viry

[Aneta87]

můžete mi pomoct odstranit viry v počítači?

děkuji. Aneta

[Aneta87]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hruškovi at 2010-04-10 21:13:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (3%) free of 111 GB
Total RAM: 1023 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 808472]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{B922D405-6D13-4A2B-AE89-08A030DA4402}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2007-04-16 577536]
"Ptipbmf"=ptipbmf.dll,SetWriteCacheMode []
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2009-10-04 589824]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"BigDog305"=C:\WINDOWS.0\VM305_STI.EXE [2007-04-09 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2006-03-02 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS.0\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]

C:\Documents and Settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Philips GoGear VIBE Device Manager.lnk - C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS.0\system32\wmicvrts.exe"="C:\WINDOWS.0\system32\wmicvrts.exe:*:Enabled:DHCP Router"
"C:\DOCUME~1\HRUKOV~1.HRU\LOCALS~1\Temp\9177535.exe"="C:\DOCUME~1\HRUKOV~1.HRU\LOCALS~1\Temp\9177535.exe:*:Enabled:test"
"C:\DOCUME~1\HRUKOV~1.HRU\LOCALS~1\Temp\26067.exe"="C:\DOCUME~1\HRUKOV~1.HRU\LOCALS~1\Temp\26067.exe:*:Enabled:test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS.0\system32\wmicvrts.exe"="C:\WINDOWS.0\system32\wmicvrts.exe:*:Enabled:DHCP Router"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15e6d58f-1f98-11df-886f-00022ae10a7a}]
shell\AutoRun\command - G:\ZRNO//soli.exe
shell\open\command - G:\ZRNO//soli.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{397d03a8-c48a-11de-87ee-00022ae10a7a}]
shell\AutoRun\command - C:\WINDOWS.0\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Play.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{397d03a9-c48a-11de-87ee-00022ae10a7a}]
shell\AutoRun\command - G:\NAUMI///radil.exe
shell\open\command - G:\NAUMI///radil.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be4779d4-b289-11de-87d3-00022ae10a7a}]
shell\AutoRun\command - MUSHKARCI///nesme.exe
shell\open\command - MUSHKARCI///nesme.exe


