Zabržděnj komp pls help

[scof]

mám dost zasekanej komp ikdyž jsem defregmentoval a použivám i programy na pořádek. Často mě sničeho nic vyskočí okno exploreru s nějakou stránkou myslim že by to mohl být tím poradtě prosím předem dík
tady muj log z HJ:

Logfile of HijackThis v1.99.1
Scan saved at 20:43:21, on 9.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\o8U3aatg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Na vypálení\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[Reklama]

[jaro3]

Vítej na fóru PC-HELP!

Toto otestuj na Virustotal
C:\WINDOWS\system32\o8U3aatg.exe
Vlož sem pak výsledky.

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[scof]

OK tady je zatim vípis z virustotal
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.7.1 2008.11.09 -
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.08 -
AVG 8.0.0.161 2008.11.09 -
BitDefender 7.2 2008.11.09 -
CAT-QuickHeal 9.50 2008.11.08 -
ClamAV 0.94.1 2008.11.09 -
DrWeb 4.44.0.09170 2008.11.09 -
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6200 2008.11.09 -
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.09 -
Fortinet 3.117.0.0 2008.11.09 -
GData 19 2008.11.09 -
Ikarus T3.1.1.45.0 2008.11.09 -
K7AntiVirus 7.10.520 2008.11.08 -
Kaspersky 7.0.0.125 2008.11.09 -
McAfee 5428 2008.11.08 -
Microsoft 1.4104 2008.11.09 TrojanDownloader:Win32/Popur.B
NOD32 3597 2008.11.08 a variant of Win32/TrojanDownloader.FakeAlert.PK
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.09 -
PCTools 4.4.2.0 2008.11.09 -
Prevx1 V2 2008.11.09 Malware Downloader
Rising 21.02.62.00 2008.11.09 -
SecureWeb-Gateway 6.7.6 2008.11.09 Trojan.Crypt.XPACK.Gen
Sophos 4.35.0 2008.11.09 Mal/EncPk-CZ
Sunbelt 3.1.1785.2 2008.11.08 -
Symantec 10 2008.11.09 -
TheHacker 6.3.1.1.146 2008.11.08 -
TrendMicro 8.700.0.1004 2008.11.07 -
VBA32 3.12.8.9 2008.11.09 -
ViRobot 2008.11.7.1457 2008.11.07 -
VirusBuster 4.5.11.0 2008.11.09 TrojanSpy.ZBot.Gen!Pac.5
Rozšiřující informace
File size: 64000 bytes
MD5...: b996aa50d5095f5b6c87e866bf9ea4ac
SHA1..: 04f7e675fcd144276a3069a30b065a71a4d69964
SHA256: 93043062dbeec9a5e0eef4f24ebc5623e64e20a372bcd991329268910ff5aaf9
SHA512: 7d53df65b442f2612206aa8c16c9b6605ac088877e230ce384a92286d086446a
d4d24ba0b8e3369726029c10529abb9c708e62fa1861cecd7d74920293b6aa17
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4010ca
timedatestamp.....: 0x486d6a6f (Fri Jul 04 00:10:23 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x139e 0x1400 2.55 3c6fd84fb84d30215b48c6c4fd44597c
.rdata 0x3000 0x171c 0x1800 5.27 18b0d83993d9af1cb1dc0a7f5dcc4f51
.data 0x5000 0x1c077 0xc800 7.30 ee1d00349706badc1b65487c5f70bbf8
.reloc 0x22000 0x763 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x23000 0x19d 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 11 imports )
> comctl32.dll: ImageList_Copy, ImageList_BeginDrag, ImageList_DrawIndirect, ImageList_Draw, ImageList_DragEnter, ImageList_DragMove, ImageList_Create, ImageList_GetIconSize, ImageList_GetImageRect, ImageList_DrawEx, ImageList_Merge, ImageList_AddIcon, ImageList_Destroy, ImageList_Remove, ImageList_Replace, ImageList_LoadImageW, ImageList_DragLeave, ImageList_GetDragImage, ImageList_GetImageCount
