total zpomalene PC

[dokken]

nevim co driv, litaj mi postupy hlavou, mrknete

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:48, on 19.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\imPlayok.exe
C:\WINDOWS\updated7.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\SyncMan.exe
C:\WINDOWS\system32\xgxhstkb.exe
C:\WINDOWS\system32\CsimPlayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Racek\imPlayok.exe
C:\Documents and Settings\Racek\reader_s.exe
C:\Documents and Settings\Racek\SyncMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Racek\Data aplikací\Microsoft\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\BORDEL\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [imPlayok] C:\WINDOWS\system32\imPlayok.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe
O4 - HKLM\..\Run: [svschost] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [window.exe] C:\WINDOWS\system32\windwo.exe
O4 - HKLM\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Run: [WinFix service] xgxhstkb.exe
O4 - HKLM\..\Run: [Intel i386] C:\DOCUME~1\vokurka\LOCALS~1\Temp\gsf28\servces.exe
O4 - HKLM\..\Run: [CsimPlayer] C:\WINDOWS\system32\CsimPlayer.exe
O4 - HKLM\..\RunServices: [WinFix service] xgxhstkb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\Racek\imPlayok.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Racek\reader_s.exe
O4 - HKCU\..\Run: [SyncMan] C:\Documents and Settings\Racek\SyncMan.exe
O4 - HKCU\..\Run: [svchost.exe] C:\Documents and Settings\Racek\Data aplikací\Microsoft\svchost.exe
O4 - HKCU\..\Run: [av_md] C:\Documents and Settings\Racek\av_md.exe
O4 - HKCU\..\Run: [CsimPlayer] C:\Documents and Settings\Racek\CsimPlayer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\winupd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{782162F7-3366-4B2C-916B-037F1C78E488}: NameServer = 10.1.1.1,82.100.17.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7506 bytes

[dokken]

tak se mi povedlo po utrapach spustit ComboFix, zda se ze procistil hrubej marast, pac PC se znatelne zrychlilo, takze posilam novy log z HJ na zbytek..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:59, on 19.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\xgxhstkb.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
G:\1_FIRST_ATTACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinFix service] xgxhstkb.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunServices: [WinFix service] xgxhstkb.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{782162F7-3366-4B2C-916B-037F1C78E488}: NameServer = 10.1.1.1,82.100.17.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5181 bytes

[motji]

Dobrý večer
parádně zavirované pc, předpokládám, že jste si spustil nějaký soubor zavirovaný .

Můžu vidět log z combofixu? Hodně toho smazal, něco tam ještě zůstalo. Hlavně mě zajímá, zda nejsou napadené některé systémové soubory.

A pro příště prosímnespouštějte combofix na vlastní pěst - můžete Vám poškodit systém, navíc nesmaže všechno, je potřeba občas něco dočistit

[dokken]

CF jsem uz odinstaloval i slogem...odkdy maze CF systemove soubory?

[motji]

I combofix má své bugy , občas, není to tak dávno co mazal atapi.sys - pc už nenabootovalo .

Takže Vás poprosím spustte combofix znovu, protože havět tam zůstala , a taky mi ukáže, zda nejsou infikované systémové soubory.
V logu jde vidět soubor, který patří virutu - ale taky být od něj nemusí, doufám .
Můžu vědět, kde jste k tomu přišel?

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech


Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[dokken]