======List of files/folders created in the last 1 months======

2010-04-10 21:13:41 ----D---- C:\rsit
2010-04-10 21:13:41 ----D---- C:\Program Files\trend micro
2010-04-07 22:57:57 ----D---- C:\Program Files\Traction Software
2010-04-05 15:33:01 ----RSH---- C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\uyofn.exe
2010-04-05 15:32:57 ----A---- C:\WindowsXP.exe
2010-04-03 17:50:09 ----RSH---- C:\WINDOWS.0\Windows3.exe
2010-04-03 14:02:32 ----RSH---- C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\bszr.exe
2010-04-03 14:02:25 ----RSH---- C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\yrpv.exe
2010-03-21 20:22:23 ----N---- C:\WINDOWS.0\system32\browserchoice.exe
2010-03-15 09:06:16 ----HDC---- C:\WINDOWS.0\$NtUninstallKB929399$
2010-03-15 09:05:58 ----HDC---- C:\WINDOWS.0\$NtUninstallKB939683$
2010-03-15 09:05:19 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954154_WM11$
2010-03-14 22:50:29 ----HDC---- C:\WINDOWS.0\$NtUninstallKB926239$
2010-03-14 22:49:55 ----N---- C:\WINDOWS.0\system32\spmsg.dll
2010-03-14 22:49:49 ----HDC---- C:\WINDOWS.0\$NtUninstallMSCompPackV1$
2010-03-14 22:49:36 ----D---- C:\Program Files\Windows Media Connect 2
2010-03-14 22:49:26 ----HDC---- C:\WINDOWS.0\$NtUninstallwmp11$
2010-03-14 22:48:38 ----HDC---- C:\WINDOWS.0\$NtUninstallWMFDist11$
2010-03-14 22:48:03 ----D---- C:\WINDOWS.0\system32\LogFiles
2010-03-14 22:47:54 ----HDC---- C:\WINDOWS.0\$NtUninstallWudf01000$
2010-03-14 22:35:03 ----D---- C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\ArcSoft
2010-03-14 22:33:58 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\ArcSoft
2010-03-14 22:33:33 ----D---- C:\Program Files\Common Files\ArcSoft
2010-03-14 22:31:57 ----D---- C:\Program Files\Philips
2010-03-14 22:31:03 ----D---- C:\temp
2010-03-11 00:33:48 ----HDC---- C:\WINDOWS.0\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-10 21:13:49 ----D---- C:\WINDOWS.0\Prefetch
2010-04-10 21:13:41 ----RD---- C:\Program Files
2010-04-10 21:09:51 ----AD---- C:\WINDOWS.0\Temp
2010-04-10 21:09:05 ----D---- C:\WINDOWS.0
2010-04-10 21:07:02 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2010-04-10 21:06:56 ----D---- C:\WINDOWS.0\system32\CatRoot2
2010-04-10 21:03:06 ----D---- C:\Program Files\Mozilla Firefox
2010-04-10 20:32:21 ----HD---- C:\WINDOWS.0\inf
2010-04-08 20:13:46 ----D---- C:\WINDOWS.0\system32
2010-04-07 23:08:51 ----D---- C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\ICQ
2010-04-07 22:57:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-31 23:09:04 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2010-03-31 23:09:01 ----D---- C:\Program Files\Internet Explorer
2010-03-31 23:08:51 ----D---- C:\WINDOWS.0\ie8updates
2010-03-31 23:08:25 ----HD---- C:\WINDOWS.0\$hf_mig$
2010-03-28 12:43:02 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2010-03-25 17:41:04 ----D---- C:\WINDOWS.0\system32\drivers
2010-03-23 18:43:35 ----D---- C:\Program Files\pdfforge Toolbar
2010-03-22 00:06:32 ----D---- C:\WINDOWS.0\security
2010-03-15 09:06:59 ----D---- C:\WINDOWS.0\system32\CatRoot
2010-03-15 09:06:20 ----A---- C:\WINDOWS.0\imsins.BAK
2010-03-14 23:28:26 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2010-03-14 23:27:00 ----D---- C:\WINDOWS.0\AppPatch
2010-03-14 22:49:43 ----A---- C:\WINDOWS.0\win.ini
2010-03-14 22:49:36 ----D---- C:\Program Files\Windows Media Player
2010-03-14 22:49:33 ----D---- C:\WINDOWS.0\Help
2010-03-14 22:34:51 ----SHD---- C:\WINDOWS.0\Installer
2010-03-14 22:34:50 ----HD---- C:\Config.Msi
2010-03-14 22:34:50 ----D---- C:\WINDOWS.0\WinSxS
2010-03-14 22:33:33 ----D---- C:\Program Files\Common Files
2010-03-11 00:33:51 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS.0\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2007-11-15 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS.0\system32\drivers\pfc.sys [2009-11-25 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
S1 kbdhid;kbdhid; C:\WINDOWS.0\system32\drivers\kbdhid.sys [2006-03-02 14848]
S3 afpcms57;afpcms57; C:\WINDOWS.0\system32\drivers\afpcms57.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eylhgqno;eylhgqno; \??\C:\WINDOWS.0\System32\Drivers\eylhgqno.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS.0\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS.0\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS.0\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 otigsizt;otigsizt; \??\C:\WINDOWS.0\System32\Drivers\otigsizt.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xldzdmvz;xldzdmvz; \??\C:\WINDOWS.0\System32\Drivers\xldzdmvz.sys []
S3 ZSMC0305;A4 TECH PC Camera V; C:\WINDOWS.0\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2006-03-02 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS.0\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Hezké odpoledne

Zapojte do pc všechny usb klíče, flashky...co používáte


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem


Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 1 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

[motji]

Ještě se zeptám, jedná se o jiný počítač než v tomto topicu?
http://www.viry.cz/forum/viewtopic.php? ... 51#p843051

[Aneta87]