> user32.dll: CalcMenuBar, GetWindowTextLengthA, DrawTextW, DrawIcon, DrawIconEx, CopyImage, GetFocus, DrawTextA, IsWindow, IsMenu, CopyIcon, EndDialog, CopyRect, AppendMenuA, GetMenu, AlignRects
> user32.dll: GetWindowTextA, AppendMenuA, DrawIconEx, AlignRects, DrawTextW, CopyImage, CopyIcon, CloseWindow, DrawIcon, DrawTextA, CalcMenuBar, InsertMenuA, GetDlgItem, CopyRect, IsMenu, GetDC, CreateIcon, AppendMenuW, LoadCursorA, GetMenu, DialogBoxParamW, LoadMenuA, GetWindowTextLengthA, BlockInput
> kernel32.dll: GetFileSize, GetStdHandle, ReadFile, CopyFileW, OpenFileMappingA, GetComputerNameA, GetLastError, CopyFileA, GetCommandLineA, GlobalFree, DeleteFileA, GetConsoleMode, GetCPInfo, SetLastError, CreateDirectoryA, Sleep, DeleteAtom
> comctl32.dll: ImageList_Read, ImageList_GetIconSize, ImageList_Remove, ImageList_Destroy, ImageList_GetImageInfo, ImageList_GetDragImage, ImageList_GetImageRect, ImageList_DragShowNolock, ImageList_Copy, ImageList_LoadImageA, ImageList_EndDrag, InitCommonControls, ImageList_AddMasked, ImageList_Merge, ImageList_DragMove, ImageList_Replace, ImageList_LoadImageW, ImageList_GetImageCount, ImageList_LoadImage, ImageList_AddIcon
> kernel32.dll: OpenFileMappingA, GetConsoleMode, GetCPInfo, CopyFileExW, ReadFile, GlobalFree, CreateThread, WriteFile, DeleteFileW, CreateDirectoryA, ReadConsoleA, GetComputerNameA, GetFileSize, CopyFileA, GetLastError, SetLastError, CopyFileExA, ExitThread, Sleep, GetStdHandle, FindFirstFileA, OpenFile, DeleteFileA
> advapi32.dll: RegEnumKeyW, RegEnumKeyExW, RegEnumKeyExA, RegCreateKeyExA, RegLoadKeyA, RegReplaceKeyW, RegDeleteValueW, RegLoadKeyW, RegDeleteKeyA, RegQueryValueA, RegOpenKeyExA, RegGetKeySecurity, RegDeleteValueA, RegEnumKeyA, RegEnumValueW, RegOpenKeyExW, RegDeleteKeyW, RegEnumValueA, RegQueryValueW, RegQueryValueExA, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyA, RegFlushKey
> gdi32.dll: GetPixel, ExtTextOutA, AddFontResourceW, AddFontResourceA, RestoreDC, BitBlt, AbortPath, AddFontResourceExA, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, ExcludeClipRect, CreateSolidBrush, ClearBitmapAttributes, GetDCOrgEx
> user32.dll: EndDialog, GetWindowTextLengthA, InsertMenuA, GetWindowTextA, IsMenu, GetFocus, DrawIcon, LoadCursorA, DrawTextA, DialogBoxParamW, GetDlgItem, CopyImage, CloseWindow, AppendMenuA, CreateIcon, AppendMenuW, BlockInput, AlignRects
> advapi32.dll: RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegCreateKeyW, RegOpenKeyExW, RegReplaceKeyW, RegEnumKeyA, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyA, RegEnumKeyW, RegOpenKeyExA, RegQueryValueW, RegFlushKey, RegDeleteKeyA, RegQueryInfoKeyA, RegDeleteValueA, RegGetKeySecurity, RegCreateKeyExA, RegQueryValueA, RegEnumValueA
> gdi32.dll: GetCurrentPositionEx, BeginPath, SetTextColor, AddFontResourceW, ExtTextOutA, GetClipBox, CloseMetaFile, AbortPath, AddFontResourceExW, GetBrushOrgEx, AddFontResourceTracking, ClearBitmapAttributes, GetBitmapBits, CreateSolidBrush, AddFontResourceA, ClearBrushAttributes, DeleteDC, DeleteObject, GetDCOrgEx, GetPixel

