PC-HELP.CZ

Prosím o kontrolu logu:

Logfile of HijackThis v1.99.1
Scan saved at 17:24: VIRUS ALERT!, on 9.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\day-walker\Plocha\Nová složka\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: elchron.cz Toolbar - {93af096e-d556-40db-842c-d2f11cf5aed5} - C:\Program Files\elchron.cz\tbelch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QXK Olive - {AA890517-C937-403F-800F-C319A8406565} - C:\WINDOWS\wnlmdakqkpm.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: elchron.cz Toolbar - {93af096e-d556-40db-842c-d2f11cf5aed5} - C:\Program Files\elchron.cz\tbelch.dll
O3 - Toolbar: bgrqfetx - {72B68A1C-58DD-41B5-B619-D78A182A77D9} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213615B0-E4B8-41AB-88A7-4F52355E9AB0}: NameServer = 10.128.118.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{213615B0-E4B8-41AB-88A7-4F52355E9AB0}: NameServer = 10.128.118.49
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)
O21 - SSODL: xokvrpwg - {72299DDE-1EC1-4523-BA63-424CC17C0B20} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {20EFC4C0-462F-4917-A3A4-705DD3ED491C} - C:\WINDOWS\tfnslopk.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

moc díky

Vítej na fóru

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknotí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah

Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a dej sem pak nový log z HJT.

Díky tady je log z SDFixu:

b]SDFix: Version 1.214 [/b]
Run by Administrator on so 09.08.2008 at 19:13

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\EEKF.EXE - Deleted
C:\Documents and Settings\aneta\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\aneta\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\day-walker\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\day-walker\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\aneta\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\aneta\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\day-walker\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\day-walker\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\aneta\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\aneta\Plocha\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\day-walker\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\day-walker\Plocha\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\system32\~.exe - Deleted
C:\WINDOWS\wnlmdakqkpm.dll - Deleted
C:\WINDOWS\bgrqfetx.dll - Deleted
C:\WINDOWS\lnvegaow.exe - Deleted
C:\WINDOWS\Temp\ed47fa.$ - Deleted
C:\WINDOWS\tfnslopk.dll - Deleted
C:\WINDOWS\xokvrpwg.dll - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer or CureIt by Dr.Web

Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$

Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 19:22:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ed,56,b2,6b,86,5b,cb,2f,af,8a,8e,12,d2,8e,ee,48,8f,bd,05,ca,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:d8,05,2c,8e,8c,f0,f3,4c,b7,6e,ae,26,38,00,1e,48,5a,17,30,02,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,37,cf,d9,17,c2,c1,3b,d1,75,61,c8,07,e0,5c,45,4f,..
"khjeh"=hex:f7,02,f1,66,88,64,6c,1f,94,fb,08,de,4a,32,e8,18,3a,b9,63,cb,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e6,88,44,49,c1,6a,20,d2,c6,f2,6c,c4,63,45,1d,a2,0c,34,d8,7e,60,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ed,56,b2,6b,86,5b,cb,2f,af,8a,8e,12,d2,8e,ee,48,8f,bd,05,ca,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:d8,05,2c,8e,8c,f0,f3,4c,b7,6e,ae,26,38,00,1e,48,5a,17,30,02,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,37,cf,d9,17,c2,c1,3b,d1,75,61,c8,07,e0,5c,45,4f,..
"khjeh"=hex:f7,02,f1,66,88,64,6c,1f,94,fb,08,de,4a,32,e8,18,3a,b9,63,cb,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e6,88,44,49,c1,6a,20,d2,c6,f2,6c,c4,63,45,1d,a2,0c,34,d8,7e,60,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\\Skype\\Phone\\Skype.exe"="D:\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

a ještě log z nové verze Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33: VIRUS ALERT!, on 9.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: elchron.cz Toolbar - {93af096e-d556-40db-842c-d2f11cf5aed5} - C:\Program Files\elchron.cz\tbelch.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: elchron.cz Toolbar - {93af096e-d556-40db-842c-d2f11cf5aed5} - C:\Program Files\elchron.cz\tbelch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: elchron.cz Toolbar - {93af096e-d556-40db-842c-d2f11cf5aed5} - C:\Program Files\elchron.cz\tbelch.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{213615B0-E4B8-41AB-88A7-4F52355E9AB0}: NameServer = 10.128.118.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{213615B0-E4B8-41AB-88A7-4F52355E9AB0}: NameServer = 10.128.118.49
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9590 bytes

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Stáhni si MBR Rootkit Detector
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

Dnes už tady nebudu, takže budeme pak pokračovat zítra.

