PC-HELP.CZ

prosím o radu naskakuje mi okno fijifj.exe jak již bylo řešeno na ostatních diskuzích. pořad si s tim nevím rady. Předem děkuji

zde přikládam co mi vyjelo z comofix

ComboFix 08-04-01.2 - Štěpán 2008-04-01 21:13:25.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1092 [GMT 2:00]
Running from: C:\Documents and Settings\Štěpán\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-04-01 21:05 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 21:05 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-01 21:03 . 2008-04-01 21:15 1,635 --a------ C:\fijifj.exe
2008-04-01 19:55 . 2008-04-01 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2008-04-01 19:41 . 2008-04-01 19:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-31 10:00 . 2008-03-31 10:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 02:43 . 2008-03-31 02:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 02:43 . 2008-03-31 02:43 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-31 02:14 . 2008-04-01 12:37 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-31 02:12 . 2008-04-01 12:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 <DIR> d-------- C:\Program Files\Crawler
2008-03-31 02:12 . 2008-03-31 23:45 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-04-01 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Foxit Software
2008-03-30 21:20 . 2008-04-01 20:37 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-03-30 21:20 . 2008-04-01 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-03-30 21:20 . 2008-03-29 23:36 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
dk21:20 . 2008-04-01 19:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-03-30 21:19 . 2008-04-01 19:54 491 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-30 19:28 . 2008-03-30 19:29 <DIR> d-------- C:\tiskárna
2008-03-30 14:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 12:01 . 2004-03-22 16:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 12:01 . 2008-03-30 12:01 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 11:57 . 2008-03-30 11:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 11:57 . 2008-03-30 11:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 11:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 11:29 . 2008-03-30 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-30 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-30 10:47 . 2008-03-30 10:47 <DIR> d-------- C:\Program Files\Webcam 1200
2008-03-30 10:47 . 2007-06-29 16:32 611,584 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-03-30 10:47 . 2007-05-17 15:50 129,024 --a------ C:\WINDOWS\system32\SP207.AX
2008-03-30 10:47 . 2006-11-20 09:04 6,656 --a------ C:\WINDOWS\system32\CoInst_070629.dll
2008-03-30 10:47 . 2007-06-29 11:07 566 --a------ C:\WINDOWS\system32\SP207.INI
2008-03-30 10:13 . 2008-04-01 10:12 53,166 --a------ C:\WINDOWS\FontData.fdb
2008-03-30 10:11 . 2008-03-30 10:11 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 10:11 . 2008-03-30 10:11 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 10:10 . 2008-03-30 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Corel
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-30 09:59 . 2008-03-30 10:03 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-03-30 09:59 . 2008-03-30 09:59 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 09:58 . 2008-03-30 11:08 <DIR> d-------- C:\Program Files\Autodesk
2008-03-30 02:20 . 2008-03-30 02:20 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-30 02:10 . 2008-03-30 02:25 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-30 01:10 . 2008-03-30 01:10 <DIR> d-------- C:\Program Files\VDS
2008-03-30 01:10 . 1997-07-19 19:01 192,784 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-03-30 01:10 . 1997-07-19 19:00 155,920 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-03-30 01:10 . 1997-04-18 15:13 35,328 --a------ C:\WINDOWS\system32\INETWH32.DLL
2008-03-30 01:10 . 1997-04-18 15:10 22,528 --a------ C:\WINDOWS\system32\rhmmplay.dll
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 1997-12-17 19:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 19:05 3,932,160 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-01 19:05 3,932,160 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-03-31 22:17 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Skype
2008-03-31 21:45 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 17:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\skypePM
2008-03-30 15:58 --------- d-s---w C:\Documents and Settings\Štěpán\Data aplikací\Microsoft
2008-03-30 12:43 --------- d-----w C:\Program Files\ICQToolbar
2008-03-30 09:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-30 08:53 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Adobe
2008-03-30 08:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 08:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 08:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-30 07:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 00:29 --------- d-----w C:\Program Files\KNDC++
2008-03-30 00:20 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-29 22:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-29 22:50 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Ahead
2008-03-29 22:48 --------- d-----w C:\Program Files\Nero
2008-03-29 22:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2008-03-29 22:37 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-29 22:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-29 22:34 --------- d-----w C:\Program Files\Skype
2008-03-29 22:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-29 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 22:23 --------- d-----w C:\Program Files\AAC Solutions
2008-03-29 22:22 --------- d-----w C:\Program Files\Autodesk Revit Building 8
2008-03-29 22:19 --------- d-----w C:\Program Files\IObit
2008-03-29 22:19 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ Toolbar
2008-03-29 22:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 22:16 --------- d-----w C:\Program Files\ICQ6
2008-03-29 22:15 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ
2008-03-29 22:13 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Macromedia
2008-03-29 22:12 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Mozilla
2008-03-29 22:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\InstallShield
2008-03-29 22:10 --------- d-----w C:\Program Files\Opera
2008-03-29 22:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Opera
2008-03-29 22:05 --------- d-----w C:\Program Files\Alwil Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-29 22:00 --------- d-----w C:\Program Files\Synaptics
2008-03-29 21:59 --------- d-----w C:\Program Files\Broadcom
2008-03-29 21:56 --------- d-----w C:\Program Files\Analog Devices
2008-03-29 21:47 --------- d-----w C:\Program Files\Intel
2008-03-29 21:44 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Identities
2008-03-29 21:40 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_20.38.31.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-04-01 19:06:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 11:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 11:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 11:10 118784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 17:01 761946]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-31 02:12 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\KNDC++\\StrongDC.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 14:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 14:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-31 02:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 PAC207;Webcam 1200;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9703d05-fddc-11dc-94fb-001a4b5b0b4c}]
\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWSP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 21:17:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 21:19:04
ComboFix-quarantined-files.txt 2008-04-01 19:18:58
ComboFix2.txt 2008-04-01 18:48:32
Adresářů: 8, Volných bajtů: 45,880,864,768
Adresářů: 11, Volných bajtů: 45,871,546,368