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00BAC9859D

[scof]

tady je hijack


Logfile of HijackThis v1.99.1
Scan saved at 23:25:33, on 9.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Na vypálení\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


A SDFix:


SDFix: Version 1.240
Run by mr.scf on ne 09.11.2008 at 23:15

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 23:23:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:c9,75,1d,a7,d5,38,9a,79,4c,b9,47,0b,d5,f9,03,ba,1b,d2,8a,9d,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,90,d2,de,1b,28,77,8d,cd,90,c7,03,6b,c5,f4,05,c3,..
"khjeh"=hex:b3,4b,4b,10,a7,bc,f6,4e,b4,39,82,c9,44,31,38,63,3c,aa,29,f7,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:81,d6,ac,b3,7e,16,4e,ba,cc,8b,9a,16,a7,e4,79,b8,9d,d3,75,4e,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:c9,75,1d,a7,d5,38,9a,79,4c,b9,47,0b,d5,f9,03,ba,1b,d2,8a,9d,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,90,d2,de,1b,28,77,8d,cd,90,c7,03,6b,c5,f4,05,c3,..
"khjeh"=hex:b3,4b,4b,10,a7,bc,f6,4e,b4,39,82,c9,44,31,38,63,3c,aa,29,f7,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,67,61,2f,be,40,3e,17,ca,4b,50,6d,f4,21,68,89,b1,be,9c,f9,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:c9,75,1d,a7,d5,38,9a,79,4c,b9,47,0b,d5,f9,03,ba,1b,d2,8a,9d,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,90,d2,de,1b,28,77,8d,cd,90,c7,03,6b,c5,f4,05,c3,..
"khjeh"=hex:b3,4b,4b,10,a7,bc,f6,4e,b4,39,82,c9,44,31,38,63,3c,aa,29,f7,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,67,61,2f,be,40,3e,17,ca,4b,50,6d,f4,21,68,89,b1,be,9c,f9,0b,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"D:\\Hry\\cod4\\iw3mp.exe"="D:\\Hry\\cod4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\Hry\\CS 1.6\\hl.exe"="D:\\Hry\\CS 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\Scoffield\\Plocha\\StrongDC++\\StrongDC.exe"="C:\\Documents and Settings\\Scoffield\\Plocha\\StrongDC++\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="D:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="D:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\\Hry\\CS\\hl.exe"="D:\\Hry\\CS\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\\Hry\\MM2\\mcm2.exe"="D:\\Hry\\MM2\\mcm2.exe:*:Enabled:MicrosoftR Motocross Madness 2"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"D:\\Hry\\MCM2\\MCM2.EXE"="D:\\Hry\\MCM2\\MCM2.EXE:*:Enabled:MicrosoftR Motocross Madness 2"
"C:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo FirewallR"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\kav\\kav8.0\\english\\setup.exe"="C:\\kav\\kav8.0\\english\\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 18 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Tue 17 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 6 Nov 2008 692,556 ...H. --- "C:\Program Files\iolo\System Mechanic Professional\unins000.exe"

Finished!

[jaro3]

Najdi a smaž: C:\SDFix
Vypni rez. ochranu u Avastu.

Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[scof]

