časté restartování PC - o vir se prý nejedná Vyřešeno

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu. Stáhni nový a starý smaž.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[marky.ruza]

ComboFix 09-06-22.0D - Marketa 23.06.2009 17:26.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1024.676 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marketa\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 15:17 . 2009-06-23 15:17 4096 ----a-w- c:\windows\d3dx.dat
2009-06-19 10:28 . 2009-06-19 10:28 -------- d-----w- c:\program files\QIP
2009-05-26 10:29 . 2009-05-26 10:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-26 09:54 . 2009-05-26 09:54 -------- d-----w- c:\program files\Free Offers from Freeze.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 14:20 . 2009-05-11 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 12:21 . 2006-07-16 09:06 -------- d-----w- c:\program files\Google
2009-06-22 17:29 . 2008-08-19 18:08 -------- d-----w- c:\program files\rajce
2009-06-18 15:36 . 2006-07-11 08:16 -------- d-----w- c:\program files\HP
2009-06-17 09:27 . 2009-05-11 13:28 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-05-11 13:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 10:14 . 2001-10-25 14:00 71438 ----a-w- c:\windows\system32\perfc005.dat
2009-05-26 10:14 . 2001-10-25 14:00 395478 ----a-w- c:\windows\system32\perfh005.dat
2009-05-20 08:14 . 2009-05-20 08:14 -------- d-----w- c:\program files\MSXML 4.0
2009-05-15 12:47 . 2009-05-15 12:47 -------- d-----w- c:\program files\AML Products
2009-05-15 12:17 . 2009-05-15 12:17 -------- d-----w- c:\program files\totalcmd
2009-05-14 12:58 . 2009-05-14 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-14 12:58 . 2009-05-14 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-14 12:53 . 2009-05-14 12:45 -------- d-----w- c:\program files\Nokia
2009-05-14 12:46 . 2009-05-14 12:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-14 12:46 . 2009-05-14 12:45 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-12 10:28 . 2009-05-12 10:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 10:28 . 2009-05-12 10:28 -------- d-----w- c:\program files\Java
2009-05-12 10:07 . 2009-05-12 10:07 -------- d-----w- c:\program files\CCleaner
2009-05-11 15:46 . 2008-03-09 16:23 -------- d-----w- c:\program files\ICQToolbar
2009-05-11 11:54 . 2009-05-11 11:54 -------- d-----w- c:\program files\Trend Micro
2009-05-07 15:44 . 2002-09-20 18:04 345088 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2002-09-20 18:05 660480 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2006-07-08 18:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2002-09-20 17:41 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:18 . 2002-09-20 18:04 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-07-09 02:44 . 2006-12-12 16:50 777 ----a-w- c:\program files\trial_setup.ini
2005-07-09 02:44 . 2006-12-12 16:50 5137920 ----a-w- c:\program files\trial_setup.msi
2005-07-09 02:44 . 2006-12-12 16:50 40448 ----a-w- c:\program files\trial_setup.exe
2004-06-30 12:20 . 2007-03-18 20:55 160768 ----a-w- c:\program files\fmod.dll
1999-04-07 17:39 . 1999-04-07 17:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-10 917504]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Marketa^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Marketa\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

R3 cpuz128;cpuz128;\??\c:\docume~1\Marketa\LOCALS~1\Temp\pcwiz32.sys --> c:\docume~1\Marketa\LOCALS~1\Temp\pcwiz32.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CPUZ128
.
Obsah adresáře 'Naplánované úlohy'

2009-06-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-20 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.contactel.cz:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {347D7B47-11D8-456E-BF75-5F54AA881DFB} = 10.89.1.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 17:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-23 17:31
ComboFix-quarantined-files.txt 2009-06-23 15:31

Před spuštěním: Volných bajtů: 23 324 844 032
Po spuštění: Volných bajtů: 23 623 069 696

125 --- E O F --- 2009-06-11 08:19

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\d3dx.dat
c:\windows\system32\d3d9caps.dat
c:\program files\Free Offers from Freeze.com
c:\docume~1\Marketa\LOCALS~1\Temp\pcwiz32.sys

Folder::
c:\program files\Free Offers from Freeze.com

Driver::
pcwiz32
cpuz128;cpuz128
cpuz128




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[marky.ruza]

ComboFix 09-06-22.0E - Marketa 23.06.2009 20:58.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1024.689 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marketa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marketa\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\docume~1\Marketa\LOCALS~1\Temp\pcwiz32.sys"
"c:\program files\Free Offers from Freeze.com"
"c:\windows\d3dx.dat"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Free Offers from Freeze.com
c:\program files\Free Offers from Freeze.com\3766.url
c:\program files\Free Offers from Freeze.com\3772.url
c:\program files\Free Offers from Freeze.com\3773.url
c:\program files\Free Offers from Freeze.com\control.txt
c:\program files\Free Offers from Freeze.com\dolphinico.ico
c:\program files\Free Offers from Freeze.com\wfallsaw.ico
c:\program files\Free Offers from Freeze.com\whalesico.ico
c:\windows\d3dx.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Service_cpuz128