Log z Combo Fix:

ComboFix 08-08-08.08 - aneta 2008-08-09 21:09:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.161 [GMT 2:00]
Running from: C:\Documents and Settings\aneta\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\aneta\~tmp1174.exe
C:\Documents and Settings\day-walker\Data aplikací\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 19:33 . 2008-08-09 19:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 19:12 . 2008-08-09 19:12 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-09 19:11 . 2008-08-09 19:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-09 19:00 . 2008-08-09 19:27 <DIR> d-------- C:\SDFix
2008-08-09 15:59 . 2008-08-09 15:59 <DIR> d-------- C:\Program Files\PGEDemo
2008-08-09 15:10 . 2008-08-09 15:10 <DIR> dr-hs---- C:\sys
2008-08-09 15:09 . 2008-08-09 15:09 <DIR> d-------- C:\Program Files\Magic Photo Editor
2008-08-09 14:28 . 2008-08-09 14:28 <DIR> d-------- C:\Program Files\Wondershare
2008-08-09 14:28 . 2005-07-08 11:05 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2008-08-09 14:28 . 2005-07-08 11:05 409,600 --a------ C:\WINDOWS\system32\3ivxDSAudioDecoder.ax
2008-08-09 14:28 . 2005-07-08 11:05 290,816 --a------ C:\WINDOWS\system32\3ivxDSMediaSplitter.ax
2008-08-09 14:28 . 2005-07-08 11:05 290,816 --a------ C:\WINDOWS\system32\3ivxDSDecoder.ax
2008-08-09 14:28 . 2002-06-17 15:06 225,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-08-09 14:28 . 2005-07-08 11:06 96,768 --a------ C:\WINDOWS\system32\libsndfile.dll
2008-08-09 14:28 . 2005-07-08 11:05 77,824 --a------ C:\WINDOWS\system32\wavdest.ax
2008-07-31 13:17 . 2008-07-31 13:17 <DIR> d-------- C:\Program Files\elchron.cz
2008-07-31 09:52 . 2008-07-31 09:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-29 10:53 . 2008-07-29 10:53 <DIR> d-------- C:\Program Files\Zaparit
2008-07-26 16:44 . 2008-07-26 16:47 <DIR> d-------- C:\Program Files\Counter-Strike
2008-07-24 11:18 . 2008-07-24 11:19 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2008-07-22 20:34 . 2008-07-22 20:34 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2008-07-22 20:21 . 2008-07-22 20:37 <DIR> d-------- C:\Program Files\IVCsoft
2008-07-22 20:13 . 2008-07-22 20:13 <DIR> d-------- C:\Program Files\SourceTec
2008-07-22 20:07 . 2008-07-22 20:20 <DIR> d-------- C:\Program Files\WM Converter
2008-07-21 09:59 . 2008-07-21 09:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-15 14:31 . 2008-07-15 14:31 <DIR> d-------- C:\Program Files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 10:19 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-07-31 08:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-25 12:50 --------- d-----w C:\Program Files\valve
2008-07-25 12:46 --------- d-----w C:\Program Files\Cheating-Death
2008-07-24 09:19 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-24 09:05 --------- d-----w C:\Program Files\DVDFab Gold 4
2008-06-24 10:57 --------- d-----w C:\Program Files\ICQ6
2008-06-24 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 10:56 --------- d-----w C:\Program Files\ICQ6Toolbar
2008-06-17 12:10 --------- d-----w C:\Program Files\ICQToolbar
2008-06-17 10:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-17 10:43 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-17 10:42 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-10 13:31 --------- d-----w C:\Program Files\Business English
2003-09-09 06:52 1,423,360 ----a-w C:\Program Files\PGE_Demo_PlugIn.8bf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{93af096e-d556-40db-842c-d2f11cf5aed5}"= "C:\Program Files\elchron.cz\tbelch.dll" [2008-01-24 16:56 1555480]

