problem z New Heur_Pe virus

[vukov]

zdravim mam proble z virem New Heur_Pe nasel mi ho nod32 a neumi ho lecit prosim o pomoc


Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2011-07-21 16:41:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 108 GB (71%) free of 153 GB
Total RAM: 1022 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:38, on 21.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IOI\IOI\ButtonMonitor.exe
C:\Program Files\Eset\UpdateReminder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Kuba\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage&s= ... Terms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 7069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1677128483-1801674531-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1677128483-1801674531-1006UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\3fp4c4o9.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz"
prefs.js - "extensions.enabledItems" - "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
prefs.js - "keyword.URL" - "http://www.crawler.com/search/dispatche ... 60327&qkw="

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\PROGRA~1\Crawler\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\3fp4c4o9.default\extensions\
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

C:\Documents and Settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\3fp4c4o9.default\searchplugins\
crawlersrch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-06-25 1241552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll [2010-05-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-06-25 1241552]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll [2010-05-14 163840]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-25 949376]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"ButtonMonitor"=C:\Program Files\IOI\IOI\ButtonMonitor.exe [2007-01-30 53248]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2011-07-18 462848]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-08-31 2770760]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2011-07-16 2957824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [2010-12-20 233936]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2011-07-21 16:41:28 ----D---- C:\Program Files\trend micro
2011-07-21 16:41:27 ----D---- C:\rsit
2011-07-19 15:53:18 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-19 15:50:33 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-07-19 15:50:28 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-07-16 18:03:16 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-07-14 17:22:26 ----D---- C:\Fotky
2011-07-13 22:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 22:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 21:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-30 21:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-30 21:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-30 21:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-30 21:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-30 21:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-26 09:41:31 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-06-26 09:41:30 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 month======

2011-07-21 16:41:35 ----D---- C:\WINDOWS\Prefetch
2011-07-21 16:41:28 ----RD---- C:\Program Files
2011-07-21 15:51:15 ----D---- C:\WINDOWS\Temp
2011-07-19 15:58:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-19 15:58:46 ----SD---- C:\WINDOWS\Tasks
2011-07-19 15:57:18 ----D---- C:\Program Files\Eset
2011-07-19 15:54:16 ----D---- C:\WINDOWS\system32
2011-07-19 15:53:47 ----D---- C:\Documents and Settings
2011-07-19 15:53:18 ----D---- C:\WINDOWS
2011-07-19 15:52:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 15:51:43 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Spyware Terminator
2011-07-19 15:50:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-19 15:50:36 ----D---- C:\WINDOWS\system32\drivers
2011-07-18 23:04:36 ----SD---- C:\Documents and Settings\Kuba\Data aplikací\Microsoft
2011-07-17 08:45:47 ----D---- C:\WINDOWS\Debug
2011-07-16 18:55:44 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-16 18:03:19 ----D---- C:\Program Files\Spyware Terminator
2011-07-14 17:03:06 ----HD---- C:\WINDOWS\inf
2011-07-13 22:26:53 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 21:00:10 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-03 11:36:29 ----D---- C:\Program Files\Mozilla Firefox
2011-06-30 21:48:58 ----D---- C:\WINDOWS\system32\cs-cz
2011-06-30 21:48:58 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-06-25 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-06-25 512096]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-06-25 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-08-31 2317128]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2011-07-16 1097216]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[cernohous13]

Zdravím,

zajímavější než jméno viru by byl údaj o napadeném souboru s kompletní cestou

[vukov]

napsalo mi to tohle c:\windows\explorel.exe

[cernohous13]

Stáhni si ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[vukov]