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+log z hijackthis+info

bohužel mi to nic neudělalo když sem soubor combofix natah na ComboFix.exe otevřel se ja to potvrdil ap k to nasalo něco v tom smyslu že je neplat cesta a začalo to skenovat a vyplivlo to

ComboFix 08-04-01.2 - Štěpán 2008-04-01 22:16:28.8 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1065 [GMT 2:00]
Running from: C:\Documents and Settings\Štěpán\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ćtŘp n\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-04-01 21:05 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 21:05 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-01 21:03 . 2008-04-01 22:19 1,635 --a------ C:\fijifj.exe
2008-04-01 19:55 . 2008-04-01 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2008-04-01 19:41 . 2008-04-01 19:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-31 10:00 . 2008-03-31 10:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 02:43 . 2008-03-31 02:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 02:43 . 2008-03-31 02:43 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-31 02:14 . 2008-04-01 12:37 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-31 02:12 . 2008-04-01 12:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 <DIR> d-------- C:\Program Files\Crawler
2008-03-31 02:12 . 2008-03-31 23:45 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-04-01 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Foxit Software
2008-03-30 21:20 . 2008-04-01 20:37 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-03-30 21:20 . 2008-04-01 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-03-30 21:20 . 2008-03-29 23:36 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-03-30 21:20 . 2008-04-01 19:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-03-30 21:19 . 2008-04-01 19:54 491 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-30 19:28 . 2008-03-30 19:29 <DIR> d-------- C:\tiskárna
2008-03-30 14:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 12:01 . 2004-03-22 16:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 12:01 . 2008-03-30 12:01 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 11:57 . 2008-03-30 11:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 11:57 . 2008-03-30 11:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 11:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 11:29 . 2008-03-30 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-30 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-30 10:47 . 2008-03-30 10:47 <DIR> d-------- C:\Program Files\Webcam 1200
2008-03-30 10:47 . 2007-06-29 16:32 611,584 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-03-30 10:47 . 2007-05-17 15:50 129,024 --a------ C:\WINDOWS\system32\SP207.AX
2008-03-30 10:47 . 2006-11-20 09:04 6,656 --a------ C:\WINDOWS\system32\CoInst_070629.dll
2008-03-30 10:47 . 2007-06-29 11:07 566 --a------ C:\WINDOWS\system32\SP207.INI
2008-03-30 10:13 . 2008-04-01 10:12 53,166 --a------ C:\WINDOWS\FontData.fdb
2008-03-30 10:11 . 2008-03-30 10:11 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 10:11 . 2008-03-30 10:11 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 10:10 . 2008-03-30 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Corel
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-30 09:59 . 2008-03-30 10:03 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-03-30 09:59 . 2008-03-30 09:59 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 09:58 . 2008-03-30 11:08 <DIR> d-------- C:\Program Files\Autodesk
2008-03-30 02:20 . 2008-03-30 02:20 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-30 02:10 . 2008-03-30 02:25 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-30 01:10 . 2008-03-30 01:10 <DIR> d-------- C:\Program Files\VDS
2008-03-30 01:10 . 1997-07-19 19:01 192,784 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-03-30 01:10 . 1997-07-19 19:00 155,920 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-03-30 01:10 . 1997-04-18 15:13 35,328 --a------ C:\WINDOWS\system32\INETWH32.DLL
2008-03-30 01:10 . 1997-04-18 15:10 22,528 --a------ C:\WINDOWS\system32\rhmmplay.dll