[HKEY_CLASSES_ROOT\clsid\{93af096e-d556-40db-842c-d2f11cf5aed5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93af096e-d556-40db-842c-d2f11cf5aed5}]
2008-01-24 16:56 1555480 --a------ C:\Program Files\elchron.cz\tbelch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-04-28 09:22 1470488 --a------ C:\Program Files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfre1.dll" [2008-04-28 09:22 1470488]
"{93af096e-d556-40db-842c-d2f11cf5aed5}"= "C:\Program Files\elchron.cz\tbelch.dll" [2008-01-24 16:56 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{93af096e-d556-40db-842c-d2f11cf5aed5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfre1.dll" [2008-04-28 09:22 1470488]
"{93AF096E-D556-40DB-842C-D2F11CF5AED5}"= "C:\Program Files\elchron.cz\tbelch.dll" [2008-01-24 16:56 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{93af096e-d556-40db-842c-d2f11cf5aed5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 14:31 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 19:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 08:44 7957504]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 07:26 7700480]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 07:26 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-31 07:26 413696]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"nwiz"="nwiz.exe" [2007-04-19 07:26 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgk37.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 19:26]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S0 Cgk37;Cgk37;C:\WINDOWS\system32\Drivers\Cgk37.sys []
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 09:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 09:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 09:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 09:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 09:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 09:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 09:46]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\aneta\Data aplikací\Mozilla\Firefox\Profiles\6nkjnkcm.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 21:18:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-08-09 21:21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 19:21:37

Pre-Run: Volných bajtů: 134,844,252,160
Post-Run: Volněch bajt…: 139,127,689,216

161

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x12a14c00 size 0x1a8 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Stáhni si zde na konci stránky instalátor Recovery Console pro tvůj operační systém a ulož si instalátor na plochu.

Uchop myší soubor instalátoru a přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, soubor upusť

- Automaticky se spustí ComboFix a za chvíli se ti objeví hláška Installing the Recovery Console klikni na OK
- pak se objeví licenční podmínky které potvrď přes ANO
- pak se ti objeví hláška What's next ? Tak zvol NE. Po té se ti objeví hláška Finish tak dej Ok a objeví se ti log tak ho sem zkopíruj jinak ho najdeš na disku C v souboru CF-RC.txt

Před následující opravou MBR bych ti doporučil si zazálohovat data co máš na disku.

Díky ale jsem střevo udělala jsem to podle pokynů ale místo ne (what next) jsem dala ano, pak mi vyskočil log který v pc nemůžu najít....a když jsem to chtěla zkusit ještě jednou už mi to nenaběhlo (modrá tabulka atd.) nevím co dál

našla jsem aspoň ten log:

