VIRY.CZ

Nějakých prvních deset minut je všechno v pořádku, pak však počítač začne hučet a zpomalí se prohlížení internetu, nová stránka nebo záložka se otvírá minutu, pak se to stále zhoršuje, až se s počítačem nedá pracovat, po nějaké době se všechno zaseká (ale to se trochu zlepšilo po vyčištění chladiče...).
Procházení disku funguje vždy jen chvíli, neustále se mi objevuje dole v rohu tohle
Obrázek

, když vypnu všechna okna, tak ten znak zmizí a zase to chvilku jede. Objeví se to taky vždy, když začnu pracovat s nějakým programem, konkrétně když rozděluju video nebo do něj dávám titulky, nic jiného ani na PC nedělám.

Vím, že mám počítač dost zanedbaný. Děkuju vám za pomoc.

---------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by jana at 2010-01-18 15:34:51
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (2%) free of 116 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:33, on 18.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\RSIT.exe
C:\Program Files\trend micro\jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMB0.tmp
O4 - HKLM\..\Run: [19602321] C:\DOCUME~1\ALLUSE~1\DATAAP~1\19602321\19602321.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Netcom3 PC Cleaner] C:\Program Files\Netcom3\Netcom3 PC Cleaner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\jana\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA9E9B0F-A356-4F89-9E96-13F1962E0336}: NameServer = 192.168.2.1
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b52ecaa98480) (gupdate1c9b52ecaa98480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 11741 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for jana.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2007-07-31 1391640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-19 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb124\Dealio.dll [2007-10-09 2663264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-10-15 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-15 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2007-07-31 1391640]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb124\Dealio.dll [2007-10-09 2663264]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-23 98304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-19 198160]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-12-27 98304]
"HP OrderReminder Cleaner"=C:\WINDOWS\hporclnr.exe [2006-12-27 104960]
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\HP\HP UT\ []
"sysgif32"=C:\WINDOWS\TEMP\~TMB0.tmp [2009-12-31 32768]
"19602321"=C:\DOCUME~1\ALLUSE~1\DATAAP~1\19602321\19602321.exe []
"CTFMON"=C:\WINDOWS\Temp\_ex-08.exe [2010-01-11 415744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe silent []
"Netcom3 PC Cleaner"=C:\Program Files\Netcom3\Netcom3 PC Cleaner.exe [2009-10-31 7480664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Java\jre1.6.0\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE"="C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abe3e586-be6a-11de-94df-001558255f33}]
shell\AutoRun\command - L:\LaunchU3.exe -a

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-18 15:34:56 ----D---- C:\Program Files\trend micro
2010-01-18 15:34:51 ----D---- C:\rsit
2010-01-18 15:24:11 ----A---- C:\RSIT.exe
2010-01-18 10:10:40 ----SHD---- C:\FOUND.039
2010-01-14 06:34:34 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 06:34:14 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 02:11:38 ----D---- C:\Program Files\WinPcap
2010-01-04 01:09:33 ----D---- C:\My Music
2010-01-03 18:25:56 ----A---- C:\DivXLand_MediaSub_207.exe
2010-01-03 05:00:35 ----D---- C:\evik
2010-01-01 19:53:48 ----D---- C:\LO
2009-12-31 18:04:08 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-29 23:56:39 ----D---- C:\Prisionera
2009-12-28 21:16:36 ----D---- C:\Program Files\Mp3 Knife
2009-12-26 19:25:29 ----D---- C:\Program Files\Hewlett-Packard
2009-12-26 19:25:28 ----RA---- C:\WINDOWS\hporclnr.exe
2009-12-26 19:25:18 ----D---- C:\Program Files\HP
2009-12-26 19:14:18 ----RA---- C:\WINDOWS\system32\HPMLVS.dll
2009-12-26 19:14:18 ----RA---- C:\WINDOWS\system32\HP1005LM.DLL
2009-12-26 19:11:51 ----D---- C:\Program Files\Netcom3
2009-12-26 18:51:25 ----HD---- C:\Program Files\Agilent-HP
2009-12-26 18:51:25 ----D---- C:\Documents and Settings\jana\Data aplikací\HP
2009-12-25 22:15:06 ----D---- C:\fotky na web
2009-12-22 14:32:50 ----N---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-12-22 14:32:50 ----N---- C:\WINDOWS\system32\INETWH32.dll
2009-12-22 14:32:42 ----D---- C:\Program Files\Ulead Systems

======List of files/folders modified in the last 1 months======

2010-01-18 14:24:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 06:34:32 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 00:32:00 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944]
R1 AmdK8;Ovladac procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152]
R3 hidusb;Ovladac trídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladac myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladac miniportu rozšíreného radice hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbocovac umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladac Miniport otevreného hostitelského radice Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 USBSTOR;Ovladac velkokapacitního pametového zarízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S1 kbdhid;Ovladac klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\jana\LOCALS~1\Temp\catchme.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys []
S3 usbccgp;Obecný nadrazený ovladac Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Trída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpurné prostredí zprostredkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;Sledování infracerveného prenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-30 654848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-15 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Pár potvůrek tam vidím, jdu na to.