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-19 10:28 . 2009-06-19 10:28 -------- d-----w- c:\program files\QIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 14:20 . 2009-05-11 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 12:21 . 2006-07-16 09:06 -------- d-----w- c:\program files\Google
2009-06-22 17:29 . 2008-08-19 18:08 -------- d-----w- c:\program files\rajce
2009-06-18 15:36 . 2006-07-11 08:16 -------- d-----w- c:\program files\HP
2009-06-17 09:27 . 2009-05-11 13:28 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-05-11 13:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 10:14 . 2001-10-25 14:00 71438 ----a-w- c:\windows\system32\perfc005.dat
2009-05-26 10:14 . 2001-10-25 14:00 395478 ----a-w- c:\windows\system32\perfh005.dat
2009-05-20 08:14 . 2009-05-20 08:14 -------- d-----w- c:\program files\MSXML 4.0
2009-05-15 12:47 . 2009-05-15 12:47 -------- d-----w- c:\program files\AML Products
2009-05-15 12:17 . 2009-05-15 12:17 -------- d-----w- c:\program files\totalcmd
2009-05-14 12:58 . 2009-05-14 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-14 12:58 . 2009-05-14 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-14 12:53 . 2009-05-14 12:45 -------- d-----w- c:\program files\Nokia
2009-05-14 12:46 . 2009-05-14 12:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-14 12:46 . 2009-05-14 12:45 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-12 10:28 . 2009-05-12 10:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 10:28 . 2009-05-12 10:28 -------- d-----w- c:\program files\Java
2009-05-12 10:07 . 2009-05-12 10:07 -------- d-----w- c:\program files\CCleaner
2009-05-11 15:46 . 2008-03-09 16:23 -------- d-----w- c:\program files\ICQToolbar
2009-05-11 11:54 . 2009-05-11 11:54 -------- d-----w- c:\program files\Trend Micro
2009-05-07 15:44 . 2002-09-20 18:04 345088 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2002-09-20 18:05 660480 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2006-07-08 18:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2002-09-20 17:41 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:18 . 2002-09-20 18:04 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-07-09 02:44 . 2006-12-12 16:50 777 ----a-w- c:\program files\trial_setup.ini
2005-07-09 02:44 . 2006-12-12 16:50 5137920 ----a-w- c:\program files\trial_setup.msi
2005-07-09 02:44 . 2006-12-12 16:50 40448 ----a-w- c:\program files\trial_setup.exe
2004-06-30 12:20 . 2007-03-18 20:55 160768 ----a-w- c:\program files\fmod.dll
1999-04-07 17:39 . 1999-04-07 17:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-06-23_15.30.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 15:30 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 15:30 . 2004-08-17 13:49 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 15:30 . 2004-08-17 13:49 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 15:30 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 15:30 . 2004-08-17 13:49 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 15:30 . 2004-08-17 13:45 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 15:30 . 2004-08-03 21:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 15:30 . 2004-08-17 13:49 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-23 15:30 . 2004-08-17 13:49 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 15:30 . 2009-04-29 04:53 660480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 15:30 . 2007-03-08 15:38 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 295936 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 15:30 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 15:30 . 2009-02-09 10:11 111104 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 15:30 . 2004-08-03 21:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 15:30 . 2009-03-21 14:21 984576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 171008 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-23 15:30 . 2004-08-17 13:49 1548288 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-23 15:30 . 2009-02-09 11:52 2182656 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 15:30 . 2009-02-09 11:52 2059904 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 15:30 . 2007-06-13 13:23 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-10 917504]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Marketa^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Marketa\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

.
Obsah adresáře 'Naplánované úlohy'

2009-06-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-20 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.contactel.cz:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {347D7B47-11D8-456E-BF75-5F54AA881DFB} = 10.89.1.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 21:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-23 21:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-23 19:07
ComboFix2.txt 2009-06-23 15:31

Před spuštěním: Volných bajtů: 23 624 982 528
Po spuštění: Volných bajtů: 23 535 890 432

180 --- E O F --- 2009-06-11 08:19




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:39, on 23.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.contactel.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://welcome.contactel.cz/
O17 - HKLM\System\CCS\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5260 bytes

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config ASP.NET State Service (aspnet_state) start= disabled
sc config ASP.NET State Service start= disabled
sc config aspnet_state start= disabled
sc stop ASP.NET State Service (aspnet_state)
sc stop ASP.NET State Service
sc stop aspnet_state
sc delete ASP.NET State Service (aspnet_state)
sc delete ASP.NET State Service
sc delete aspnet_state

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp. Pak sem dej ještě log z HJT.