ComboFix 10-04-10.02 - Hruškovi 11.04.2010 14:33:12.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.626 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100411-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 20:39 . 2010-03-29 22:46 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-04-10 20:39 . 2010-04-10 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 20:39 . 2010-03-29 22:45 20824 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-04-10 19:52 . 2010-04-10 20:35 -------- d-----w- C:\UsbFix
2010-04-10 19:13 . 2010-04-10 19:14 -------- d-----w- C:\rsit
2010-04-10 19:13 . 2010-04-10 19:13 -------- d-----w- c:\program files\trend micro
2010-04-07 20:57 . 2010-04-07 20:57 -------- d-----w- c:\program files\Traction Software
2010-04-03 15:50 . 2010-04-03 15:50 151552 --sh--r- c:\windows.0\Windows3.exe
2010-03-21 18:22 . 2010-02-12 10:03 293376 ------w- c:\windows.0\system32\browserchoice.exe
2010-03-14 20:49 . 2010-03-14 20:49 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 20:48 . 2010-03-14 21:28 -------- d-----w- c:\windows.0\system32\drivers\UMDF
2010-03-14 20:48 . 2010-03-14 20:48 -------- d-----w- c:\windows.0\system32\LogFiles
2010-03-14 20:33 . 2010-03-14 20:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-14 20:31 . 2010-03-14 20:31 -------- d-----w- c:\program files\Philips
2010-03-14 20:31 . 2010-03-14 20:46 -------- d-----w- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 19:40 . 2006-03-02 11:00 83652 ----a-w- c:\windows.0\system32\perfc005.dat
2010-04-10 19:40 . 2006-03-02 11:00 440316 ----a-w- c:\windows.0\system32\perfh005.dat
2010-04-07 20:57 . 2004-12-30 11:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 12:06 . 2010-03-06 11:23 104283 ----a-w- c:\windows.0\hpoins04.dat
2010-02-27 20:17 . 2010-02-27 20:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-27 20:17 . 2010-02-27 20:17 691696 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2010-02-27 20:01 . 2010-02-27 20:01 108144 ----a-w- c:\windows.0\system32\CmdLineExt.dll
2010-02-27 19:06 . 2007-11-16 18:19 -------- d-----w- c:\program files\Google
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\USB TV
2010-02-27 18:09 . 2004-12-30 12:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-27 18:02 . 2010-02-27 18:02 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-02-27 17:51 . 2009-09-28 18:06 -------- d-----w- c:\program files\Winamp
2010-02-27 17:44 . 2009-09-28 17:25 -------- d-----w- c:\program files\IrfanView
2010-02-27 17:18 . 2010-02-27 17:18 -------- d-----w- c:\program files\Vimicro
2010-02-27 16:40 . 2010-02-27 16:40 -------- d-----w- c:\program files\Alwil Software
2010-02-27 16:36 . 2004-12-30 12:34 -------- d-----w- c:\program files\ACD Systems
2010-02-27 16:04 . 2010-02-27 15:52 -------- d-----w- c:\program files\Your Uninstaller
2010-02-25 06:18 . 2006-03-02 11:00 916480 ------w- c:\windows.0\system32\wininet.dll
2010-02-04 09:01 . 2010-02-27 19:40 74072 ----a-w- c:\windows.0\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-27 19:40 528216 ----a-w- c:\windows.0\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 238936 ----a-w- c:\windows.0\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 22360 ----a-w- c:\windows.0\system32\X3DAudio1_7.dll
2005-10-01 20:37 . 2005-10-01 20:37 21893536 ----a-w- c:\program files\AdbeRdr70_cze_full.exe
2005-10-01 19:54 . 2005-10-01 19:54 12139928 ----a-w- c:\program files\AdbeRdr60_cze.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
[-] 2007-11-15 . 6C19977562424D6FF61CFCA59B6B67D6 . 1548288 . . [5.1.2600.2180] . . c:\windows.0\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2009-10-04 589824]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BigDog305"="c:\windows.0\VM305_STI.EXE" [2007-04-09 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-2-27 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-3-14 1701224]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 11:00 15360 ------w- c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows.0\system32\drivers\aswSP.sys [27.2.2010 18:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [27.2.2010 18:41 20560]
S0 sptd;sptd;c:\windows.0\system32\drivers\sptd.sys [27.2.2010 22:17 691696]
S3 eylhgqno;eylhgqno;\??\c:\windows.0\System32\Drivers\eylhgqno.sys --> c:\windows.0\System32\Drivers\eylhgqno.sys [?]
S3 otigsizt;otigsizt;\??\c:\windows.0\System32\Drivers\otigsizt.sys --> c:\windows.0\System32\Drivers\otigsizt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xldzdmvz;xldzdmvz;\??\c:\windows.0\System32\Drivers\xldzdmvz.sys --> c:\windows.0\System32\Drivers\xldzdmvz.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows.0\system32\drivers\usbVM305.sys [27.2.2010 19:19 391688]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\Mozilla\Firefox\Profiles\rio1y4o0.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 14:39
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows.0\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)?????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows.0\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(696)
c:\windows.0\system32\msi.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-11 14:42:19
ComboFix-quarantined-files.txt 2010-04-11 12:42
ComboFix2.txt 2010-04-11 07:58