tady je log z CF:
ComboFix 08-11-09.04 - mr.scf 2008-11-10 13:52:41.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.183 [GMT 1:00]
Spuštěný z: c:\documents and settings\mr.scf\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-10 do 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-09 23:14 . 2008-11-09 23:14 <DIR> d-------- c:\windows\ERUNT
2008-11-09 20:55 . 2008-11-09 20:59 1,896 --a------ c:\windows\system32\tmp.reg
2008-11-09 20:54 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-09 20:54 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-09 20:54 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-09 20:54 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-09 20:54 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-09 20:54 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-09 20:54 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-09 20:53 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-09 13:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 16:04 . 2008-11-08 16:04 0 --ah----- c:\windows\system32\spkpsys.ini
2008-11-08 16:03 . 2008-11-09 18:08 <DIR> d-------- c:\program files\Super Popup Blocker
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\plugin.ocx
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2008-11-07 18:22 . 2008-06-12 11:27 26,144 --a------ c:\windows\system32\spupdsvc.exe
2008-11-07 18:21 . 2008-11-07 19:02 <DIR> d-------- c:\windows\system32\cs-cz
2008-11-06 22:28 . 2008-11-07 15:46 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\iolo
2008-11-06 20:35 . 2004-08-18 13:00 1,134,592 --a------ c:\windows\system32\wuaueng.dll
2008-11-06 20:35 . 2004-08-18 13:00 431,104 --a------ c:\windows\system32\wuapi.dll
2008-11-06 20:35 . 2004-08-18 13:00 162,304 --a------ c:\windows\system32\wuaucpl.cpl
2008-11-06 20:35 . 2004-08-18 13:00 120,320 --a------ c:\windows\system32\wuweb.dll
2008-11-06 20:35 . 2004-08-18 13:00 112,640 --a------ c:\windows\system32\wucltui.dll
2008-11-06 20:35 . 2004-08-18 13:00 111,104 --a------ c:\windows\system32\wuauclt.exe
2008-11-06 20:35 . 2004-08-18 13:00 66,560 --a------ c:\windows\system32\cdm.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a------ c:\windows\system32\wups.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a--c--- c:\windows\system32\dllcache\wups.dll
2008-11-06 20:24 . 2008-11-06 20:24 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-06 20:21 . 2008-11-08 22:02 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\iolo
2008-11-06 20:20 . 2008-11-06 20:20 <DIR> d-------- c:\program files\iolo
2008-11-06 20:20 . 2008-09-25 11:07 922,464 --a------ c:\windows\system32\Incinerator.dll
2008-11-06 20:20 . 2008-04-17 10:36 39,424 --a------ c:\windows\system32\xpacket.sys
2008-11-06 20:20 . 2008-09-24 10:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2008-11-06 20:20 . 2008-04-17 10:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2008-11-06 20:20 . 2008-09-09 16:45 8,192 --a------ c:\windows\system32\smrgdf.exe
2008-11-06 20:18 . 2008-11-06 20:18 74,703 --a------ c:\windows\system32\mfc45.dll
2008-11-06 20:16 . 2008-11-06 20:31 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\iolo
2008-11-06 20:16 . 2008-11-06 20:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\iolo
2008-11-06 10:51 . 2008-11-06 10:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avg7
2008-11-04 22:56 . 2008-11-05 09:11 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Spyware Terminator
2008-11-04 18:28 . 2008-11-04 20:17 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-11-04 18:23 . 2008-11-04 18:23 <DIR> d-------- c:\program files\AxBx
2008-11-04 18:13 . 2008-11-04 18:13 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Malwarebytes
2008-11-04 17:52 . 2008-11-06 00:04 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\Spyware Terminator
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:00 . 2008-11-07 19:00 <DIR> dr------- c:\documents and settings\NetworkService\Oblíbené položky
2008-11-04 10:38 . 2008-11-04 10:38 64,000 --a------ c:\windows\system32\o8U3aatg.exe
2008-11-01 16:37 . 2008-11-01 16:37 <DIR> d-------- c:\program files\Hamachi
2008-11-01 16:37 . 2008-11-07 00:18 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Hamachi
2008-11-01 16:37 . 2008-11-01 16:37 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-10-24 20:44 . 2008-10-24 20:44 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Skype
2008-10-19 14:58 . 2008-10-19 14:58 <DIR> d-------- c:\program files\Santa Claus in trouble ...again!
2008-10-14 18:54 . 2008-11-08 10:59 <DIR> d-------- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 23:03 --------- d-----w c:\program files\Programy
2008-11-09 12:36 --------- d-----w c:\program files\ICQToolbar
2008-11-08 09:59 --------- d-----w c:\program files\BitComet
2008-11-07 12:23 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Skype
2008-11-07 12:21 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\skypePM
2008-11-07 11:27 --------- d-----w c:\program files\Formuláře - ITPro CZ
2008-10-23 18:08 --------- d-----w c:\program files\DivX
2008-10-20 19:46 --------- d-----w c:\program files\Yahoo!
2008-10-09 20:10 --------- d-----w c:\program files\CCleaner
2008-10-06 16:19 --------- d-----w c:\program files\SoftMaker Viewer
2008-09-25 22:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-25 22:22 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DivX
2008-09-25 22:21 --------- d-----w c:\program files\GamePark
2008-09-25 22:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Ahead
2008-09-25 21:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 21:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DAEMON Tools
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 14:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ Toolbar
2008-09-13 18:17 --------- d-----w c:\documents and settings\Pepa\Data aplikací\ICQ Toolbar
2008-09-13 12:37 --------- d-----w c:\program files\ICQ6
2008-09-10 19:36 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ
2008-09-10 18:45 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ACD Systems
2008-08-12 10:39 2,560 ----a-w c:\windows\system32\bitcometres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-01-29 2150400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Mˇça\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\mr.scf\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Hry\\CS\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22735:TCP"= 22735:TCP:BitComet 22735 TCP
"22735:UDP"= 22735:UDP:BitComet 22735 UDP

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-04-17 39424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;c:\windows\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
S3 MA8630C;MA8630C;c:\windows\system32\DRIVERS\MA8630C.sys [2004-09-14 23248]
S3 MA8630M;MA8630M;c:\windows\system32\DRIVERS\MA8630M.sys [2005-01-25 25428]
S3 MA8630U;MA8630U;c:\windows\system32\DRIVERS\MA8630U.sys [2007-10-31 53586]
S3 MaRdPnp;MaRdPnp;c:\windows\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\mr.scf\Data aplikací\Mozilla\Firefox\Profiles\8bucwyfb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://seznam.cz/
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 13:56:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\lsass.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\explorer.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\csrss.exe
-> c:\program files\iolo\common\lib\ioloHL.dll
.
Celkový čas: 2008-11-10 13:58:34
ComboFix-quarantined-files.txt 2008-11-10 12:58:27