29 21:36:15.203 setup is initializing ..
29 21:36:23.046 performing update from 1.0.2.5 to 1.0.0.51 ..
29 21:36:23.546 Running as service: no
29 21:36:23.546 Stopping Hamachi ..
29 21:36:23.546 StopHamachi, CreateMutex() 000000cc 183
29 21:36:23.546 StopHamachi, OpenEvent() 000000d4 183
29 21:36:24.093 Was running: yes
29 21:36:24.343 Updating files ..
29 21:36:24.343 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi.exe -> C:\Program Files\Hamachi (folder)
29 21:36:25.656 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi.key -> C:\Program Files\Hamachi (folder)
29 21:36:25.656 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, uninstall.exe -> C:\Program Files\Hamachi (folder)
29 21:36:26.000 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, uninstall.lng -> C:\Program Files\Hamachi (folder)
29 21:36:26.000 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, license.txt -> C:\Program Files\Hamachi (folder)
29 21:36:26.015 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi.ttf -> C:\Program Files\Hamachi (folder)
29 21:36:26.015 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi.lng -> C:\Program Files\Hamachi (folder)
29 21:36:26.265 Updating driver ..
29 21:36:26.281 win32
29 21:36:26.281 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, nicmgr-i386.exe -> C:\Program Files\Hamachi\nicmgr.exe (file)
29 21:36:26.406 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi-i386.sys -> C:\DOCUME~1\DAY-WA~1\LOCALS~1\Temp\ha000975.tmp\hamachi.sys (file)
29 21:36:26.437 ExtractFile() C:\Documents and Settings\day-walker\Local Settings\Temporary Internet Files\Content.IE5\0RLFMUF1\HamachiSetup-1.0.0.51-en[1].exe, hamachi-i386.inf -> C:\DOCUME~1\DAY-WA~1\LOCALS~1\Temp\ha000975.tmp\hamachi.inf (file)
29 21:36:26.437 UpdateNetAdapter() ..
29 21:36:26.625 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot update ""C:\Documents and Settings\day-walker\Local Settings\Temp\ha000975.tmp\hamachi.inf") - done lRes:00000000 bRes:1 lErr:0 3
29 21:36:26.625 RemoveNetAdapter() ..
29 21:36:26.687 do_remove(hamachi)
29 21:36:26.765 removing ..
29 21:36:35.906 removed
29 21:36:35.906 SetupDiGetDeviceRegistryProperty() failed e000020b
29 21:36:35.906 do_remove done
29 21:36:36.015 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot remove) - done lRes:00000000 bRes:1 lErr:0 0
29 21:36:36.015 InstallNetAdapter() ..
29 21:36:36.109 do_install(hamachi, C:\Documents and Settings\day-walker\Local Settings\Temp\ha000975.tmp\hamachi.inf)
29 21:36:36.406 do_update(hamachi, C:\Documents and Settings\day-walker\Local Settings\Temp\ha000975.tmp\hamachi.inf)
29 21:36:57.140 do_update 0
29 21:36:57.140 do_install 0
29 21:36:57.281 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot install "C:\Documents and Settings\day-walker\Local Settings\Temp\ha000975.tmp\hamachi.inf") - done lRes:00000000 bRes:1 lErr:0 0
29 21:36:57.281 disabling qos scheduler ..
29 21:37:05.171 SetAdapterStatus() ..
29 21:37:05.265 do_enable(hamachi, 0)
29 21:37:09.531 done
29 21:37:09.671 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot disable) - done lRes:00000000 bRes:1 lErr:0 0