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 1997-12-17 19:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 19:05 3,932,160 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-01 19:05 3,932,160 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-03-31 22:17 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Skype
2008-03-31 21:45 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 17:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\skypePM
2008-03-30 15:58 --------- d-s---w C:\Documents and Settings\Štěpán\Data aplikací\Microsoft
2008-03-30 12:43 --------- d-----w C:\Program Files\ICQToolbar
2008-03-30 09:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-30 08:53 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Adobe
2008-03-30 08:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 08:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 08:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-30 07:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 00:29 --------- d-----w C:\Program Files\KNDC++
2008-03-30 00:20 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-29 22:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-29 22:50 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Ahead
2008-03-29 22:48 --------- d-----w C:\Program Files\Nero
2008-03-29 22:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2008-03-29 22:37 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-29 22:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-29 22:34 --------- d-----w C:\Program Files\Skype
2008-03-29 22:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-29 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 22:23 --------- d-----w C:\Program Files\AAC Solutions
2008-03-29 22:22 --------- d-----w C:\Program Files\Autodesk Revit Building 8
2008-03-29 22:19 --------- d-----w C:\Program Files\IObit
2008-03-29 22:19 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ Toolbar
2008-03-29 22:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 22:16 --------- d-----w C:\Program Files\ICQ6
2008-03-29 22:15 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ
2008-03-29 22:13 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Macromedia
2008-03-29 22:12 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Mozilla
2008-03-29 22:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\InstallShield
2008-03-29 22:10 --------- d-----w C:\Program Files\Opera
2008-03-29 22:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Opera
2008-03-29 22:05 --------- d-----w C:\Program Files\Alwil Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-29 22:00 --------- d-----w C:\Program Files\Synaptics
2008-03-29 21:59 --------- d-----w C:\Program Files\Broadcom
2008-03-29 21:56 --------- d-----w C:\Program Files\Analog Devices
2008-03-29 21:47 --------- d-----w C:\Program Files\Intel
2008-03-29 21:44 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Identities
2008-03-29 21:40 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_20.38.31.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-04-01 19:06:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 11:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 11:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 11:10 118784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 17:01 761946]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-31 02:12 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\KNDC++\\StrongDC.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 14:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 14:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-31 02:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 PAC207;Webcam 1200;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9703d05-fddc-11dc-94fb-001a4b5b0b4c}]
\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWSP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:20:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 22:21:45
ComboFix-quarantined-files.txt 2008-04-01 20:21:40
ComboFix2.txt 2008-04-01 20:10:15
ComboFix3.txt 2008-04-01 19:19:06
ComboFix4.txt 2008-04-01 18:48:32
Adresářů: 8, Volných bajtů: 45,803,438,080
Adresářů: 11, Volných bajtů: 45,795,360,768

