06-14 6359656]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-06-13 306664]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\a\LOCALS~1\Temp\catchme.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2011-08-08 161664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

COMBOFIX:

Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3503.2837 [GMT 1:00]
Spuštěný z: e:\country\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-13 do 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 17:30 . 2011-11-13 17:30 -------- d-----w- c:\documents and settings\a\Data aplikací\SUPERAntiSpyware.com
2011-11-13 17:30 . 2011-11-13 17:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-13 17:30 . 2011-11-13 17:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-13 17:17 . 2011-11-13 17:17 -------- d-----w- c:\documents and settings\a\Data aplikací\ScanSpyware
2011-11-13 17:17 . 2008-09-07 16:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2011-11-13 17:17 . 2011-11-13 17:17 -------- d-----w- c:\program files\ScanSpyware
2011-11-04 07:04 . 2011-11-04 07:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-11-04 07:01 . 2011-11-04 07:01 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Mozilla
2011-10-29 17:38 . 2011-10-29 17:38 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 07:07 . 2011-08-07 16:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2011-07-12 11:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 11:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2009-10-08 12:57 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 11:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2008-04-14 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-14 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-12 13:16 . 2011-11-04 07:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-03 . 8A4209F4C57F1789974FE5D8DCFC25BB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 0:38 116608]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.7.2011 12:32 1691480]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - !SASCORE
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://facebook.com/
mStart Page = hxxp://home.sweetim.com/?st=1&barid={8E47BBCD-E6F1-11E0-BAC8-50E54920B05D}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{8CFC2349-7ED6-4298-9E57-DD29856843E3}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\ix42sim2.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKLM-RunOnce-Windows Task Services - c:\documents and settings\a\Data aplikací\E.exe
SSODL-Windows Task Services-c:\documents and settings\a\Data aplikací\E.exe - (no file)
MSConfigStartUp-Eutate - c:\documents and settings\a\Data aplikací\Eutate.exe
MSConfigStartUp-Microsoft DLL Registration - c:\documents and settings\a\Data aplikací\regsrv64.exe
MSConfigStartUp-TaskUpdate v1 - c:\documents and settings\a\Data aplikací\5.exe
MSConfigStartUp-Windows Task Services - c:\documents and settings\a\Data aplikací\E.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 18:58
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Kutatk = c:\documents and settings\a\Data aplikac?\Kutatk.exe
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kutatk"="c:\\Documents and Settings\\a\\Data aplikací\\Kutatk.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-11-13 19:00:57
ComboFix-quarantined-files.txt 2011-11-13 18:00
.
Před spuštěním: Volných bajtů: 470 230 183 936
Po spuštění: Volných bajtů: 471 592 419 328
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B67AC17B81E37B5360858F953F8C4712

Predem dekuji za kontrolu a pomoc.

[Rudy]

Zdravím!
Nejprve otestujte soubor c:\windows\system32\ssbtsr.exe online na www.virustotal.com . Výsledek oznamte.

[darkous]

snad vkladam to co vas zajima..

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
ssbtsr.exe
Submission date:
2011-11-13 22:02:12 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

[Rudy]

Soubor je OK. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\SweetIM

Collect::
c:\Documents and Settings\a\Data aplikací\Kutatk.exe

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kutatk"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[darkous]

Opozdene dekuji, vse jiz pak fungovalo tak jak ma.

Diky

[Rudy]

Nemáte zač!