29 21:37:09.671 adapter is ready
29 21:37:09.718 do_config(hamachi)
29 21:37:09.718 get_bindname(hamachi)
29 21:37:09.781 bindname = [{9F942D4F-D1B1-4B7E-9FF9-B6ACFF1033B5}]
29 21:37:09.781 RegOpenKeyEx() failed 00000000
29 21:37:09.796 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot config) - done lRes:00000000 bRes:1 lErr:0 2
29 21:37:09.859 do_rename(hamachi, Hamachi)
29 21:37:09.859 get_bindname(hamachi)
29 21:37:10.062 bindname = [{9F942D4F-D1B1-4B7E-9FF9-B6ACFF1033B5}]
29 21:37:10.062 RegSetValueEx() 0, 00000000
29 21:37:10.078 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot rename Hamachi) - done lRes:00000000 bRes:1 lErr:0 0
29 21:37:11.093 setup is done
29 21:37:11.750 get_setmac(hamachi, 7A7905D8C3BE)
29 21:37:11.812 RegSetValueEx() 0 0
29 21:37:11.859 do_enable(hamachi, 1)
29 21:37:15.484 done
29 22:17:56.359 do_enable(hamachi, 0)
29 22:18:00.484 done
29 22:18:03.734 get_setmac(hamachi, 7A7905D8C3BE)
29 22:18:03.781 RegSetValueEx() 0 0
29 22:18:03.859 do_enable(hamachi, 1)
29 22:18:07.453 done
29 22:28:35.359 do_enable(hamachi, 0)
29 22:28:39.781 done
29 22:28:48.531 get_setmac(hamachi, 7A7905D8C3BE)
29 22:28:48.578 RegSetValueEx() 0 0
29 22:28:48.625 do_enable(hamachi, 1)
29 22:28:52.515 done
29 22:36:49.671 do_enable(hamachi, 0)
29 22:36:53.453 done
29 22:37:01.234 get_setmac(hamachi, 7A7905D8C3BE)
29 22:37:01.281 RegSetValueEx() 0 0
29 22:37:01.328 do_enable(hamachi, 1)
29 22:37:04.406 done
29 23:10:51.093 do_enable(hamachi, 0)
29 23:10:54.968 done
02 19:02:57.078 get_setmac(hamachi, 7A7905D8C3BE)
02 19:02:57.609 RegSetValueEx() 0 0
02 19:02:57.703 do_enable(hamachi, 1)
02 19:03:11.078 done
02 19:03:26.484 do_enable(hamachi, 0)
02 19:03:31.906 done
03 11:25:24.359 get_setmac(hamachi, 7A7905D8C3BE)
03 11:25:24.437 RegSetValueEx() 0 0
03 11:25:24.468 do_enable(hamachi, 1)
03 11:25:33.703 done
03 11:30:16.687 do_enable(hamachi, 0)
03 11:30:20.109 done
03 16:37:48.843 get_setmac(hamachi, 7A7905D8C3BE)
03 16:37:51.109 RegSetValueEx() 0 0
03 16:37:51.156 do_enable(hamachi, 1)
03 16:38:19.203 done
03 16:39:03.421 do_enable(hamachi, 0)
03 16:39:06.640 done
04 14:51:13.750 get_setmac(hamachi, 7A7905D8C3BE)
04 14:51:13.796 RegSetValueEx() 0 0
04 14:51:13.984 do_enable(hamachi, 1)
04 14:51:22.750 done
04 14:51:53.312 do_enable(hamachi, 0)
04 14:51:56.828 done
09 19:51:00.224 get_setmac(hamachi, 7A7905D8C3BE)
09 19:51:00.271 RegSetValueEx() 0 0
09 19:51:00.459 do_enable(hamachi, 1)
09 19:51:09.943 done
09 19:51:18.255 do_enable(hamachi, 0)
09 19:51:25.989 done
10 21:01:23.796 get_setmac(hamachi, 7A7905D8C3BE)
10 21:01:23.828 RegSetValueEx() 0 0
10 21:01:24.046 do_enable(hamachi, 1)
10 21:01:40.843 done
10 21:01:53.156 do_enable(hamachi, 0)
10 21:02:10.921 done
11 10:19:52.046 get_setmac(hamachi, 7A7905D8C3BE)
11 10:19:52.218 RegSetValueEx() 0 0
11 10:19:52.390 do_enable(hamachi, 1)
11 10:20:05.484 done
11 10:20:12.437 do_enable(hamachi, 0)
11 10:20:21.203 done
12 12:41:42.250 get_setmac(hamachi, 7A7905D8C3BE)
12 12:41:42.593 RegSetValueEx() 0 0
12 12:41:43.484 do_enable(hamachi, 1)