pokud jsi si jist,že jsi postupoval podle pokynů,tak to teď zkus v nouzovým režimu.
bez práce v síti,samozřejmě
stejnej skript

omlouvam se že píši až ted, ale dřív sem bohužle neměl čas. problem fijifj se se asi vyřešli ale ješte jednou prosím o zkontrolování log .předem děkuji

ComboFix 08-04-01.2 - Štěpán 2008-04-04 10:36:37.16 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1075 [GMT 2:00]
Running from: C:\Documents and Settings\Štěpán\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-02 14:53 . 1997-07-19 18:01 192,784 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-04-02 14:53 . 1997-07-19 18:00 155,920 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-02 14:53 . 1997-04-18 14:13 35,328 --a------ C:\WINDOWS\system32\INETWH32.DLL
2008-04-02 14:53 . 1997-04-18 14:10 22,528 --a------ C:\WINDOWS\system32\rhmmplay.dll
2008-04-02 14:52 . 2008-04-02 14:52 <DIR> d-------- C:\Program Files\VDS
2008-04-02 09:44 . 2008-04-02 09:44 <DIR> d-------- C:\Program Files\ESET
2008-04-02 09:44 . 2008-04-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-04-01 19:55 . 2008-04-01 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2008-04-01 19:41 . 2008-04-01 19:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-31 10:00 . 2008-03-31 10:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 02:43 . 2008-03-31 02:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 02:43 . 2008-03-31 02:43 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-31 02:14 . 2008-04-04 07:34 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-31 02:12 . 2008-04-02 23:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 <DIR> d-------- C:\Program Files\Crawler
2008-03-31 02:12 . 2008-04-02 23:10 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-04-01 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Foxit Software
2008-03-30 21:20 . 2008-04-01 20:37 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-03-30 21:20 . 2008-04-01 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-03-30 21:20 . 2008-03-29 23:36 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-03-30 21:20 . 2008-04-01 19:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-03-30 21:19 . 2008-04-02 01:24 654 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-30 19:28 . 2008-03-30 19:29 <DIR> d-------- C:\tiskárna
2008-03-30 14:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 12:01 . 2004-03-22 16:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 12:01 . 2008-03-30 12:01 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 11:57 . 2008-03-30 11:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 11:57 . 2008-03-30 11:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 11:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 11:29 . 2008-03-30 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-30 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-30 10:47 . 2008-03-30 10:47 <DIR> d-------- C:\Program Files\Webcam 1200
2008-03-30 10:47 . 2007-06-29 16:32 611,584 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-03-30 10:47 . 2007-05-17 15:50 129,024 --a------ C:\WINDOWS\system32\SP207.AX
2008-03-30 10:47 . 2006-11-20 09:04 6,656 --a------ C:\WINDOWS\system32\CoInst_070629.dll
2008-03-30 10:47 . 2007-06-29 11:07 566 --a------ C:\WINDOWS\system32\SP207.INI
2008-03-30 10:13 . 2008-04-01 10:12 53,166 --a------ C:\WINDOWS\FontData.fdb
2008-03-30 10:11 . 2008-03-30 10:11 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 10:11 . 2008-03-30 10:11 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 10:10 . 2008-03-30 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Corel
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-30 09:59 . 2008-03-30 10:03 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-03-30 09:59 . 2008-03-30 09:59 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 09:58 . 2008-03-30 11:08 <DIR> d-------- C:\Program Files\Autodesk
2008-03-30 02:20 . 2008-03-30 02:20 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-30 02:10 . 2008-04-03 18:09 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:41 4,194,304 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-03 21:41 4,194,304 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-02 21:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-04-02 19:53 --------- d-----w C:\Program Files\ICQToolbar
2008-03-31 22:17 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Skype
2008-03-31 17:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\skypePM
2008-03-30 15:58 --------- d-s---w C:\Documents and Settings\Štěpán\Data aplikací\Microsoft
2008-03-30 09:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-30 08:53 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Adobe
2008-03-30 08:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 08:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 08:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-30 07:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 00:29 --------- d-----w C:\Program Files\KNDC++