Před spuštěním: 9 951 334 400
Po spuštění: Volných bajtů: 10,097,283,072

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

217

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\Process.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\Process.exe
c:\windows\system32\spkpsys.ini
c:\windows\system32\o8U3aatg.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Novější verze HJT zde:
http://www.trendsecure.com/portal/en-US ... ckThis.exe

[scof]

novej log z CF:

ComboFix 08-11-09.04 - mr.scf 2008-11-10 19:03:18.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.289 [GMT 1:00]
Spuštěný z: c:\documents and settings\mr.scf\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mr.scf\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-10 do 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\program files\Exec
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\Exec
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Exec
2008-11-09 23:14 . 2008-11-09 23:14 <DIR> d-------- c:\windows\ERUNT
2008-11-09 20:55 . 2008-11-09 20:59 1,896 --a------ c:\windows\system32\tmp.reg
2008-11-09 20:54 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-09 20:54 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-09 20:54 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-09 20:54 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-09 20:54 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-09 20:54 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-09 20:54 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-09 20:53 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-09 13:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 16:04 . 2008-11-08 16:04 0 --ah----- c:\windows\system32\spkpsys.ini
2008-11-08 16:03 . 2008-11-09 18:08 <DIR> d-------- c:\program files\Super Popup Blocker
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\plugin.ocx
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2008-11-07 18:22 . 2008-06-12 11:27 26,144 --a------ c:\windows\system32\spupdsvc.exe
2008-11-07 18:21 . 2008-11-07 19:02 <DIR> d-------- c:\windows\system32\cs-cz
2008-11-06 22:28 . 2008-11-07 15:46 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\iolo
2008-11-06 20:35 . 2004-08-18 13:00 1,134,592 --a------ c:\windows\system32\wuaueng.dll
2008-11-06 20:35 . 2004-08-18 13:00 431,104 --a------ c:\windows\system32\wuapi.dll
2008-11-06 20:35 . 2004-08-18 13:00 162,304 --a------ c:\windows\system32\wuaucpl.cpl
2008-11-06 20:35 . 2004-08-18 13:00 120,320 --a------ c:\windows\system32\wuweb.dll
2008-11-06 20:35 . 2004-08-18 13:00 112,640 --a------ c:\windows\system32\wucltui.dll
2008-11-06 20:35 . 2004-08-18 13:00 111,104 --a------ c:\windows\system32\wuauclt.exe
2008-11-06 20:35 . 2004-08-18 13:00 66,560 --a------ c:\windows\system32\cdm.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a------ c:\windows\system32\wups.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a--c--- c:\windows\system32\dllcache\wups.dll
2008-11-06 20:24 . 2008-11-06 20:24 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-06 20:21 . 2008-11-08 22:02 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\iolo
2008-11-06 20:20 . 2008-11-06 20:20 <DIR> d-------- c:\program files\iolo
2008-11-06 20:20 . 2008-09-25 11:07 922,464 --a------ c:\windows\system32\Incinerator.dll
2008-11-06 20:20 . 2008-04-17 10:36 39,424 --a------ c:\windows\system32\xpacket.sys
2008-11-06 20:20 . 2008-09-24 10:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2008-11-06 20:20 . 2008-04-17 10:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2008-11-06 20:20 . 2008-09-09 16:45 8,192 --a------ c:\windows\system32\smrgdf.exe
2008-11-06 20:18 . 2008-11-06 20:18 74,703 --a------ c:\windows\system32\mfc45.dll
2008-11-06 20:16 . 2008-11-06 20:31 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\iolo
2008-11-06 20:16 . 2008-11-06 20:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\iolo
2008-11-06 10:51 . 2008-11-06 10:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avg7
2008-11-04 22:56 . 2008-11-05 09:11 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Spyware Terminator
2008-11-04 18:28 . 2008-11-04 20:17 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-11-04 18:23 . 2008-11-04 18:23 <DIR> d-------- c:\program files\AxBx
2008-11-04 18:13 . 2008-11-04 18:13 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Malwarebytes
2008-11-04 17:52 . 2008-11-06 00:04 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\Spyware Terminator
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:00 . 2008-11-07 19:00 <DIR> dr------- c:\documents and settings\NetworkService\Oblíbené položky
2008-11-04 10:38 . 2008-11-04 10:38 64,000 --a------ c:\windows\system32\o8U3aatg.exe
2008-11-01 16:37 . 2008-11-01 16:37 <DIR> d-------- c:\program files\Hamachi
2008-11-01 16:37 . 2008-11-07 00:18 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Hamachi
2008-11-01 16:37 . 2008-11-01 16:37 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-10-24 20:44 . 2008-10-24 20:44 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Skype
2008-10-19 14:58 . 2008-10-19 14:58 <DIR> d-------- c:\program files\Santa Claus in trouble ...again!
2008-10-14 18:54 . 2008-11-08 10:59 <DIR> d-------- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 23:03 --------- d-----w c:\program files\Programy
2008-11-09 12:36 --------- d-----w c:\program files\ICQToolbar
2008-11-08 09:59 --------- d-----w c:\program files\BitComet
2008-11-07 12:23 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Skype
2008-11-07 12:21 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\skypePM
2008-11-07 11:27 --------- d-----w c:\program files\Formuláře - ITPro CZ
2008-10-23 18:08 --------- d-----w c:\program files\DivX
2008-10-20 19:46 --------- d-----w c:\program files\Yahoo!
2008-10-09 20:10 --------- d-----w c:\program files\CCleaner
2008-10-06 16:19 --------- d-----w c:\program files\SoftMaker Viewer
2008-09-25 22:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-25 22:22 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DivX
2008-09-25 22:21 --------- d-----w c:\program files\GamePark
2008-09-25 22:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Ahead
2008-09-25 21:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 21:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DAEMON Tools
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 14:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ Toolbar
2008-09-13 18:17 --------- d-----w c:\documents and settings\Pepa\Data aplikací\ICQ Toolbar
2008-09-13 12:37 --------- d-----w c:\program files\ICQ6
2008-09-10 19:36 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ
2008-09-10 18:45 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ACD Systems
2008-08-12 10:39 2,560 ----a-w c:\windows\system32\bitcometres.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_13.57.11.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-10 16:57:17 1,138,688 ----a-r c:\windows\Installer\{449A8CFC-7A07-46E6-87A4-006EC47ABDFE}\PhoboClient.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-01-29 2150400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Mˇça\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\mr.scf\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Hry\\CS\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22735:TCP"= 22735:TCP:BitComet 22735 TCP
"22735:UDP"= 22735:UDP:BitComet 22735 UDP