ComboFix 10-03-18.02 - Racek 19.03.2010 21:35:20.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.178 [GMT 1:00]
Spuštěný z: c:\documents and settings\Racek\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 19:19 . 2010-03-19 19:19 -------- d-----w- c:\windows\system32\cs-cz
2010-03-19 17:56 . 2010-03-19 18:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-19 17:24 . 2008-01-07 13:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-03-19 17:15 . 2010-03-19 17:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-19 17:14 . 2010-03-19 17:14 -------- d-----w- C:\totalcmd
2010-03-19 17:07 . 2010-03-19 17:07 -------- d-----w- c:\windows\system32\oodag
2010-03-19 17:04 . 2010-03-19 17:04 -------- d-----w- c:\program files\OO Software
2010-03-19 16:53 . 2010-03-19 16:53 -------- d-----w- c:\program files\CCleaner
2010-03-19 16:27 . 2010-03-19 16:27 -------- d-----w- c:\program files\Belkin
2010-03-19 15:42 . 2010-03-19 15:45 -------- d-----w- c:\program files\Your Uninstaller 2004
2010-03-19 15:13 . 2010-03-19 15:13 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-03-19 13:46 . 2010-03-19 13:46 307200 ----a-w- c:\windows\IsUninst.exe
2010-03-07 19:00 . 2010-03-07 21:02 -------- d-----w- c:\program files\Alex Kočičák
2010-03-07 14:20 . 2010-03-07 15:09 -------- d-----w- c:\program files\Veselá kuřata
2010-03-05 17:19 . 2010-03-05 17:19 -------- d-----w- c:\program files\Alenka 2 - Kouzelná země
2010-02-23 14:45 . 2010-03-17 20:12 212736 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-02-18 14:01 . 2010-02-14 13:16 64000 --sh--r- c:\windows\updated7.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 17:20 . 2006-11-13 18:38 -------- d-----w- c:\program files\ESET
2010-03-19 17:15 . 2007-02-15 19:54 -------- d-----w- c:\program files\Java
2010-03-19 16:28 . 2006-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 23:08 . 2001-10-25 12:00 14336 ------w- c:\windows\system32\svchost.exe
2010-01-22 16:42 . 2010-01-22 16:42 28160 ----a-w- c:\windows\system32\msload32.exe
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 9E071B24A998A9F328503A538C7439F5 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 176128 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-27 07:55 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-24 19:48 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\v8120\\DMMultiView\\MultiView.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2008 14:15 691696]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-16 c:\windows\Tasks\FRU Task 1601-01-01 00:00ewlett-Packard1601-01-01 00:00p psc 1200 series!HASH: COULD NOT OPEN FILE !!!!!251737149.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {782162F7-3366-4B2C-916B-037F1C78E488} = 10.1.1.1,82.100.17.161
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 21:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1ED7CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CBA7FD869164D6794B7E9A941A52A203933918841F36C98B49E12AF837C8842767E6AFA62E0862773ABED5A4E0F6AEBAC6B7C2EBB76768CE0D5C4ED1E1FF5F7CE12202D6D08A0EF8BDCF3624959023D6061AC051A647EB9BC61C0F8D1725E1D40ADCACFB3646D28C1EE2C4BB1A8A7157CBFC4465177FC5BBB11BA572F62984AA165D1D37D38C465F5DB4D15A9B356A00C036B9E807AADDE3006E901EB72C1C733A19B1FB9DA45EF71EF903279454AC8FEFE4BAB66CE0E6754388963E0B53A97939D950C78B54EC35CCBB3098ABC87A5A7571384E56862CA42F158DE8AD6A56DCA6830E872C7869245637875EC8FD3843E85F5AE08CFB0157B529B480A926CAEC066E0F77FA357BF9F80A4C6D2C0B668DD592A28F721C583644C1B6924BAB9F8C2CF9E6F1E6DEBE3C1BF013F94EF820507F3E95F068B2F89C5A5217F4234FE1B0230E7787062B6CC65925D17AA4AC6C59B4AF4B9265441CB4BF97EBA71F66F1915673C313CCEED7829BC887735925AC5E3268C0DEF54122706B70740E0920429F42821AB6C95081F8FD65A0178A0D6580AA678A81F777EA96922102AE7A6F7B7FEFB9E6E0CAB4525FE4FAB4658E09A839F3C82C995BDA3144FCF78847DE9CCE3F43DC1734F1E252AC165D9CDE251497E16ACF9A554BAE5DE72AA9D50BFA4C502FA9C9AA78C88EB7D06AC471345054739C592326404976CB3F4736483EEB3EA199A9D3EEEBB1F24A35E91D905D1A43E536A5C00A07290A1F1D9BAB3066F8909654296451E7C271BD5C24E798781E91E24A249BEEC8D76B52B8A68F7B4CBAA2F544436CBFE0F7BE07F8A7394EF6D251934F1714D4BE9AC9BA5D2B69F62AFB0338B53F973D0DA0ACBC2F6E61E8A55B8A3C0403E0F34402C0A5D63B59F516CC82B620B3661C4E85473F1A8618A961C1D783BD76CE913E900FAFECF466EBD76B4F4E2E6923C80E771B617A66F53C448DC174A698E48C9E949AF6E912288D1E6C8304ECA0C321F290CB56EDAF077BF84183FC6080A1A2C62BCAAC284CF6EB0FA6EC0177A71F2ADA262D5E8159C769FA080F9BE2A9950009B22B2C469B1A1ED93A34E659EE5342E6E4641AA867958F48EDE8FF1AC4A6103815553F36579AB1336794794C662AD174A9DE28BC5E4A542E50D0E58CEFCC9E4A3C7DA027EAC171E899458B3E2329CD218E36D1A4D106BFD62FB489932E9084A36FCDD57A2A8F37E5C2F7907C8F3C03FDD2656947A7E3B94602D5494E0189C49910DB28C231A551B2016DF06B11E602E45075570920B2CE365390CD9C3E690EFB0A474F0B203544A672A885B3B7643649DBC6955396057BE964B8E2F2C076DBE3503"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-19 21:43:29
ComboFix-quarantined-files.txt 2010-03-19 20:43