12 12:41:54.343 done
12 12:42:13.140 do_enable(hamachi, 0)
12 12:42:16.593 done
15 20:03:43.984 get_setmac(hamachi, 7A7905D8C3BE)
15 20:03:44.921 RegSetValueEx() 0 0
15 20:03:45.234 do_enable(hamachi, 1)
15 20:04:01.328 done
15 20:04:06.171 do_enable(hamachi, 0)
15 20:04:09.843 done
16 12:17:31.469 get_setmac(hamachi, 7A7905D8C3BE)
16 12:17:31.610 RegSetValueEx() 0 0
16 12:17:31.766 do_enable(hamachi, 1)
16 12:17:42.516 done
17 12:38:05.390 get_setmac(hamachi, 7A7905D8C3BE)
17 12:38:12.984 RegSetValueEx() 0 0
17 12:38:13.234 do_enable(hamachi, 1)
17 12:38:34.171 done
17 12:48:26.421 get_setmac(hamachi, 7A7905D8C3BE)
17 12:48:27.093 RegSetValueEx() 0 0
17 12:48:27.203 do_enable(hamachi, 1)
17 12:48:44.093 done
26 10:05:30.562 get_setmac(hamachi, 7A7905D8C3BE)
26 10:05:34.984 RegSetValueEx() 0 0
26 10:05:35.031 do_enable(hamachi, 1)
26 10:05:55.953 done
01 23:04:30.988 get_setmac(hamachi, 7A7905D8C3BE)
01 23:04:31.129 RegSetValueEx() 0 0
01 23:04:31.207 do_enable(hamachi, 1)
01 23:04:44.660 done
02 15:37:00.156 get_setmac(hamachi, 7A7905D8C3BE)
02 15:37:00.468 RegSetValueEx() 0 0
02 15:37:01.546 do_enable(hamachi, 1)
02 15:37:09.156 done
15 12:08:38.468 get_setmac(hamachi, 7A7905D8C3BE)
15 12:08:38.609 RegSetValueEx() 0 0
15 12:08:40.750 do_enable(hamachi, 1)
15 12:08:56.296 done
15 14:12:08.140 get_setmac(hamachi, 7A7905D8C3BE)
15 14:12:16.171 RegSetValueEx() 0 0
15 14:12:16.343 do_enable(hamachi, 1)
15 14:12:28.656 done
15 14:19:12.046 get_setmac(hamachi, 7A7905D8C3BE)
15 14:19:12.109 RegSetValueEx() 0 0
15 14:19:12.156 do_enable(hamachi, 1)
15 14:19:22.250 done
15 14:25:28.328 get_setmac(hamachi, 7A7905D8C3BE)
15 14:25:28.375 RegSetValueEx() 0 0
15 14:25:28.406 do_enable(hamachi, 1)
15 14:25:32.640 done
15 14:33:52.218 get_setmac(hamachi, 7A7905D8C3BE)
15 14:33:58.140 RegSetValueEx() 0 0
15 14:33:58.203 do_enable(hamachi, 1)
15 14:34:06.406 done
15 14:34:53.062 StopHamachi, CreateMutex() 00000790 0
15 14:34:53.125 do_remove(hamachi)
15 14:34:53.156 removing ..
15 14:46:04.546 get_setmac(hamachi, 7A7905D8C3BE)
15 14:46:05.687 do_enable(hamachi, 1)
15 14:46:06.203 not found
16 10:15:07.078 get_setmac(hamachi, 7A7905D8C3BE)
16 10:15:07.203 do_enable(hamachi, 1)
16 10:15:07.234 not found
16 10:16:00.718 StopHamachi, CreateMutex() 00000790 0
16 10:16:00.765 do_remove(hamachi)
16 10:16:00.812 do_remove done
16 10:16:00.812 CreateProcessW("C:\Program Files\Hamachi\nicmgr.exe" poneyhot remove) - done lRes:00000000 bRes:1 lErr:0 0

Pokud jsi dala na té poslední otázce Ano tak by se ti po proběhnutí ComboFix měl ukázat taky log. Ten by měl být standardně umístění v souboru na disku C jako ComboFix.txt (C:\ComboFix.txt). Nemusíš ho hledat udělej toto:

Jdi přes Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš tento příkaz označený modře
notepad c:\boot.ini a dej OK. Otevře se ti Poznámkový blok s logem, tak sem vlož celý jeho obsah.

Udělala sis pro jistotou tu zálohu dat?

Tohle mi našlo:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

a záloha se dá udělat nějak hromadně nebo musím postupně dokumenty atd. jak to vždycky dělám?