ComboFix 11-07-22.01 - Kuba 22.07.2011 15:58:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.567 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodssafe.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 08:11 . 2011-07-22 08:11 -------- d-----w- c:\windows\LastGood
2011-07-22 08:10 . 2011-07-22 08:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-07-21 14:41 . 2011-07-21 14:41 -------- d-----w- c:\program files\trend micro
2011-07-21 14:41 . 2011-07-21 14:41 -------- d-----w- C:\rsit
2011-07-19 23:44 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{44BFE8DD-23B6-4297-B4E4-985908BE24F9}\mpengine.dll
2011-07-19 13:53 . 2011-07-19 13:53 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 13:50 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-07-19 13:50 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-07-19 13:50 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-07-19 13:50 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-07-18 17:04 . 2011-07-18 17:04 -------- d-----w- c:\documents and settings\Marketa\Local Settings\Data aplikací\Ahead
2011-07-16 16:03 . 2011-07-16 16:03 138752 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-14 15:22 . 2011-07-14 15:39 -------- d-----w- C:\Fotky
2011-07-03 09:35 . 2011-07-03 09:35 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 09:35 . 2011-07-03 09:35 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-26 07:41 . 2001-10-24 10:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-06-26 07:41 . 2008-04-14 06:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 07:55 . 2009-06-25 20:57 16608 ----a-w- c:\windows\gdrv.sys
2011-06-07 15:55 . 2011-01-15 14:52 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2011-01-15 14:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:32 . 2009-06-25 20:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-07-03 09:35 . 2011-05-16 05:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"ButtonMonitor"="c:\program files\IOI\IOI\ButtonMonitor.exe" [2007-01-30 53248]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-08-30 2770760]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2011-07-16 2957824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16.7.2011 18:03 138752]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [25.6.2009 23:09 80392]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [31.8.2010 0:25 2317128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.10.2010 17:40 27064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - EAMON
*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN
*NewlyCreated* - EPFWTDIR
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-07-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\3fp4c4o9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
? [20904]
? [25456]
? [25908]
? [26240]
? [26252]
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="65820750E721AC84E7A9F616146A9CB70AB3F64BA43DD629B4B6F4A097EFEDDC9203770AEF56CBED58E077BD43A308F41795C179CC9CDB3A1DBB70A822941DBBE96C744BE4C250812EBAA33292DDC441E1F5688ADD8E42D2E2C9F2C19530C9F62C9E0028A663646813D831751E697C421DDDF28DC95A55B5626DF126DF9F800C7D4B23AABB4A727C9233D7FDA22F1DCF5E29E885285BA257580A68868FD18F2DE678684FCA9AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14079DB7CE019D40AA5C8EDD5E5BE2F6E6677359E2EA9E3A3B0DE3625FBA3AB5902FB6D8E3D16D6C32B7870D17744C914E58081E04C80DFA6F413CBFCAC2CE5476304D4B64DC7296A053E3A6781D7DDB2C7B1A7AB67294727615753253597D513E817C5307D4394F70B24C241A3AA9B1F71B4F9A1143478AB4727624DA7FE7E26C428ABB91819536D94609CA4FF3F5C2C7A091DF1069BB9F38D56AB4A485B632A32285FCB3F861633C95A6914E488B2FD085106112E40E7FB1CEBE35D893165C2D673C48FE26F8E018B9782633869711ED59BC675B0C5A707382A92E8423B470F4EA438067C9BCAA15619069F9D44DF19EBFCC6F1289C52A74A720D79785C6750E1A72BC48F71035FBCFCB6E072BE1D105EE3B2BC2D9F456538CDC23E6DA84E3AB75E64A5C18DDE5B95AC3FE9E568EA2E8B4C5015CD01418CE8FE0B0AA9B2829281401A6C766121562EA5C186