kontrola logu

[nandor]

Prosím o kontrolu logu.(zavirování)Díky moc. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:46, on 28.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
E:\INSTAL\TrojanHunter 5.3\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\INSTAL\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
E:\Orbitdownloader\orbitdm.exe
C:\WINDOWS\System32\svchost.exe
E:\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\drivers\svtanegar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.humlak.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\INSTAL\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] E:\Downloads\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [THGuard] "E:\INSTAL\TrojanHunter 5.3\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\INSTAL\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Orbit.lnk = E:\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\INSTAL\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\INSTAL\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABDC1272-0810-4CE5-9697-24EA9355FB52}: NameServer = 1.1.1.1,1.1.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: sv_taneg (svtaneg) - Unknown owner - C:\WINDOWS\system32\drivers\svtanegar.exe

--
End of file - 9945 bytes

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\INSTAL\SPYBOT~1\SDHelper.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\INSTAL\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NBService - Nero AG

NMIndexingService

sv_taneg

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[nandor]

Tak tady je ten log ComboFix 11-01-28.03 - nandor 29.01.2011 17:27:58.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1508 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nandor\Data aplikací\BITS
c:\documents and settings\nandor\Data aplikací\BITS\BITS.ini
c:\documents and settings\nandor\Data aplikací\BITS\UPnP.ini
c:\documents and settings\nandor\Data aplikací\Desktopicon
c:\documents and settings\nandor\Data aplikací\Desktopicon\eBay.ico
c:\documents and settings\nandor\Data aplikací\Desktopicon\uninst.exe
c:\windows\keys.ini
c:\windows\system32\drivers\rdiwmrdgyd.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\lowsec
c:\windows\system32\tmp.tmp . . . . nemohl být smazán

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_frmkhdwgtavwg
-------\Service_SPService


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-29 16:37 . 2011-01-29 16:37 0 ----a-w- c:\windows\system32\tmp.tmp
2011-01-27 19:22 . 2011-01-27 19:22 18300 ----a-w- c:\windows\system32\MAI15.tmp
2011-01-27 19:21 . 2011-01-27 19:21 18300 ----a-w- c:\windows\system32\MAI12.tmp
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-24 12:25 . 2011-01-26 11:41 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\xgjnjvcluardzhfupzkaxoxruurkryvv2
2011-01-14 18:14 . 2011-01-15 09:50 -------- d-----w- c:\program files\TubeSucker
2011-01-14 11:29 . 2010-10-16 23:50 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 18:05 . 2010-12-16 18:05 41984 ----a-w- c:\windows\system32\mtpluqau.dll
2010-12-01 17:45 . 2010-12-01 17:45 121344 ----a-w- c:\windows\system32\drivers\svtanegar.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"TrojanScanner"="e:\downloads\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"THGuard"="e:\instal\TrojanHunter 5.3\THGuard.exe" [2010-03-15 1068192]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mtpluqau.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.11.2010 18:43 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.11.2010 18:43 17744]
R2 svtaneg;sv_taneg;c:\windows\system32\drivers\svtanegar.exe [1.12.2010 18:45 121344]
S0 jvabmpwa;jvabmpwa;c:\windows\system32\drivers\ojkpldvc.sys --> c:\windows\system32\drivers\ojkpldvc.sys [?]
S0 rebasoze;rebasoze;c:\windows\system32\drivers\ipoggouzaekzqnr.sys --> c:\windows\system32\drivers\ipoggouzaekzqnr.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.1.2011 12:45 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [7.2.2009 7:45 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [8.2.2009 18:17 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-eBay Icon - c:\documents and settings\nandor\Data aplikací\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 17:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7720)
c:\program files\ASUS\ASUS MultiFrame\HookTitle.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\acs.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\orbitdownloader\orbitnet.exe
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-01-29 17:42:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-29 16:42

Před spuštěním: 2 400 956 416
Po spuštění: 2 256 982 016

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E1469B852FB2EC9B908352D768B9B90E

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

KillAll::

File::  
c:\windows\system32\tmp.tmp
c:\windows\system32\MAI15.tmp
c:\windows\system32\MAI12.tmp
c:\windows\system32\mtpluqau.dll
c:\windows\system32\drivers\svtanegar.exe
c:\windows\system32\drivers\ojkpldvc.sys
c:\windows\system32\drivers\ipoggouzaekzqnr.sys
c:\program files\Common Files\AskToolbarInstaller.exe

Folder::
c:\documents and settings\NetworkService\Data aplikací\xgjnjvcluardzhfupzkaxoxruurkryvv2

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Driver::
svtaneg
jvabmpwa
rebasoze