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-04-17 39424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;c:\windows\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
S3 MA8630C;MA8630C;c:\windows\system32\DRIVERS\MA8630C.sys [2004-09-14 23248]
S3 MA8630M;MA8630M;c:\windows\system32\DRIVERS\MA8630M.sys [2005-01-25 25428]
S3 MA8630U;MA8630U;c:\windows\system32\DRIVERS\MA8630U.sys [2007-10-31 53586]
S3 MaRdPnp;MaRdPnp;c:\windows\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:06:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\lsass.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\explorer.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\csrss.exe
-> c:\program files\iolo\common\lib\ioloHL.dll
.
Celkový čas: 2008-11-10 19:08:58
ComboFix-quarantined-files.txt 2008-11-10 18:08:51
ComboFix2.txt 2008-11-10 12:58:39

Před spuštěním: Volných bajtů: 12 696 633 344
Po spuštění: Volných bajtů: 12,688,629,760

205




HJ:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:12, on 10.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Vtune\TBPanel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: :-)mojelogo SMS ToolBar - {CFBC2741-0C1F-11D6-9224-004F490BED09} - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6401 bytes

[jaro3]

Nic se nesmazalo, zkus to znovu a vypni rez. ochranu Avast, zavři ostatní aplikace a prohlížeče.Pošli jen log z CF.