2008-03-30 00:20 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-29 22:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-29 22:50 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Ahead
2008-03-29 22:48 --------- d-----w C:\Program Files\Nero
2008-03-29 22:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2008-03-29 22:37 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-29 22:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-29 22:34 --------- d-----w C:\Program Files\Skype
2008-03-29 22:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-29 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 22:23 --------- d-----w C:\Program Files\AAC Solutions
2008-03-29 22:22 --------- d-----w C:\Program Files\Autodesk Revit Building 8
2008-03-29 22:19 --------- d-----w C:\Program Files\IObit
2008-03-29 22:19 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ Toolbar
2008-03-29 22:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 22:16 --------- d-----w C:\Program Files\ICQ6
2008-03-29 22:15 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ
2008-03-29 22:13 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Macromedia
2008-03-29 22:12 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Mozilla
2008-03-29 22:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\InstallShield
2008-03-29 22:10 --------- d-----w C:\Program Files\Opera
2008-03-29 22:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Opera
2008-03-29 22:05 --------- d-----w C:\Program Files\Alwil Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-29 22:00 --------- d-----w C:\Program Files\Synaptics
2008-03-29 21:59 --------- d-----w C:\Program Files\Broadcom
2008-03-29 21:56 --------- d-----w C:\Program Files\Analog Devices
2008-03-29 21:47 --------- d-----w C:\Program Files\Intel
2008-03-29 21:44 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Identities
2008-03-29 21:40 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 09:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_20.38.31.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-02 07:45:03 10,134 ----a-r C:\WINDOWS\Installer\{A5F24C00-AE47-49A2-AE6D-CA709BBED576}\callmsi.exe
+ 2008-04-02 07:45:03 136,448 ----a-r C:\WINDOWS\Installer\{A5F24C00-AE47-49A2-AE6D-CA709BBED576}\egui.exe
+ 2008-04-02 07:43:42 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2008-03-30 13:53:34 350,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-02 15:22:14 350,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-30 09:28:08 69,114 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-04-03 18:11:41 69,114 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-03-30 09:28:08 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-03 18:11:41 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 09:28:08 390,176 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-04-03 18:11:41 390,176 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-03-30 09:28:08 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-03 18:11:41 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 11:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 11:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 11:10 118784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 17:01 761946]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-31 02:12 2957824]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\KNDC++\\StrongDC.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 14:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 14:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-31 02:12]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 PAC207;Webcam 1200;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9703d05-fddc-11dc-94fb-001a4b5b0b4c}]
\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-81C01C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 10:40:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 10:41:50
ComboFix-quarantined-files.txt 2008-04-04 08:41:45
ComboFix2.txt 2008-04-04 08:26:23
ComboFix3.txt 2008-04-03 23:43:10
ComboFix4.txt 2008-04-03 15:51:39
ComboFix5.txt 2008-04-02 07:32:22
Adresářů: 8, Volných bajtů: 45,070,430,208
Adresářů: 10, Volných bajtů: 45,062,410,240

hm. mě se to nelíbí.
použijT-Cleaner smaže vše po Combu

Stáhni si a ulož na disk tento program: Flash Disinfector (by sUBs)

připoj flešku do E:

stáhni znovu combofix na plochu a použij s tímto skriptem


- potom spusť Flash Disinfector
- Počkej až program proběhne

potom pošli log z combofixu a konečně bych se rád také dočkal logu z Hijackthis

ješte dotaz co mam dělat s tou flashkou na kterej mam tedka nahranej soubor autorun.inf
zde posílam logi comba a z hijack this. a ješte jednou děkuji, že pomahate mi.
a ješte při když přetahnu txt do combofixu tak mi to napíše nemuhu najít uvedenou cestu a pak to začne skenovat.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:03, on 4.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/AdvancedWindowsCar ... wnload.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7507 bytes