Před spuštěním: Volných bajtů: 132 860 723 200
Po spuštění: Volných bajtů: 132 865 064 960

- - End Of File - - B3C6858F2F6FD78D52F3F080F067C83E

[motji]

nedělal jste mezitím něco s počítačem? Ty soubory, co byli vidět v HJT, tu už nejsou

Dejte soubor otestovat na http://www.virustotal.com


c:\windows\updated7.exe
c:\windows\system32\dllcache\ndis.sys
c:\windows\system32\msload32.exe
c:\windows\system32\drivers\tcpip.sys

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky


poprosím o log ze Rsitu, viz můj podpis

Podle pravidel fóra se zde nelegálním softwarem nezabýváme,
Obstarejte si legální zabezpečení PC, pak zde vložte log z RSITU a budeme pokračovat

[dokken]

jen to co nasel CF a pak jsem vycistil pomoci ccleaneru
bohuzel nemuzu otestovat soubory na virus total, protoze se mi nepodarilo rozchodit usb wifi, jinak bezne bezproblemovou..co ted?

[motji]

řekla bych že to bude těmi dvěma soubory, co jsem chtěla otestovat Ještě zkuste přes flešku přenést Rsit, opravdu bych ho potřebovala vidět


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\windows\system32\msload32.exe
c:\windows\updated7.exe

Restore::
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\dllcache\ndis.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[dokken]

widle nabehly, udelal jsem oboji, zde jsou logy
ComboFix 10-03-18.02 - Racek 20.03.2010 1:16.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.235 [GMT 1:00]
Spuštěný z: c:\documents and settings\Racek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Racek\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\system32\msload32.exe
file zipped: c:\windows\updated7.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msload32.exe
c:\windows\updated7.exe

Nakažená kopie c:\windows\system32\dllcache\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\ndis.sys

Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 00:08 . 2010-03-20 00:08 -------- d-----w- C:\rsit
2010-03-19 19:19 . 2010-03-19 19:19 -------- d-----w- c:\windows\system32\cs-cz
2010-03-19 17:56 . 2010-03-19 18:54 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-19 17:15 . 2010-03-19 17:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-19 17:14 . 2010-03-19 17:14 -------- d-----w- C:\totalcmd
2010-03-19 17:07 . 2010-03-19 17:07 -------- d-----w- c:\windows\system32\oodag
2010-03-19 17:04 . 2010-03-19 17:04 -------- d-----w- c:\program files\OO Software
2010-03-19 16:53 . 2010-03-19 16:53 -------- d-----w- c:\program files\CCleaner
2010-03-19 16:27 . 2010-03-19 16:27 -------- d-----w- c:\program files\Belkin
2010-03-19 15:42 . 2010-03-19 15:45 -------- d-----w- c:\program files\Your Uninstaller 2004
2010-03-19 15:13 . 2010-03-19 15:13 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-03-19 13:46 . 2010-03-19 13:46 307200 ----a-w- c:\windows\IsUninst.exe
2010-03-07 19:00 . 2010-03-07 21:02 -------- d-----w- c:\program files\Alex Kočičák
2010-03-07 14:20 . 2010-03-07 15:09 -------- d-----w- c:\program files\Veselá kuřata
2010-03-05 17:19 . 2010-03-05 17:19 -------- d-----w- c:\program files\Alenka 2 - Kouzelná země
2010-02-23 14:45 . 2004-08-03 22:14 182912 -c--a-w- c:\windows\system32\dllcache\ndis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 17:20 . 2006-11-13 18:38 -------- d-----w- c:\program files\ESET
2010-03-19 17:15 . 2007-02-15 19:54 -------- d-----w- c:\program files\Java
2010-03-19 16:28 . 2006-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 23:08 . 2001-10-25 12:00 14336 ------w- c:\windows\system32\svchost.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 176128 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-27 07:55 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-24 19:48 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\v8120\\DMMultiView\\MultiView.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2008 14:15 691696]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-16 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series0EF76F99F52E5E56852FCA38EF11AE81ACB5A4C1251737149.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {782162F7-3366-4B2C-916B-037F1C78E488} = 10.1.1.1,82.100.17.161
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 01:22
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1ED7CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CBA7FD869164D6794B7E9A941A52A203933918841F36C98B49E12AF837C8842767E6AFA62E0862773ABED5A4E0F6AEBAC6B7C2EBB76768CE0D5C4ED1E1FF5F7CE12202D6D08A0EF8BDCF3624959023D6061AC051A647EB9BC61C0F8D1725E1D40ADCACFB3646D28C1EE2C4BB1A8A7157CBFC4465177FC5BBB11BA572F62984AA165D1D37D38C465F5DB4D15A9B356A00C036B9E807AADDE3006E901EB72C1C733A19B1FB9DA45EF71EF903279454AC8FEFE4BAB66CE0E6754388963E0B53A97939D950C78B54EC35CCBB3098ABC87A5A7571384E56862CA42F158DE8AD6A56DCA6830E872C7869245637875EC8FD3843E85F5AE08CFB0157B529B480A926CAEC066E0F77FA357BF9F80A4C6D2C0B668DD592A28F721C583644C1B6924BAB9F8C2CF9E6F1E6DEBE3C1BF013F94EF820507F3E95F068B2F89C5A5217F4234FE1B0230E7787062B6CC65925D17AA4AC6C59B4AF4B9265441CB4BF97EBA71F66F1915673C313CCEED7829BC887735925AC5E3268C0DEF54122706B70740E0920429F42821AB6C95081F8FD65A0178A0D6580AA678A81F777EA96922102AE7A6F7B7FEFB9E6E0CAB4525FE4FAB4658E09A839F3C82C995BDA3144FCF78847DE9CCE3F43DC1734F1E252AC165D9CDE251497E16ACF9A554BAE5DE72AA9D50BFA4C502FA9C9AA78C88EB7D06AC471345054739C592326404976CB3F4736483EEB3EA199A9D3EEEBB1F24A35E91D905D1A43E536A5C00A07290A1F1D9BAB3066F8909654296451E7C271BD5C24E798781E91E24A249BEEC8D76B52B8A68F7B4CBAA2F544436CBFE0F7BE07F8A7394EF6D251934F1714D4BE9AC9BA5D2B69F62AFB0338B53F973D0DA0ACBC2F6E61E8A55B8A3C0403E0F34402C0A5D63B59F516CC82B620B3661C4E85473F1A8618A961C1D783BD76CE913E900FAFECF466EBD76B4F4E2E6923C80E771B617A66F53C448DC174A698E48C9E949AF6E912288D1E6C8304ECA0C321F290CB56EDAF077BF84183FC6080A1A2C62BCAAC284CF6EB0FA6EC0177A71F2ADA262D5E8159C769FA080F9BE2A9950009B22B2C469B1A1ED93A34E659EE5342E6E4641AA867958F48EDE8FF1AC4A6103815553F36579AB1336794794C662AD174A9DE28BC5E4A542E50D0E58CEFCC9E4A3C7DA027EAC171E899458B3E2329CD218E36D1A4D106BFD62FB489932E9084A36FCDD57A2A8F37E5C2F7907C8F3C03FDD2656947A7E3B94602D5494E0189C49910DB28C231A551B2016DF06B11E602E45075570920B2CE365390CD9C3E690EFB0A474F0B203544A672A885B3B7643649DBC6955396057BE964B8E2F2C076DBE3503"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2010-03-20 01:25:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-20 00:25
ComboFix2.txt 2010-03-19 23:55
ComboFix3.txt 2010-03-19 20:43