Před spuštěním: 2 526 625 792
Po spuštění: 2 555 531 264

- - End Of File - - 91C2B1BD2B8706D585CA6E67A5232618

[Aneta87]

############################## | UsbFix V6.102 |

User : Hruškovi (Administrators) # HRU-B98B4D53D62
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:44:46 | 11.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 2800+
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100411-0] 4.8.1368 [ Enabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 108,4 Go (2,4 Go free) [System] # NTFS
D:\ -> Místní pevný disk # 3,38 Go (3,34 Go free) [Swap] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Místní pevný disk # 186,3 Go (95,73 Go free) [Nový svazek] # NTFS
G:\ -> Vyměnitelný disk # 983,7 Mo (420,03 Mo free) # FAT
H:\ -> Vyměnitelný disk # 1,86 Go (1,48 Go free) # FAT
I:\ -> Vyměnitelný disk # 7,52 Go (464,3 Mo free) [DIESEL] # FAT32

################## | Files # Infected Folders |

I:\GROMOVI\desktop.ini
I:\GROMOVI

################## | Registry |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Vaccin |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# I:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | ! End of report # UsbFix V6.102 ! |

[motji]

Ještě se zeptám, jedná se o jiný počítač než v tomto topicu?
viewtopic.php?f=13&t=99922&p=843051#p843051

[Aneta87]

sken provádím na počítači, ze kterého píši. akorát RSIT bylo provedeno ráno,neboť jsem to řešila dříve.

[Aneta87]

ted jsem to pochopila . ano jedna se o ten samý počítač. řešili jsme to s Vaším kolegou, ale delší dobu není online, tak jsem požádala o pomoc znovu, protože bych to potřebovala dnes dovyléčit. díky za pochopeni

[motji]

Dobře, ještě chvilku vydržte, kouknu co jste s kolegou dělali. Ale příště prosím nový topic nezakládejte, takto pak nevidím, co se s pc dělalo. Pokud to potřebujete dořešit, příště napište rádci, který je online

[Aneta87]

jeste jsem jen chtela podotkonout, ze ten Topic se týká nejprve jinéoh počítače a až na poslední stránce se řeší tento počítač:-)

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

File::
c:\windows.0\System32\Drivers\eylhgqno.sys
c:\windows.0\System32\Drivers\otigsizt.sys
c:\windows.0\System32\Drivers\xldzdmvz.sys
e:\ntglm7x.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Driver::
xldzdmvz
otigsizt
eylhgqno
SetupNTGLM7X

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Aneta87]

jak mam vypnout rezidencni stit u avastu? ikonku mam jen na plose a tam mi nevyjizdi nabidka na vypnuti.

[motji]

Pokud nemáte ikonku u hodin, měl by být vypnutý. Pokud combofix hlásí, že není, ignorujte ho

[Aneta87]

ComboFix 10-04-10.02 - Hruškovi 11.04.2010 15:28:45.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.607 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100411-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows.0\System32\Drivers\eylhgqno.sys"
"c:\windows.0\System32\Drivers\otigsizt.sys"
"c:\windows.0\System32\Drivers\xldzdmvz.sys"
"e:\ntglm7x.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_eylhgqno
-------\Service_otigsizt
-------\Service_SetupNTGLM7X
-------\Service_xldzdmvz