Jdeme na to.

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTM.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:processes
_ex-08.exe
ICQ Service.exe
explorer.exe

:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{D0943516-5076-4020-A3B5-AEFAF26AB263}"=-
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"=-
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"TkBellExe"=-
"UserFaultCheck"=-
"HPUsageTracking"=-
"sysgif32"=-
"19602321"=-
"CTFMON"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"updateMgr"=-
"swg"=-

:files
C:\WINDOWS\Temp\*.exe
C:\Program Files\ICQ6Toolbar
C:\Program Files\Freecorder
C:\Program Files\Yahoo!
C:\PROGRA~1\MEGAUP~1
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\TEMP\*.tmp 
C:\DOCUME~1\ALLUSE~1\DATAAP~1\19602321
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení\Microsoft Office.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení\Adobe Reader Speed Launch.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
C:\FOUND.039
C:\WINDOWS\system32\fjhdyfhsn.bat

:services
ICQ Service

:commands
[emptytemp]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles

~~~

Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\jana\Data aplikací\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Pokud by tam nějaká položka nebyla, vynechte ji.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

Wow, děkuju moc za vaši práci, vážím si toho.

(Jinak jsem holka, nešlo to poznat.

)

Tady je log z OTM a ComboFix. Určitě už to je v pořádku.

All processes killed
========== PROCESSES ==========
No active process named _ex-08.exe was found!
No active process named ICQ Service.exe was found!
No active process named explorer.exe was found!
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://seznam.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPUsageTracking deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\19602321 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== FILES ==========
C:\WINDOWS\Temp\_ex-08.exe moved successfully.
C:\WINDOWS\Temp\exploder.exe moved successfully.
C:\WINDOWS\Temp\{1A7EF2D0-490B-5A0C-3B34-398D3C1A455A}-_ex-08.exe moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Program Files\Freecorder folder moved successfully.
C:\Program Files\Yahoo!\Common folder moved successfully.
C:\Program Files\Yahoo!\Companion\Modules folder moved successfully.
C:\Program Files\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files\Yahoo!\Companion folder moved successfully.
C:\Program Files\Yahoo! folder moved successfully.
C:\PROGRA~1\MegauploadToolbar folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\TEMP\ZAPF.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP58.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP57.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP37.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP16.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP12.tmp folder moved successfully.
C:\WINDOWS\TEMP\Hx18B.tmp moved successfully.
C:\WINDOWS\TEMP\ZAP5.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAPB.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP13.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAPA.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP9.tmp folder moved successfully.
C:\WINDOWS\TEMP\CR_40.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAPD.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAPC.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAPE.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP14.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP41.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP11.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP15.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP10.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP48.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP18.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP19.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP17.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP38.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP23.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP39.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP20.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP1F.tmp folder moved successfully.
C:\WINDOWS\TEMP\CR_6E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP24.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP22.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP27.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP25.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP21.tmp folder moved successfully.
C:\WINDOWS\TEMP\CR_3D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP26.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP28.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP29.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP30.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP36.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP31.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP50.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP32.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP33.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP34.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP35.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP55.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP42.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP43.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP40.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP45.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP44.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP47.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP46.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP49.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP51.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP4F.tmp folder moved successfully.
C:\WINDOWS\TEMP\~TMB0.tmp moved successfully.