Před spuštěním: Volných bajtů: 132 839 137 280
Po spuštění: Volných bajtů: 132 805 201 920

- - End Of File - - 5A9B86AB0C567C3AA0E2C8D77EB1511B

-----------------------------------------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Racek at 2010-03-20 01:26:04
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 127 GB (53%) free of 239 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:17, on 20.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
G:\1_FIRST_ATTACK\RSIT.exe
G:\1_FIRST_ATTACK\Racek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{782162F7-3366-4B2C-916B-037F1C78E488}: NameServer = 10.1.1.1,82.100.17.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4807 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1251737149.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-24 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2
"O&O Defrag"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\v8120\DMMultiView\MultiView.exe"="C:\Program Files\v8120\DMMultiView\MultiView.exe:*:Enabled:MultiView"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 01:25:28 ----D---- C:\WINDOWS\temp
2010-03-20 01:25:25 ----A---- C:\ComboFix.txt
2010-03-20 01:08:23 ----D---- C:\rsit
2010-03-19 21:34:15 ----A---- C:\WINDOWS\MBR.exe
2010-03-19 21:34:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-19 21:34:09 ----A---- C:\WINDOWS\PEV.exe
2010-03-19 21:34:08 ----A---- C:\WINDOWS\zip.exe
2010-03-19 21:34:08 ----A---- C:\WINDOWS\SWREG.exe
2010-03-19 21:34:08 ----A---- C:\WINDOWS\sed.exe
2010-03-19 21:34:08 ----A---- C:\WINDOWS\grep.exe
2010-03-19 21:34:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-19 21:34:07 ----A---- C:\WINDOWS\SWSC.exe
2010-03-19 21:33:31 ----D---- C:\Qoobox
2010-03-19 20:19:28 ----D---- C:\WINDOWS\WBEM
2010-03-19 20:19:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-19 20:17:44 ----HDC---- C:\WINDOWS\ie7
2010-03-19 20:17:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-19 20:16:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-19 20:14:43 ----A---- C:\WINDOWS\imsins.BAK
2010-03-19 20:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-03-19 20:14:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-19 18:56:18 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-19 18:21:17 ----D---- C:\Documents and Settings\Racek\Data aplikací\ESET
2010-03-19 18:20:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-19 18:15:47 ----A---- C:\WINDOWS\system32\java.exe
2010-03-19 18:15:16 ----D---- C:\Program Files\Common Files\Java
2010-03-19 18:14:26 ----D---- C:\totalcmd
2010-03-19 18:07:45 ----A---- C:\WINDOWS\oodcnt.INI
2010-03-19 18:07:41 ----D---- C:\WINDOWS\system32\oodag
2010-03-19 18:04:59 ----D---- C:\Program Files\OO Software
2010-03-19 17:53:25 ----D---- C:\Program Files\CCleaner
2010-03-19 17:27:13 ----D---- C:\Program Files\Belkin
2010-03-19 16:57:59 ----D---- C:\WINDOWS\ERDNT
2010-03-19 16:42:12 ----D---- C:\Program Files\Your Uninstaller 2004
2010-03-19 16:13:04 ----D---- C:\WINDOWS\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2010-03-19 14:46:41 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-03-19 14:46:36 ----A---- C:\WINDOWS\IsUninst.exe
2010-03-19 14:46:27 ----D---- C:\Program Files\Registry Mechanic
2010-03-19 14:43:57 ----D---- C:\Documents and Settings\Racek\Data aplikací\U3
2010-03-19 14:42:16 ----D---- C:\WINDOWS\pss
2010-03-07 20:00:54 ----D---- C:\Program Files\Alex Kočičák
2010-03-07 15:20:19 ----D---- C:\Program Files\Veselá kuřata
2010-03-05 18:20:06 ----D---- C:\Documents and Settings\Racek\Data aplikací\V-Games
2010-03-05 18:19:09 ----D---- C:\Program Files\Alenka 2 - Kouzelná země