DF711CBB4EDEE893212D0814AA5EE58FE1271A4009DE2860EF09C13AA0139E780032B28F68EFB137B175E1CCDD70DA2E45D252E52CFF5501A1DF220EC2D435549C1A287639E789D553073E206C08750C0EF0B0CE5FA66A138A28CF32618297721D041ABCFB832DFBCFD4A45C1136D535A8F6DFC2386A4C81A0DE7B679F95B9C402154CC390B3A4416F42228751111D0DD581D31976A6548553C0488AB220E4345F6AC953CDAE6E529603CE3B89389255DB8EDCD72B41E5963E2677927723C21336AA1259D7ED318A05D6144C78733DE4B7336EC8A850EE6210B1811FA61A09DEF698C8DC1E15EE00D5DD989036BACBE8120D11AD691B390CF0EA4C7D678BED646B5C9D7B68328F7612876E56E5658BCBB27A156762553A8169D9D0D12585B1CE3E0BCFCA87718CB73D4890430EDDE831ACA0998281B7638FB3C17C2A6307E73DCD64AEC6C63D8FE80D2E7FE16EFA9EFA19A6EC7D2E4E6FA70C12A3E3148F492A553DB0BF704D66428636D658E2C6996BAFEBEC17E88375E435A72C975F952E819665EAD66A8C4086C1D793D2F868F3C31B1E857571FB8882B0712A358B3E816F675C4207634192635E8ED7E2EF8555D3643614E2FD507504099ADFDE278546DDF3905210B9E0F314E043213688D35A6"
"OODEFRAG14.00.00.01PROFESSIONAL"="06CC977DD3651CF76B21A3F5DD0B01E3E7B66B17E5215D6A242666252BCCB0B8923A4FA3F80F326A20DF49F2632935CF716A90308CBF29FC332AC072795EA027F34EA253F93D6D599B1A12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74C9DB7CE019D40AA5CD5CEBC309131670FDB9EC1988394472B4DFBEF95DDE6B229DAD68842A9F399C535E6F80898541193161BA5B63C5E8E611D060BAE00A165296FEE251CFDF32013395EAB421D17240B72CC26D302DDA45E74D43DDE517267726A7971C7BCA1DB857E7F9051E738FC7F6F51073C937304575CF478E9247F710576972F206E026102F51D55CB56402BDEE2C906DDC44758E2ABFB2639E32CED3F926C1228305BF652E10A9AE9DB7673FBF45CD14CFBC206FB91FDA2560AA679E4129F4583B3BB18A45B20780BFEE8CF0EA3B28BBE35939F811097BB7328DC68209BDC657B3E71F5884CBB78AF5967EAAD3EFA4C0F7F2BF039FCE538E2E181407CA95381FA29127274F53D17FE1A87265B6AE51EBCFEC17648018C4F9BF08CBCEA0BB7A0966274A542EB8AC74202A496F621A8016AE950E1BB9AB12B3C20394BBE6240BA806A365A2E168AF0E6E75904492FFE665F0B1519811B00ED03CF068E31262A3E92553711DAAEAA6A003786EAFAB4A4B606C292B46E29262B5475B5DCDF223489C94E9AFC4D485C0543EC537C1C265BCBED040E82B83E57EAB698D14248742275C712C806EE4412800A9C279C1E4DE9F5495692057B28C929D7D4227B500FBB474FF16F478B5BC715526AB16357C61977EED46EF037873855885CB87B403B4C3E4A527C10D69977E9BD12E01E8203B6075B2E332FCF546053B9F067694611240AC62E26E465DE222092636BCDBC479551ABA736DE0BD6877C05EC449F6F0116D0F391E2FAB05DCCC73BBCCA268A2B8973249514D095ACF11CA5BBAC2C334D7AAB289D6F41959F01674518BC10529C6D01A96528897DC7E9F27CDCBE52670D2DA6DA884C54567E4AF8E17E3F285C5C9D02491517C4B7EE40338DE65D08CAA98C43AA9A3E8998ABB96A678C9B3ED7FE7D70303944ED1BBA4506FE7FB0F77C63FCF65632CB67E329639ED0F658D6D7EC713B33F75D27E219D1099E642201014D67AA45BF41A9A651616A3A03C32C53E26346C78D4DC6ADCCBFC8DAE562B4414C353AFEC8B040B3CD4E98E60BEDA8A27342E7894847D480EAECCBC868E35A871D58F730E6EC4E3E1F4CE6BC7D2CED85807D6BB68C4211C1DD3D8A1F625E6C874E42A82AC60D2B60990087C3DB19D01FC48C0FB151786A3DE116EE3B63CC9954C06B05E1A96F63196491202CBC10D8F3CCE78783A0E6882289E25A9C88EDC3652D503BEF6632B548FB2DCBC64B"
.
Celkový čas: 2011-07-22 16:04:08
ComboFix-quarantined-files.txt 2011-07-22 14:04
.
Před spuštěním: Volných bajtů: 112 755 679 232
Po spuštění: Volných bajtů: 113 672 155 136
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 20B0C2EA9FC54A1DBBCD04E754951B4A

[cernohous13]

ComboFix ten nález nepotvrdil

Ještě jedna kontrola

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nech spuštěný

[vukov]

asi tam nic neni co?

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.7.2011 9:43:45
mbam-log-2011-07-25 (09-43-45).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 220946
Uplynulý čas: 18 minut, 45 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[cernohous13]

napsalo mi to tohle c:\windows\explorel.exe

jsi si jistý, že to je přesný název souboru, nebo se jedná o překlep?

[vukov]

tohle mi to napsalo proto se mi to zdalo podezrele

[cernohous13]

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
explorel.exe
explorer.exe

Klik na Look a po scanu sem zkopíruj výsledek hledání