C:\WINDOWS\TEMP\ZAP67.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP52.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP56.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP54.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP53.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP94.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP68.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP59.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP65.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP2.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP62.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP63.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP5F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP61.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP60.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP64.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP69.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP66.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6B.tmp folder moved successfully.
C:\WINDOWS\TEMP\~TMB1.tmp moved successfully.
C:\WINDOWS\TEMP\ZAP6F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP6E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP75.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP74.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP70.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP72.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP71.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP76.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP73.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP77.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP78.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP79.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP3.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP7F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP81.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP80.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP82.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP83.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP85.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP89.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP88.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP86.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP87.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP84.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8A.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8B.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8D.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8E.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8F.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP8C.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP95.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP91.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP92.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP96.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP90.tmp folder moved successfully.
C:\WINDOWS\TEMP\ZAP93.tmp folder moved successfully.
File/Folder C:\DOCUME~1\ALLUSE~1\DATAAP~1\19602321 not found.
File/Folder C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení\Microsoft Office.lnk not found.
File/Folder C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení\Adobe Reader Speed Launch.lnk not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk moved successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk moved successfully.
C:\FOUND.039 folder moved successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 2936317 bytes

User: jana
->Temp folder emptied: 385496370 bytes
->Temporary Internet Files folder emptied: 502108182 bytes
->Java cache emptied: 11902557 bytes
->FireFox cache emptied: 54643590 bytes
->Google Chrome cache emptied: 10418258 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: My Music

User: report

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 6404552 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9962620 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 938,00 mb

OTM by OldTimer - Version 3.1.6.0 log created on 01192010_095655

Files moved on Reboot...
File C:\WINDOWS\temp\_av_proI.tm~a00380\setup.lok not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!

Registry entries deleted on Reboot...

-----------------------------------------------------------------------

ComboFix 10-01-18.02 - jana 19.01.2010 10:19:42.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.54.1029.18.1022.668 [GMT 1:00]
Running from: c:\documents and settings\jana\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080531-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Netcom3
c:\program files\Netcom3\FileBackupManager.dll
c:\program files\Netcom3\CheckRegistryItem.dll
c:\program files\Netcom3\Logs\2009_12_26.log
c:\program files\Netcom3\Logs\2009_12_27.log
c:\program files\Netcom3\Logs\2009_12_28.log
c:\program files\Netcom3\Logs\2009_12_29.log
c:\program files\Netcom3\Logs\2009_12_30.log
c:\program files\Netcom3\Logs\2009_12_31.log
c:\program files\Netcom3\Logs\2010_01_01.log
c:\program files\Netcom3\Logs\2010_01_02.log
c:\program files\Netcom3\Logs\2010_01_03.log
c:\program files\Netcom3\Logs\2010_01_04.log
c:\program files\Netcom3\Logs\2010_01_05.log
c:\program files\Netcom3\Logs\2010_01_06.log
c:\program files\Netcom3\Logs\2010_01_09.log
c:\program files\Netcom3\Logs\2010_01_10.log
c:\program files\Netcom3\Logs\2010_01_11.log
c:\program files\Netcom3\Logs\2010_01_12.log
c:\program files\Netcom3\Logs\2010_01_13.log
c:\program files\Netcom3\Logs\2010_01_14.log
c:\program files\Netcom3\Logs\2010_01_15.log
c:\program files\Netcom3\Logs\2010_01_16.log
c:\program files\Netcom3\Logs\2010_01_18.log
c:\program files\Netcom3\Logs\2010_01_19.log
c:\program files\Netcom3\ManageLogs.dll
c:\program files\Netcom3\ManageRegistryItems.dll
c:\program files\Netcom3\MFC71.dll
c:\program files\Netcom3\MGuard.dll
c:\program files\Netcom3\msvcp71.dll
c:\program files\Netcom3\msvcr71.dll
c:\program files\Netcom3\Netcom3 PC Cleaner.exe
c:\program files\Netcom3\SHandler.dll
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