ComboFix 08-04-03.5 - Štěpán 2008-04-04 14:55:52.17 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1055 [GMT 2:00]
Running from: C:\Documents and Settings\Štěpán\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ćtŘp n\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 14:38 . 2008-04-04 14:38 241 --a------ C:\Documents and Settings\Štěpán\SR.vbs
2008-04-04 14:38 . 2008-04-04 14:38 241 --a------ C:\Documents and Settings\Štěpán\SR.vbs
2008-04-02 14:53 . 1997-07-19 18:01 192,784 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-04-02 14:53 . 1997-07-19 18:00 155,920 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-02 14:53 . 1997-04-18 14:13 35,328 --a------ C:\WINDOWS\system32\INETWH32.DLL
2008-04-02 14:53 . 1997-04-18 14:10 22,528 --a------ C:\WINDOWS\system32\rhmmplay.dll
2008-04-02 14:52 . 2008-04-02 14:52 <DIR> d-------- C:\Program Files\VDS
2008-04-02 09:44 . 2008-04-02 09:44 <DIR> d-------- C:\Program Files\ESET
2008-04-02 09:44 . 2008-04-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-04-01 19:55 . 2008-04-01 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2008-04-01 19:41 . 2008-04-01 19:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-31 10:00 . 2008-03-31 10:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 02:43 . 2008-03-31 02:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 02:43 . 2008-03-31 02:43 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 02:38 . 2008-03-31 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-31 02:14 . 2008-04-04 07:34 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-31 02:12 . 2008-04-02 23:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 <DIR> d-------- C:\Program Files\Crawler
2008-03-31 02:12 . 2008-04-02 23:10 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-04-01 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-31 02:12 . 2008-03-31 02:12 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Foxit Software
2008-03-30 21:20 . 2008-04-01 20:37 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-03-30 21:20 . 2008-04-01 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-03-30 21:20 . 2008-03-29 23:36 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-03-30 21:20 . 2008-03-30 00:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-03-30 21:20 . 2008-04-01 19:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-03-30 21:19 . 2008-04-02 01:24 654 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-30 19:28 . 2008-03-30 19:29 <DIR> d-------- C:\tiskárna
2008-03-30 14:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 12:01 . 2004-03-22 16:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 12:01 . 2008-03-30 12:01 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 11:57 . 2008-03-30 11:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 11:57 . 2008-03-30 11:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 11:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 11:29 . 2008-03-30 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-30 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-30 10:53 . 2008-03-30 10:53 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Adobe
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-30 10:50 . 2004-08-17 15:49 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-30 10:47 . 2008-03-30 10:47 <DIR> d-------- C:\Program Files\Webcam 1200
2008-03-30 10:47 . 2007-06-29 16:32 611,584 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-03-30 10:47 . 2007-05-17 15:50 129,024 --a------ C:\WINDOWS\system32\SP207.AX
2008-03-30 10:47 . 2006-11-20 09:04 6,656 --a------ C:\WINDOWS\system32\CoInst_070629.dll
2008-03-30 10:47 . 2007-06-29 11:07 566 --a------ C:\WINDOWS\system32\SP207.INI
2008-03-30 10:13 . 2008-04-01 10:12 53,166 --a------ C:\WINDOWS\FontData.fdb
2008-03-30 10:11 . 2008-03-30 10:11 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 10:11 . 2008-03-30 10:11 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 10:10 . 2008-03-30 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Corel
2008-03-30 10:08 . 2008-03-30 10:08 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-30 09:59 . 2008-03-30 10:03 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-03-30 09:59 . 2008-03-30 09:59 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 09:58 . 2008-03-30 11:08 <DIR> d-------- C:\Program Files\Autodesk
2008-03-30 02:20 . 2008-03-30 02:20 <DIR> d-------- C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-30 02:10 . 2008-04-03 18:09 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 2008-03-30 01:09 <DIR> d-------- C:\Documents and Settings\Štěpán\WINDOWS