======List of files/folders modified in the last 1 months======

2010-03-20 01:26:06 ----AH---- C:\WINDOWS\WINCMD.INI
2010-03-20 01:25:29 ----HD---- C:\WINDOWS\system32\drivers
2010-03-20 01:25:28 ----D---- C:\WINDOWS
2010-03-20 01:25:25 ----HD---- C:\WINDOWS\Prefetch
2010-03-20 01:23:34 ----HD---- C:\WINDOWS\system32\CatRoot2
2010-03-20 01:22:14 ----A---- C:\WINDOWS\system.ini
2010-03-20 01:20:24 ----D---- C:\WINDOWS\system32
2010-03-20 01:19:06 ----HD---- C:\WINDOWS\AppPatch
2010-03-20 01:19:03 ----D---- C:\Program Files\Common Files
2010-03-20 01:16:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-20 01:15:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 00:43:46 ----HD---- C:\WINDOWS\inf
2010-03-20 00:41:35 ----SHD---- C:\WINDOWS\Installer
2010-03-20 00:40:52 ----ASH---- C:\boot.ini
2010-03-19 22:31:40 ----D---- C:\Documents and Settings\Racek\Data aplikací\Skype
2010-03-19 20:23:31 ----HD---- C:\WINDOWS\Help
2010-03-19 20:23:31 ----D---- C:\Program Files\Internet Explorer
2010-03-19 20:19:19 ----HD---- C:\WINDOWS\Media
2010-03-19 20:14:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-19 20:06:26 ----SHD---- C:\System Volume Information
2010-03-19 20:06:26 ----HD---- C:\WINDOWS\system32\Restore
2010-03-19 20:01:20 ----HD---- C:\WINDOWS\EHome
2010-03-19 19:56:44 ----HD---- C:\WINDOWS\system32\CatRoot
2010-03-19 19:49:03 ----D---- C:\BORDEL
2010-03-19 19:18:14 ----RD---- C:\Program Files
2010-03-19 18:56:17 ----HD---- C:\WINDOWS\Debug
2010-03-19 18:20:05 ----D---- C:\Program Files\ESET
2010-03-19 18:15:47 ----D---- C:\Program Files\Java
2010-03-19 17:28:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-19 17:22:47 ----HD---- C:\WINDOWS\system32\config
2010-03-19 17:11:49 ----SD---- C:\WINDOWS\Tasks
2010-03-19 17:06:41 ----SD---- C:\Documents and Settings\Racek\Data aplikací\Microsoft
2010-03-19 16:15:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-19 15:55:25 ----D---- C:\Documents and Settings
2010-03-17 20:59:18 ----D---- C:\Documents and Settings\Racek\Data aplikací\skypePM
2010-02-27 17:49:41 ----AH---- C:\WINDOWS\NeroDigital.ini
2010-02-27 17:49:24 ----A---- C:\WINDOWS\M3JPEG.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 mbr;mbr; \??\C:\DOCUME~1\Racek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-01 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 229376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 934400]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-02-13 14336]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]

-----------------EOF-----------------

[motji]

Fajn, co internet, už funguje?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[dokken]

zkusim preinstalovat jeste driver na wifinu, ale to udelam az po scanu z MBAMu

[motji]

Zkuste.
Wifina Vám nejde odkdy?
Já už dnes končím, dobrou noc

[dokken]

dobrou ))
wifi pujde, to je ovladacem
jo jinak cerstvej avast ukazuje stovky infikovanejch souboru
mbam log
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

20.3.2010 2:13:29
mbam-log-2010-03-20 (02-13-22).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116537
Uplynulý čas: 8 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\qxzv85.exe@ (Trojan.Buzus) -> No action taken.
C:\Documents and Settings\Racek\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\vokurka\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

[motji]

Co našel mbam, smažte.
Doufám že Avast nehlásí virut nebo vitro

Projeďte pc Avptoolem
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky


(pokud by šlo skutečně o viruta, musíme hned vyčistit i to druhé pc, do kterého jste zapojoval flešku). Ale i kdyby o viruta nešlo. Založte druhý topic, napište pro MOtji a vložte do něj log ze Rsitu. Bohužel tu dnes budu až večer, asi kolem 7 hodiny, a ted ráno ještě před 10hodinou.)