C:\Thumbs.db
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 09:07 . 2010-01-19 09:07 389632 ----a-w- c:\windows\system32\CF13472.exe
2010-01-19 09:07 . 2010-01-19 09:04 389632 ----a-w- c:\windows\system32\CF12816.exe
2010-01-19 08:56 . 2010-01-19 08:56 -------- d-----w- C:\_OTM
2010-01-18 14:34 . 2010-01-18 14:34 -------- d-----w- c:\program files\trend micro
2010-01-18 14:34 . 2010-01-18 14:34 -------- d-----w- C:\rsit
2010-01-18 14:24 . 2010-01-18 14:24 781909 ----a-w- C:\RSIT.exe
2010-01-04 00:09 . 2010-01-04 00:09 -------- d-----w- C:\My Music
2010-01-03 17:25 . 2010-01-03 17:26 2077163 ----a-w- C:\DivXLand_MediaSub_207.exe
2010-01-03 04:00 . 2010-01-03 04:00 -------- d-----w- C:\evik
2010-01-01 18:53 . 2010-01-01 18:53 -------- d-----w- C:\LO
2009-12-29 22:56 . 2009-12-29 22:56 -------- d-----w- C:\Prisionera
2009-12-28 20:16 . 2009-12-28 20:16 -------- d-----w- c:\program files\Mp3 Knife
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-26 18:25 . 2006-12-27 13:23 104960 ----a-r- c:\windows\hporclnr.exe
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\HP
2009-12-26 18:14 . 2007-03-26 13:00 229376 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\HP1005S.DLL
2009-12-26 18:14 . 2007-03-26 13:00 180736 ----a-r- c:\windows\system32\HP1005LM.DLL
2009-12-26 18:14 . 2006-12-28 17:00 49152 ----a-r- c:\windows\system32\HPMLVS.dll
2009-12-26 17:51 . 2009-12-26 17:51 -------- d--h--w- c:\program files\Agilent-HP
2009-12-25 21:15 . 2009-12-25 21:15 -------- d-----w- C:\fotky na web
2009-12-22 13:32 . 2006-07-22 18:37 49152 ------w- c:\windows\system32\INETWH32.dll
2009-12-22 13:32 . 1999-10-15 11:50 1056768 ------w- c:\windows\system32\ROBOEX32.DLL
2009-12-22 13:32 . 2009-12-22 13:32 -------- d-----w- c:\program files\Ulead Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix (2).lnk
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix.lnk
2009-12-10 15:23 . 2005-01-26 19:20 62934 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 15:23 . 2005-01-26 19:20 380730 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2004-08-18 19:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-10-29 07:43 . 2005-07-03 02:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-20 00:42 . 2009-08-20 00:38 466944 ----a-w- c:\program files\U95.exe
2007-11-18 12:03 . 2007-11-18 12:03 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-18 12:02 . 2007-11-18 12:02 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-18 12:00 . 2007-11-18 11:59 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2008-02-29 01:18 . 2007-10-05 17:47 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-29 01:18 . 2007-10-05 17:47 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-29 01:18 . 2007-10-05 17:47 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-29 01:18 . 2007-10-05 17:47 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-29 01:18 . 2007-10-05 17:47 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-04 22:59 . 2006-08-28 15:35 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304]
"HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\HP1005MC.EXE"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20.7.2007 1:41 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20.7.2007 1:41 5248]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [20.7.2007 1:49 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:36 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:36 20560]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [15.1.2007 16:11 73728]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2009 16:08 133104]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [20.7.2007 1:49 159616]

--- Other Services/Drivers In Memory ---

*Deregistered* - vxhlkh
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Norton Security Scan for jana.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-14 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: {EA9E9B0F-A356-4F89-9E96-13F1962E0336} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\ncuw3bki.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-Netcom3 PC Cleaner - c:\program files\Netcom3\Netcom3 PC Cleaner.exe
AddRemove-Ad-Aware SE Personal - c:\progra~1\LAVASOFT\AD-AWA~1\UNWISE.EXE
AddRemove-Chop - c:\program files\Common Files\InstallerA\Setup.exe \CHOP
AddRemove-Easy Video to Audio Converter_is1 - c:\program files\Easy Video to Audio Converter\unins000.exe
AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~2\UNWISE.EXE
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Image Assistant - c:\program files\Image Assistant\uninstall.exe
AddRemove-MegauploadToolbar - c:\program files\MegauploadToolbar\uninstall.exe
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe
AddRemove-SplitMovie 1.0 - c:\program files\SplitMovie 1.0\uninst.exe
AddRemove-TVUPlayer - c:\program files\TVUPlayer\uninst.exe
AddRemove-TYPSoft Alarme_is1 - c:\program files\TYPAlarm\unins000.exe
AddRemove-WinMPG Video Convert 3.7 - c:\progra~1\WINMPG~1\UNWISE.EXE
AddRemove-Yahoo! Companion - c:\progra~1\YAHOO!\COMMON\unyt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 10:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862DFE08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674fc3
\Driver\ACPI -> ACPI.sys @ 0xf74c1cb8
\Driver\atapi -> 0x862dfe08
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
SecurityProcedure -> ntkrnlpa.exe @ 0x80578264
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
SecurityProcedure -> ntkrnlpa.exe @ 0x80578264
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72b1ba0
PacketIndicateHandler -> NDIS.sys @ 0xf72beb21
SendHandler -> NDIS.sys @ 0xf729c87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vxhlkh]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3624)
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-01-19 10:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-19 09:30

Pre-Run: 3 758 424 064
Post-Run: 3 706 191 872

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 7281EEC45F7617B6800B5391C7DF85C0

Super, je to čistější. A opravdu jsem to nepoznal, ale tomuto problému se vyhýbám tykáním.