2008-03-30 01:09 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 12:38 241 ----a-w C:\Documents and Settings\Štěpán\SR.vbs
2008-04-04 12:38 241 ----a-w C:\Documents and Settings\Štěpán\SR.vbs
2008-04-04 08:51 4,194,304 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-04 08:51 4,194,304 ---ha-w C:\Documents and Settings\Štěpán\NTUSER.DAT
2008-04-02 21:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Spyware Terminator
2008-04-02 19:53 --------- d-----w C:\Program Files\ICQToolbar
2008-03-31 22:17 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Skype
2008-03-31 17:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\skypePM
2008-03-30 15:58 --------- d-s---w C:\Documents and Settings\Štěpán\Data aplikací\Microsoft
2008-03-30 09:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-30 08:53 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Adobe
2008-03-30 08:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 08:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Corel
2008-03-30 08:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-30 07:59 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Autodesk
2008-03-30 00:29 --------- d-----w C:\Program Files\KNDC++
2008-03-30 00:20 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\vlc
2008-03-29 22:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-29 22:50 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Ahead
2008-03-29 22:48 --------- d-----w C:\Program Files\Nero
2008-03-29 22:48 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2008-03-29 22:37 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-29 22:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-29 22:34 --------- d-----w C:\Program Files\Skype
2008-03-29 22:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-29 22:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-29 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 22:23 --------- d-----w C:\Program Files\AAC Solutions
2008-03-29 22:22 --------- d-----w C:\Program Files\Autodesk Revit Building 8
2008-03-29 22:19 --------- d-----w C:\Program Files\IObit
2008-03-29 22:19 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ Toolbar
2008-03-29 22:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 22:16 --------- d-----w C:\Program Files\ICQ6
2008-03-29 22:15 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\ICQ
2008-03-29 22:13 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Macromedia
2008-03-29 22:12 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Mozilla
2008-03-29 22:11 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\InstallShield
2008-03-29 22:10 --------- d-----w C:\Program Files\Opera
2008-03-29 22:10 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Opera
2008-03-29 22:05 --------- d-----w C:\Program Files\Alwil Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-29 22:04 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-29 22:00 --------- d-----w C:\Program Files\Synaptics
2008-03-29 21:59 --------- d-----w C:\Program Files\Broadcom
2008-03-29 21:56 --------- d-----w C:\Program Files\Analog Devices
2008-03-29 21:47 --------- d-----w C:\Program Files\Intel
2008-03-29 21:44 --------- d-----w C:\Documents and Settings\Štěpán\Data aplikací\Identities
2008-03-29 21:40 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 09:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 11:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 11:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 11:10 118784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 17:01 761946]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-31 02:12 2957824]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\KNDC++\\StrongDC.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 14:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 14:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-31 02:12]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 PAC207;Webcam 1200;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9703d05-fddc-11dc-94fb-001a4b5b0b4c}]
\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-81C01C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 14:59:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 15:01:24
ComboFix-quarantined-files.txt 2008-04-04 13:01:17
Adresářů: 8, Volných bajtů: 46,547,304,448
Adresářů: 11, Volných bajtů: 46,539,018,240

nemůže běžet Spyware Terminator a Spybot najednou. takže po akci si jeden vyber a u druhýho vypni štít.

takže akce. v nouzovém režimu bez práce v síti. vypni všechny štíty ! antivir i antispyware.(Eset,Spy Term,Spybot)
potom udělej to samé co předtím- combofix - flash disinfector. a pošli logy (combo a hijackthis)