[scof]

ok tady znova log:

ComboFix 08-11-09.04 - mr.scf 2008-11-10 19:39:29.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.276 [GMT 1:00]
Spuštěný z: c:\documents and settings\mr.scf\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mr.scf\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-10 do 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 19:11 . 2008-11-10 19:11 <DIR> d-------- c:\program files\Trend Micro
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\program files\Exec
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\Exec
2008-11-10 17:57 . 2008-11-10 17:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Exec
2008-11-09 23:14 . 2008-11-09 23:14 <DIR> d-------- c:\windows\ERUNT
2008-11-09 20:55 . 2008-11-09 20:59 1,896 --a------ c:\windows\system32\tmp.reg
2008-11-09 20:54 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-09 20:54 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-09 20:54 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-09 20:54 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-09 20:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-09 20:54 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-09 20:54 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-09 20:54 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-09 20:53 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 13:27 . 2008-11-09 13:27 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-09 13:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 16:04 . 2008-11-08 16:04 0 --ah----- c:\windows\system32\spkpsys.ini
2008-11-08 16:03 . 2008-11-09 18:08 <DIR> d-------- c:\program files\Super Popup Blocker
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\plugin.ocx
2008-11-07 18:22 . 2004-08-18 13:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2008-11-07 18:22 . 2008-06-12 11:27 26,144 --a------ c:\windows\system32\spupdsvc.exe
2008-11-07 18:21 . 2008-11-07 19:02 <DIR> d-------- c:\windows\system32\cs-cz
2008-11-06 22:28 . 2008-11-07 15:46 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\iolo
2008-11-06 20:35 . 2004-08-18 13:00 1,134,592 --a------ c:\windows\system32\wuaueng.dll
2008-11-06 20:35 . 2004-08-18 13:00 431,104 --a------ c:\windows\system32\wuapi.dll
2008-11-06 20:35 . 2004-08-18 13:00 162,304 --a------ c:\windows\system32\wuaucpl.cpl
2008-11-06 20:35 . 2004-08-18 13:00 120,320 --a------ c:\windows\system32\wuweb.dll
2008-11-06 20:35 . 2004-08-18 13:00 112,640 --a------ c:\windows\system32\wucltui.dll
2008-11-06 20:35 . 2004-08-18 13:00 111,104 --a------ c:\windows\system32\wuauclt.exe
2008-11-06 20:35 . 2004-08-18 13:00 66,560 --a------ c:\windows\system32\cdm.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a------ c:\windows\system32\wups.dll
2008-11-06 20:35 . 2007-07-30 19:18 33,624 --a--c--- c:\windows\system32\dllcache\wups.dll
2008-11-06 20:24 . 2008-11-06 20:24 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-06 20:21 . 2008-11-08 22:02 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\iolo
2008-11-06 20:20 . 2008-11-06 20:20 <DIR> d-------- c:\program files\iolo
2008-11-06 20:20 . 2008-09-25 11:07 922,464 --a------ c:\windows\system32\Incinerator.dll
2008-11-06 20:20 . 2008-04-17 10:36 39,424 --a------ c:\windows\system32\xpacket.sys
2008-11-06 20:20 . 2008-09-24 10:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2008-11-06 20:20 . 2008-04-17 10:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2008-11-06 20:20 . 2008-09-09 16:45 8,192 --a------ c:\windows\system32\smrgdf.exe
2008-11-06 20:18 . 2008-11-06 20:18 74,703 --a------ c:\windows\system32\mfc45.dll
2008-11-06 20:16 . 2008-11-06 20:31 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\iolo
2008-11-06 20:16 . 2008-11-06 20:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\iolo
2008-11-06 10:51 . 2008-11-06 10:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avg7
2008-11-04 22:56 . 2008-11-05 09:11 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Spyware Terminator
2008-11-04 18:28 . 2008-11-04 20:17 <DIR> d-------- c:\program files\TrojanHunter 4.2
2008-11-04 18:23 . 2008-11-04 18:23 <DIR> d-------- c:\program files\AxBx
2008-11-04 18:13 . 2008-11-04 18:13 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Malwarebytes
2008-11-04 17:52 . 2008-11-06 00:04 <DIR> d-------- c:\documents and settings\Míša\Data aplikací\Spyware Terminator
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:01 . 2008-11-04 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\ICQ Toolbar
2008-11-04 16:00 . 2008-11-07 19:00 <DIR> dr------- c:\documents and settings\NetworkService\Oblíbené položky
2008-11-04 10:38 . 2008-11-04 10:38 64,000 --a------ c:\windows\system32\o8U3aatg.exe
2008-11-01 16:37 . 2008-11-01 16:37 <DIR> d-------- c:\program files\Hamachi
2008-11-01 16:37 . 2008-11-07 00:18 <DIR> d-------- c:\documents and settings\mr.scf\Data aplikací\Hamachi
2008-11-01 16:37 . 2008-11-01 16:37 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-10-24 20:44 . 2008-10-24 20:44 <DIR> d-------- c:\documents and settings\Pepa\Data aplikací\Skype
2008-10-19 14:58 . 2008-10-19 14:58 <DIR> d-------- c:\program files\Santa Claus in trouble ...again!
2008-10-14 18:54 . 2008-11-08 10:59 <DIR> d-------- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 23:03 --------- d-----w c:\program files\Programy
2008-11-09 12:36 --------- d-----w c:\program files\ICQToolbar
2008-11-08 09:59 --------- d-----w c:\program files\BitComet
2008-11-07 12:23 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Skype
2008-11-07 12:21 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\skypePM
2008-11-07 11:27 --------- d-----w c:\program files\Formuláře - ITPro CZ
2008-10-23 18:08 --------- d-----w c:\program files\DivX
2008-10-20 19:46 --------- d-----w c:\program files\Yahoo!
2008-10-09 20:10 --------- d-----w c:\program files\CCleaner
2008-10-06 16:19 --------- d-----w c:\program files\SoftMaker Viewer
2008-09-25 22:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-25 22:22 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DivX
2008-09-25 22:21 --------- d-----w c:\program files\GamePark
2008-09-25 22:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\Ahead
2008-09-25 21:33 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 21:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\DAEMON Tools
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 14:04 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ Toolbar
2008-09-13 18:17 --------- d-----w c:\documents and settings\Pepa\Data aplikací\ICQ Toolbar
2008-09-13 12:37 --------- d-----w c:\program files\ICQ6
2008-09-10 19:36 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ICQ
2008-09-10 18:45 --------- d-----w c:\documents and settings\mr.scf\Data aplikací\ACD Systems
2008-08-12 10:39 2,560 ----a-w c:\windows\system32\bitcometres.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_13.57.11.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-10 16:57:17 1,138,688 ----a-r c:\windows\Installer\{449A8CFC-7A07-46E6-87A4-006EC47ABDFE}\PhoboClient.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-01-29 2150400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Mˇça\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\mr.scf\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Hry\\CS\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22735:TCP"= 22735:TCP:BitComet 22735 TCP
"22735:UDP"= 22735:UDP:BitComet 22735 UDP