~~~

Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)

~~~

motji píše: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

~~~

Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.

~~~

Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.

~~~

Stáhněte SystemLook.
Dvojklikem spusťte soubor SystemLook.exe
Do bílého textového pole vkopírujte tento skript:

Kód: Vybrat vše

:filefind
vxhlkh.*

Nyní klikněte na 'Look'.
Poté se Vám otevře Poznámkový blok, jehož obsah vkopírujte sem do tématu.

Narazila jsem hnedka na začátku, když chci odinstalovat ty virtuální mechaniky, napíše mi to Momentálně je spuštěna jiná instalace. Nemám nikde nic spuštěné.

edit: Jestli je to kvůli tomu msiexec.exe, tak to je taky marné.
edit2: Tak se mi to povedlo odinstalovat díky tomuto návodu. Jdu na to.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~~ (půjčila jsem si

)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-19 13:35:51
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\jana\LOCALS~1\Temp\pgwdrpog.sys

---- Devices - GMER 1.0.15 ----

Device 866AFAE8
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] vxhlkh <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

~~~

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-19 13:35:34
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\jana\LOCALS~1\Temp\pgwdrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4068588] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4068444] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4068922] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF406801C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF406851E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF4067F5C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF4067FC0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF406863E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF40685FE] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF406877E] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

? vxhlkh.sys Zarízení pripojené k systému nefunguje. !
PAGE Fastfat.sys F7325CC0 4 Bytes CALL 86757191
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6975380, 0x346307, 0xE8000020]
? C:\DOCUME~1\jana\LOCALS~1\Temp\mbr.sys Systém nemuže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 41524602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!CallNextHookEx 7E36F85B 5 Bytes JMP 415ACEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 415BD6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 414E541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 415B9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 416B441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 416B4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 416B43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 416B4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 416B4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 416B4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 416B42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] ole32.dll!CoCreateInstance 774EFAC3 5 Bytes JMP 415BD748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] ole32.dll!OleLoadFromStream 7751A257 5 Bytes JMP 416B47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 415BD6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 414E541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 416B441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 416B4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 416B43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 416B4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 416B4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 416B4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3648] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 416B42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 41524602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!CallNextHookEx 7E36F85B 5 Bytes JMP 415ACEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 415BD6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 414E541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 415B9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 416B441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 416B4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 416B43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 416B4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 416B4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 416B4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 416B42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] ole32.dll!CoCreateInstance 774EFAC3 5 Bytes JMP 415BD748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] ole32.dll!OleLoadFromStream 7751A257 5 Bytes JMP 416B47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00660002
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00660000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3780] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 866AFAE8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 866AFAE8
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] vxhlkh <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vxhlkh@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vxhlkh@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vxhlkh@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vxhlkh@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\vxhlkh@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vxhlkh@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\vxhlkh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\vxhlkh@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

~~~

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:36 on 19/01/2010 by jana (Administrator - Elevation successful)

========== filefind ==========

Searching for "vxhlkh.*"
C:\WINDOWS\system32\drivers\vxhlkh.sys --a--- 763904 bytes [17:04 31/12/2009] [12:36 19/01/2010] (Unable to calculate MD5)