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 20:39 . 2010-03-29 22:46 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-04-10 20:39 . 2010-04-10 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 20:39 . 2010-03-29 22:45 20824 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-04-10 19:52 . 2010-04-11 12:45 -------- d-----w- C:\UsbFix
2010-04-10 19:13 . 2010-04-10 19:14 -------- d-----w- C:\rsit
2010-04-10 19:13 . 2010-04-10 19:13 -------- d-----w- c:\program files\trend micro
2010-04-07 20:57 . 2010-04-07 20:57 -------- d-----w- c:\program files\Traction Software
2010-04-03 15:50 . 2010-04-03 15:50 151552 --sh--r- c:\windows.0\Windows3.exe
2010-03-21 18:22 . 2010-02-12 10:03 293376 ------w- c:\windows.0\system32\browserchoice.exe
2010-03-14 20:49 . 2010-03-14 20:49 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 20:48 . 2010-03-14 21:28 -------- d-----w- c:\windows.0\system32\drivers\UMDF
2010-03-14 20:48 . 2010-03-14 20:48 -------- d-----w- c:\windows.0\system32\LogFiles
2010-03-14 20:33 . 2010-03-14 20:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-14 20:31 . 2010-03-14 20:31 -------- d-----w- c:\program files\Philips
2010-03-14 20:31 . 2010-03-14 20:46 -------- d-----w- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 19:40 . 2006-03-02 11:00 83652 ----a-w- c:\windows.0\system32\perfc005.dat
2010-04-10 19:40 . 2006-03-02 11:00 440316 ----a-w- c:\windows.0\system32\perfh005.dat
2010-04-07 20:57 . 2004-12-30 11:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 12:06 . 2010-03-06 11:23 104283 ----a-w- c:\windows.0\hpoins04.dat
2010-02-27 20:17 . 2010-02-27 20:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-27 20:17 . 2010-02-27 20:17 691696 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2010-02-27 20:01 . 2010-02-27 20:01 108144 ----a-w- c:\windows.0\system32\CmdLineExt.dll
2010-02-27 19:06 . 2007-11-16 18:19 -------- d-----w- c:\program files\Google
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\USB TV
2010-02-27 18:09 . 2004-12-30 12:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-27 18:02 . 2010-02-27 18:02 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-02-27 17:51 . 2009-09-28 18:06 -------- d-----w- c:\program files\Winamp
2010-02-27 17:44 . 2009-09-28 17:25 -------- d-----w- c:\program files\IrfanView
2010-02-27 17:18 . 2010-02-27 17:18 -------- d-----w- c:\program files\Vimicro
2010-02-27 16:40 . 2010-02-27 16:40 -------- d-----w- c:\program files\Alwil Software
2010-02-27 16:36 . 2004-12-30 12:34 -------- d-----w- c:\program files\ACD Systems
2010-02-27 16:04 . 2010-02-27 15:52 -------- d-----w- c:\program files\Your Uninstaller
2010-02-25 06:18 . 2006-03-02 11:00 916480 ------w- c:\windows.0\system32\wininet.dll
2010-02-04 09:01 . 2010-02-27 19:40 74072 ----a-w- c:\windows.0\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-27 19:40 528216 ----a-w- c:\windows.0\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 238936 ----a-w- c:\windows.0\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 22360 ----a-w- c:\windows.0\system32\X3DAudio1_7.dll
2005-10-01 20:37 . 2005-10-01 20:37 21893536 ----a-w- c:\program files\AdbeRdr70_cze_full.exe
2005-10-01 19:54 . 2005-10-01 19:54 12139928 ----a-w- c:\program files\AdbeRdr60_cze.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
[-] 2007-11-15 . 6C19977562424D6FF61CFCA59B6B67D6 . 1548288 . . [5.1.2600.2180] . . c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_07.53.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 13:46 . 2010-04-11 13:46 16384 c:\windows.0\Temp\Perflib_Perfdata_4e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2009-10-04 589824]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BigDog305"="c:\windows.0\VM305_STI.EXE" [2007-04-09 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-2-27 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-3-14 1701224]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 11:00 15360 ------w- c:\windows.0\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 sptd;sptd;c:\windows.0\system32\drivers\sptd.sys [27.2.2010 22:17 691696]
R1 aswSP;avast! Self Protection;c:\windows.0\system32\drivers\aswSP.sys [27.2.2010 18:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [27.2.2010 18:41 20560]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows.0\system32\drivers\usbVM305.sys [27.2.2010 19:19 391688]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\Mozilla\Firefox\Profiles\rio1y4o0.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 15:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows.0\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)?????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8656D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7630fc3
\Driver\ACPI -> ACPI.sys @ 0xf73a8cb8
\Driver\atapi -> 0x8656d1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf720ebc3
PacketIndicateHandler -> NDIS.sys @ 0xf721ab21
SendHandler -> NDIS.sys @ 0xf720ed33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1600)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows.0\system32\msi.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows.0\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2010-04-11 15:53:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-11 13:53
ComboFix2.txt 2010-04-11 12:42
ComboFix3.txt 2010-04-11 07:58

Před spuštěním: 2 556 342 272
Po spuštění: 2 410 708 992

- - End Of File - - 580EFCF2A54D82BF90DD3F26701F7E0F