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-04-17 39424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-18 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;c:\windows\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
S3 MA8630C;MA8630C;c:\windows\system32\DRIVERS\MA8630C.sys [2004-09-14 23248]
S3 MA8630M;MA8630M;c:\windows\system32\DRIVERS\MA8630M.sys [2005-01-25 25428]
S3 MA8630U;MA8630U;c:\windows\system32\DRIVERS\MA8630U.sys [2007-10-31 53586]
S3 MaRdPnp;MaRdPnp;c:\windows\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:43:55
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\lsass.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\explorer.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCES: c:\windows\system32\csrss.exe
-> c:\program files\iolo\common\lib\ioloHL.dll
.
Celkový čas: 2008-11-10 19:46:06
ComboFix-quarantined-files.txt 2008-11-10 18:45:59
ComboFix2.txt 2008-11-10 18:09:03
ComboFix3.txt 2008-11-10 12:58:39

Před spuštěním: Volných bajtů: 12,698,734,592
Po spuštění: Volných bajtů: 12,689,698,816

207

[jaro3]

Tak zase nic..
Stahni jsi Avanger
do něj podle navodu:
http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\Process.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\Process.exe
c:\windows\system32\spkpsys.ini
c:\windows\system32\o8U3aatg.exe


[scof]

tady log z avangeru:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:windows\system32\tmp.reg"
Deletion of file "c:windows\system32\tmp.reg" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "c:\windows\system32\VCCLSID.exe" deleted successfully.
File "c:\windows\system32\SrchSTS.exe" deleted successfully.
File "c:\windows\system32\dumphive.exe" deleted successfully.
File "c:\windows\system32\WS2Fix.exe" deleted successfully.
File "c:\windows\system32\Process.exe" deleted successfully.
File "c:\windows\system32\VACFix.exe" deleted successfully.
File "c:\windows\system32\o4Patch.exe" deleted successfully.
File "c:\windows\system32\IEDFix.exe" deleted successfully.
File "c:\windows\system32\IEDFix.C.exe" deleted successfully.
File "c:\windows\system32\404Fix.exe" deleted successfully.

Error: file "c:\windows\system32\dumphive.exe" not found!
Deletion of file "c:\windows\system32\dumphive.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\WS2Fix.exe" not found!
Deletion of file "c:\windows\system32\WS2Fix.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\Process.exe" not found!
Deletion of file "c:\windows\system32\Process.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\spkpsys.ini" deleted successfully.
File "c:\windows\system32\o8U3aatg.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.