-=End Of File=-

Omlouvám se za zdržení, reinstaloval jsem systém.

~~~

Stáhněte The Avenger.
Dvojklikem spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\drivers\vxhlkh.sys

Drivers to delete:
vxhlkh

Klikněte na 'Execute'. Následně potvrdíte spuštění skriptu a restart.
Po restartu Vám program vyhodí log, ten mi sem vkopírujete.

Vůbec nic se neděje

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\drivers\vxhlkh.sys" deleted successfully.
Driver "vxhlkh" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Prosím o nový ComboFix log.

Omlouvám se za zpoždění.

ComboFix 10-01-21.08 - jana 22.01.2010 21:56:41.5.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.54.1029.18.1022.669 [GMT 1:00]
Running from: c:\documents and settings\jana\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080531-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-20 21:19 . 2010-01-20 21:19 -------- d-----w- C:\Santiago
2010-01-20 14:17 . 2010-01-20 14:17 -------- d-----w- C:\Chyby v SMV
2010-01-19 09:07 . 2010-01-19 09:07 389632 ----a-w- c:\windows\system32\CF13472.exe
2010-01-19 09:07 . 2010-01-19 09:04 389632 ----a-w- c:\windows\system32\CF12816.exe
2010-01-18 14:34 . 2010-01-18 14:34 -------- d-----w- c:\program files\trend micro
2010-01-04 00:09 . 2010-01-04 00:09 -------- d-----w- C:\My Music
2010-01-03 17:25 . 2010-01-03 17:26 2077163 ----a-w- C:\DivXLand_MediaSub_207.exe
2010-01-03 04:00 . 2010-01-03 04:00 -------- d-----w- C:\evik
2010-01-01 18:53 . 2010-01-01 18:53 -------- d-----w- C:\LO
2009-12-28 20:16 . 2009-12-28 20:16 -------- d-----w- c:\program files\Mp3 Knife
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-26 18:25 . 2006-12-27 13:23 104960 ----a-r- c:\windows\hporclnr.exe
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\HP
2009-12-26 18:14 . 2007-03-26 13:00 229376 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\HP1005S.DLL
2009-12-26 18:14 . 2007-03-26 13:00 180736 ----a-r- c:\windows\system32\HP1005LM.DLL
2009-12-26 18:14 . 2006-12-28 17:00 49152 ----a-r- c:\windows\system32\HPMLVS.dll
2009-12-26 17:51 . 2009-12-26 17:51 -------- d--h--w- c:\program files\Agilent-HP
2009-12-25 21:15 . 2009-12-25 21:15 -------- d-----w- C:\fotky na web

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix (2).lnk
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix.lnk
2009-12-22 13:32 . 2009-12-22 13:32 -------- d-----w- c:\program files\Ulead Systems
2009-12-21 19:08 . 2005-07-03 02:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 15:23 . 2005-01-26 19:20 62934 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 15:23 . 2005-01-26 19:20 380730 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2004-08-18 19:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-08-20 00:42 . 2009-08-20 00:38 466944 ----a-w- c:\program files\U95.exe
2007-11-18 12:03 . 2007-11-18 12:03 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-18 12:02 . 2007-11-18 12:02 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-18 12:00 . 2007-11-18 11:59 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2008-02-29 01:18 . 2007-10-05 17:47 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-29 01:18 . 2007-10-05 17:47 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-29 01:18 . 2007-10-05 17:47 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-29 01:18 . 2007-10-05 17:47 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-29 01:18 . 2007-10-05 17:47 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-04 22:59 . 2006-08-28 15:35 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304]
"HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-19 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-23 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\HP1005MC.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:36 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:36 20560]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2009 16:08 133104]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Norton Security Scan for jana.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-14 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: {EA9E9B0F-A356-4F89-9E96-13F1962E0336} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\ncuw3bki.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 22:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-22 22:03:30
ComboFix-quarantined-files.txt 2010-01-22 21:03

Pre-Run: 382 009 344
Post-Run: 2 604 924 928

- - End Of File - - 96EDB7EBD65943B37B169AC335E03209

Jdeme dál.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

File::
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\QuickTime\qttask.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"QuickTime Task"=-

Extra::
DDS::
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FireFox::
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\ncuw3bki.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.

Obrázek

ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.

~~~

Poté dodejte logy z ComboFixu, MbAMu + nový RSIT log.

ComboFix

ComboFix 10-01-22.03 - jana 23.01.2010 14:19:33.6.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.54.1029.18.1022.590 [GMT 1:00]
Running from: c:\documents and settings\jana\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\jana\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 080531-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\Common Files\Real\Update_OB\realsched.exe"
"c:\program files\QuickTime\qttask.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\program files\Mozilla Firefox\extensions\toolbar@dealio.com\components\DealioFF.dll
c:\program files\QuickTime\qttask.exe
C:\Thumbs.db
c:\windows\Fonts\MyriadPro-Regular.otf

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 08:46 . 2010-01-23 08:46 -------- d-----w- C:\FOUND.000
2010-01-20 21:19 . 2010-01-20 21:19 -------- d-----w- C:\Santiago
2010-01-20 14:17 . 2010-01-20 14:17 -------- d-----w- C:\Chyby v SMV
2010-01-19 09:07 . 2010-01-19 09:07 389632 ----a-w- c:\windows\system32\CF13472.exe
2010-01-19 09:07 . 2010-01-19 09:04 389632 ----a-w- c:\windows\system32\CF12816.exe
2010-01-18 14:34 . 2010-01-18 14:34 -------- d-----w- c:\program files\trend micro
2010-01-04 00:09 . 2010-01-04 00:09 -------- d-----w- C:\My Music
2010-01-03 17:25 . 2010-01-03 17:26 2077163 ----a-w- C:\DivXLand_MediaSub_207.exe
2010-01-03 04:00 . 2010-01-03 04:00 -------- d-----w- C:\evik
2010-01-01 18:53 . 2010-01-01 18:53 -------- d-----w- C:\LO
2009-12-28 20:16 . 2009-12-28 20:16 -------- d-----w- c:\program files\Mp3 Knife
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-26 18:25 . 2006-12-27 13:23 104960 ----a-r- c:\windows\hporclnr.exe
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\program files\HP
2009-12-26 18:14 . 2007-03-26 13:00 229376 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\HP1005S.DLL
2009-12-26 18:14 . 2007-03-26 13:00 180736 ----a-r- c:\windows\system32\HP1005LM.DLL
2009-12-26 18:14 . 2006-12-28 17:00 49152 ----a-r- c:\windows\system32\HPMLVS.dll
2009-12-26 17:51 . 2009-12-26 17:51 -------- d--h--w- c:\program files\Agilent-HP
2009-12-25 21:15 . 2009-12-25 21:15 -------- d-----w- C:\fotky na web