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[nandor]

Zdravím,tak tady to je. ComboFix 11-01-28.03 - nandor 31.01.2011 8:58.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1442 [GMT 1:00]
Spuštěný z: c:\documents and settings\nandor\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\nandor\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\windows\system32\drivers\ipoggouzaekzqnr.sys"
"c:\windows\system32\drivers\ojkpldvc.sys"
"c:\windows\system32\drivers\svtanegar.exe"
"c:\windows\system32\MAI12.tmp"
"c:\windows\system32\MAI15.tmp"
"c:\windows\system32\mtpluqau.dll"
"c:\windows\system32\tmp.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Data aplikací\xgjnjvcluardzhfupzkaxoxruurkryvv2
c:\program files\Common Files\AskToolbarInstaller.exe
c:\windows\system32\drivers\svtanegar.exe
c:\windows\system32\MAI12.tmp
c:\windows\system32\MAI15.tmp
c:\windows\system32\mtpluqau.dll
c:\windows\system32\tmp.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVTANEG
-------\Service_jvabmpwa
-------\Service_rebasoze
-------\Service_svtaneg


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 06:50 . 2011-01-31 06:50 -------- d-----w- c:\program files\MSBuild
2011-01-31 06:49 . 2011-01-31 06:49 -------- d-----w- c:\program files\Reference Assemblies
2011-01-31 06:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 06:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 06:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 06:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 06:28 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-31 06:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-31 06:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-31 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-31 06:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-31 06:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-31 06:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-01-27 18:30 . 2011-01-27 18:30 -------- d-----w- c:\documents and settings\nandor\Data aplikací\TrojanHunter
2011-01-27 17:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-27 17:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-27 17:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-27 17:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-27 17:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\nandor\Data aplikací\Simply Super Software
2011-01-27 17:35 . 2011-01-27 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Simply Super Software
2011-01-14 18:14 . 2011-01-15 09:50 -------- d-----w- c:\program files\TubeSucker
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
2011-01-08 17:04 . 2011-01-08 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-12 17:42 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-12 17:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-12 17:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-12 17:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-12 17:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-12 17:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-12 17:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-12 17:43 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-12 17:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 17:04 . 2009-07-08 19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2009-02-06 09:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2001-10-25 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2009-02-06 10:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-02-07 10:45 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-10-05 14:42 . 2010-03-04 18:28 4345856 ----a-w- c:\program files\mplayerc.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\ASUS MultiFrame\MultiFrame.exe" [2007-02-09 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2006-12-07 1143152]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"TrojanScanner"="e:\downloads\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"THGuard"="e:\instal\TrojanHunter 5.3\THGuard.exe" [2010-03-15 1068192]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - e:\orbitdownloader\orbitdm.exe [2010-4-3 1805584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Orbitdownloader\\orbitdm.exe"=
"e:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9533:TCP"= 9533:TCP:spport

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.11.2010 18:43 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.11.2010 18:43 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.1.2011 12:45 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 29192]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [7.2.2009 7:45 39408]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 25480]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [8.2.2009 18:17 10343168]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 12:30]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 11:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://intranet.humlak.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - e:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: {ABDC1272-0810-4CE5-9697-24EA9355FB52} = 1.1.1.1,1.1.1.254
FF - ProfilePath - c:\documents and settings\nandor\Data aplikací\Mozilla\Firefox\Profiles\rk4yqje9.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet humlak.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 09:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,47,02,a4,c5,3c,7c,6a,02,3e,6e,58,d0,99,0c,dd,3d,2b,f5,5c,1d,
0d,9e,f8,ea,a0,76,d5,fa,f0,7c,f1,3d,d5,a1,73,1a,1b,6c,39,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f95f2818-c96c-4450-919f-768380b43164}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,87,ab,43,49,75,27,93,27,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3584)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\ASUS\ASUS MultiFrame\HookTitle.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
e:\orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Celkový čas: 2011-01-31 09:09:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-31 08:09
ComboFix2.txt 2011-01-29 16:42

Před spuštěním: 1 886 158 848
Po spuštění: 1 905 668 096

- - End Of File - - BCF599B6720ADF16EEBD1F7995A24107

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[nandor]

PC běhá v pohodě,díky moc.Když dělám sken registru(CCleaner)tak se ptá vytvořit zálohu ano ne.Co potvrdit? Ted mě to našlo docela hodně chyb,mám je opravit?mě se zdá jestli to nejsou ty co se smazali přitom celém procesu.Nebo to mám nechat být?

[Roli]

Záloha není nikdy od věci a pokud po několika dnech nezjistíš problém klidně jí smázni.

Jinak není zač.