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix (2).lnk
2009-12-25 21:18 . 2009-12-25 21:18 311 ----a-w- c:\program files\ComboFix.lnk
2009-12-22 13:32 . 2009-12-22 13:32 -------- d-----w- c:\program files\Ulead Systems
2009-12-21 19:08 . 2005-07-03 02:17 916480 ------w- c:\windows\system32\wininet.dll
2009-12-10 15:23 . 2005-01-26 19:20 62934 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 15:23 . 2005-01-26 19:20 380730 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2004-08-18 19:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-08-20 00:42 . 2009-08-20 00:38 466944 ----a-w- c:\program files\U95.exe
2007-11-18 12:03 . 2007-11-18 12:03 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-18 12:02 . 2007-11-18 12:02 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-18 12:00 . 2007-11-18 11:59 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2008-02-29 01:18 . 2007-10-05 17:47 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-29 01:18 . 2007-10-05 17:47 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-29 01:18 . 2007-10-05 17:47 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-29 01:18 . 2007-10-05 17:47 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-29 01:18 . 2007-10-05 17:47 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-04 22:59 . 2006-08-28 15:35 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-22_21.02.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 08:46 . 2010-01-23 08:46 16384 c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2010-01-23 13:24 . 2010-01-23 13:24 16384 c:\windows\temp\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304]
"HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\HP1005MC.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:36 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:36 20560]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480);c:\program files\Google\Update\GoogleUpdate.exe [4.4.2009 16:08 133104]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Norton Security Scan for jana.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-14 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = local
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: {EA9E9B0F-A356-4F89-9E96-13F1962E0336} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\jana\Data aplikací\Mozilla\Firefox\Profiles\ncuw3bki.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 14:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-01-23 14:28:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 13:28
ComboFix2.txt 2010-01-22 21:03

Pre-Run: 2 692 579 328
Post-Run: 2 796 617 728

- - End Of File - - 2DBB1AF3051D41C78EC60DBC5D42973E

MbaM

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3619
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

23.1.2010 14:38:23
mbam-log-2010-01-23 (14-38-14).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 120748
Uplynulý èas: 3 minute(s), 41 second(s)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 29
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáøe: 12
Infikované soubory: 35

Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíèe registru:
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenU) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáøe:
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Program Files\Microsoft Offic (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer (Backdoor.Bifrose) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU (Adware.WhenU) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SmartShopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\res2 (Adware.SmartShopper) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\history.db (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\WinAntiVirus Pro 2007\Logs\update.log (Rogue.WinAntiVirus) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PPTVIEW.EXE (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\GDIPLUS.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PPVWINTL.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\UNICOWS.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PVREADME.HTM (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\INTLDATE.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\SAEXT.DLL (Backdoor.Bifrose) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU\Learn More About WhenU Save.url (Adware.WhenU) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenU) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU\WhenU.com Website.url (Adware.WhenU) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU\Uninstall.lnk (Adware.WhenU) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\WhenU\WhenU Help Desk.lnk (Adware.WhenU) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SmartShopper\Uninstall SmartShopper.lnk (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\Smart-Shopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\jana\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\jana\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by jana at 2010-01-23 14:41:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 3 GB (2%) free of 116 GB
Total RAM: 1022 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:02, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jana\Plocha\RSIT.exe
C:\Program Files\trend micro\jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA9E9B0F-A356-4F89-9E96-13F1962E0336}: NameServer = 192.168.2.1
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b52ecaa98480) (gupdate1c9b52ecaa98480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7512 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for jana.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-19 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-10-15 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-15 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-12-27 98304]
"HP OrderReminder Cleaner"=C:\WINDOWS\hporclnr.exe [2006-12-27 104960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštení
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.6.0\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE"="C:\WINDOWS\System32\spool\drivers\W32X86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-23 14:41:00 ----D---- C:\rsit
2010-01-23 14:32:29 ----D---- C:\Documents and Settings\jana\Data aplikací\Malwarebytes
2010-01-23 14:32:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-23 14:32:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-23 14:28:58 ----A---- C:\ComboFix.txt
2010-01-23 09:46:12 ----D---- C:\FOUND.000
2010-01-20 22:19:35 ----D---- C:\Santiago
2010-01-20 20:50:05 ----D---- C:\Qoobox
2010-01-20 15:17:11 ----D---- C:\Chyby v SMV
2010-01-20 13:48:27 ----D---- C:\Avenger
2010-01-20 13:48:27 ----A---- C:\avenger.txt
2010-01-19 10:11:29 ----RASHD---- C:\cmdcons
2010-01-19 10:10:33 ----A---- C:\WINDOWS\MBR.exe
2010-01-19 10:07:40 ----A---- C:\WINDOWS\system32\CF13472.exe
2010-01-19 10:07:02 ----A---- C:\WINDOWS\system32\CF12816.exe
2010-01-18 15:34:56 ----D---- C:\Program Files\trend micro
2010-01-14 06:34:34 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 06:34:14 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-04 01:09:33 ----D---- C:\My Music
2010-01-03 18:25:56 ----A---- C:\DivXLand_MediaSub_207.exe
2010-01-03 05:00:35 ----D---- C:\evik
2010-01-01 19:53:48 ----D---- C:\LO
2009-12-28 21:16:36 ----D---- C:\Program Files\Mp3 Knife
2009-12-26 19:25:29 ----D---- C:\Program Files\Hewlett-Packard
2009-12-26 19:25:28 ----RA---- C:\WINDOWS\hporclnr.exe
2009-12-26 19:25:18 ----D---- C:\Program Files\HP
2009-12-26 19:14:18 ----RA---- C:\WINDOWS\system32\HPMLVS.dll
2009-12-26 19:14:18 ----RA---- C:\WINDOWS\system32\HP1005LM.DLL
2009-12-26 18:51:25 ----HD---- C:\Program Files\Agilent-HP
2009-12-26 18:51:25 ----D---- C:\Documents and Settings\jana\Data aplikací\HP
2009-12-25 22:15:06 ----D---- C:\fotky na web

======List of files/folders modified in the last 1 months======

2010-01-23 14:25:18 ----A---- C:\WINDOWS\system.ini
2010-01-23 14:19:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-19 13:16:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-19 10:11:34 ----RASH---- C:\boot.ini
2010-01-14 06:34:40 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 00:32:00 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944]
R1 AmdK8;Ovladac procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hidusb;Ovladac trídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladac myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladac miniportu rozšíreného radice hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbocovac umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladac Miniport otevreného hostitelského radice Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 USBSTOR;Ovladac velkokapacitního pametového zarízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S1 kbdhid;Ovladac klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 mbr;mbr; \??\C:\DOCUME~1\jana\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys []
S3 usbccgp;Obecný nadrazený ovladac Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Trída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpurné prostredí zprostredkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760]
R2 Irmon;Sledování infracerveného prenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 gupdate1c9b52ecaa98480;Služba Google Update (gupdate1c9b52ecaa98480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-30 654848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-15 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

MbAM toho našel celkem dost.

Nechte, aby smazal vše, KROMĚ:

MbAM nemazat píše:C:\Program Files\Microsoft Offic (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer (Backdoor.Bifrose) -> No action taken.
C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PPTVIEW.EXE (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\GDIPLUS.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PPVWINTL.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\UNICOWS.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PVREADME.HTM (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\INTLDATE.DLL (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Microsoft Offic\PowerPoint Viewer\SAEXT.DLL (Backdoor.Bifrose) -> No action taken.

~~~

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

C:\WINDOWS\system32\videocore.dll
C:\Program Files\Microsoft Offic\PowerPoint Viewer\PPTVIEW.EXE
C:\Program Files\Microsoft Offic\PowerPoint Viewer\UNICOWS.DLL

Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

Viděla jsem no

Tak smazáno.

Odkazy:
http://www.virustotal.com/cs/analisis/7 ... 1264262744
http://www.virustotal.com/cs/analisis/b ... 1264263143
http://www.virustotal.com/cs/analisis/a ... 1264263716

VIRY.CZ

Prosím o kontrolu - zpomalený počítač

Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač

Re: Prosím o kontrolu - zpomalený počítač