[marky.ruza]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:36, on 23.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.contactel.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://welcome.contactel.cz/
O17 - HKLM\System\CCS\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{347D7B47-11D8-456E-BF75-5F54AA881DFB}: NameServer = 10.89.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5102 bytes

[Damned]

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
****************************************************************************************************************************************
Problém tam již nevidím.
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se.

[Brky]

ComboFix 09-09-25.01 - Trčka 27.09.2009 14:24.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.643 [GMT 2:00]
Spuštěný z: h:\documents and settings\Trčka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090926-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\documents and settings\Trčka\Data aplikací\Microsoft\Clip Organizer\mstore10.mgc
h:\documents and settings\Trčka\Data aplikací\Microsoft\Clip Organizer\Offic10.MGC
h:\windows\regedit.com
h:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-27 do 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\VDLL.DLL
2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\system32\runouce.exe
2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\rundll16.exe
2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\RUNDL132.EXE
2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\logo1_.exe
2009-09-27 11:56 . 2009-09-27 11:56 -------- d---a-w- h:\windows\logo_1.exe
2009-09-27 11:33 . 2009-09-27 11:32 34048 ----a-w- h:\windows\system32\eEmpty.exe
2009-09-27 11:32 . 2008-04-14 03:22 137216 ----a-w- h:\windows\system32\T.COM
2009-09-27 11:32 . 2008-04-14 03:22 147968 ----a-w- h:\windows\R.COM
2009-09-27 11:32 . 2009-09-27 11:32 -------- d-----w- h:\program files\Common Files\MicroWorld
2009-09-26 09:54 . 2009-09-26 09:54 -------- d-----w- H:\EVEREST Home Edition
2009-09-25 17:57 . 2009-09-26 06:37 -------- d-----w- h:\program files\Microsoft Silverlight
2009-09-25 17:56 . 2009-09-25 17:56 -------- d-----w- h:\program files\Microsoft
2009-09-25 17:56 . 2009-09-26 06:37 -------- d-----w- h:\program files\Windows Desktop Search
2009-09-25 17:56 . 2009-09-25 17:56 -------- d-----w- h:\windows\system32\GroupPolicy
2009-09-25 17:55 . 2008-03-07 17:02 98304 -c----w- h:\windows\system32\dllcache\nlhtml.dll
2009-09-25 17:55 . 2008-03-07 17:02 29696 -c----w- h:\windows\system32\dllcache\mimefilt.dll
2009-09-25 17:55 . 2008-03-07 17:02 192000 -c----w- h:\windows\system32\dllcache\offfilt.dll
2009-09-24 18:12 . 2009-09-25 19:17 -------- d-----w- h:\program files\Common Files\Symantec Shared
2009-09-10 13:14 . 2009-09-10 13:23 -------- d-----w- H:\GTA San Andreas
2009-09-09 11:41 . 2009-06-21 21:48 153088 -c----w- h:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 17:56 . 2006-03-02 12:00 71322 ----a-w- h:\windows\system32\perfc005.dat
2009-09-25 17:56 . 2006-03-02 12:00 403360 ----a-w- h:\windows\system32\perfh005.dat
2009-09-25 14:22 . 2009-06-19 14:52 15688 ----a-w- h:\windows\system32\lsdelete.exe
2009-09-10 13:31 . 2006-09-14 11:29 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-09-04 17:55 . 2006-09-17 16:49 98304 -c--a-w- h:\windows\system32\CmdLineExt.dll
2009-08-17 16:10 . 2006-09-14 11:56 1279456 ----a-w- h:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-09-14 11:56 93392 ----a-w- h:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-09-14 11:56 94160 ----a-w- h:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-01 09:26 114768 ----a-w- h:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-01 09:26 20560 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-09-14 11:56 51376 ----a-w- h:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-09-14 11:56 23152 ----a-w- h:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-09-14 11:56 26944 ----a-w- h:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2006-09-14 11:56 97480 ----a-w- h:\windows\system32\AVASTSS.scr
2009-08-16 16:35 . 2009-08-16 16:36 737280 ----a-w- h:\windows\iun6002.exe
2009-08-16 13:40 . 2009-08-16 13:40 -------- d-----w- h:\program files\Common Files\FDRLab
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- h:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- h:\windows\system32\atl.dll
2009-07-14 20:19 . 2009-07-14 20:15 410984 ----a-w- h:\windows\system32\deploytk.dll
2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- h:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2006-03-02 12:00 915456 ----a-w- h:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="h:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Ad-Watch"="h:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-25 520024]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.EXE [2006-02-10 15969280]
"nwiz"="nwiz.exe" - h:\windows\system32\nwiz.exe [2006-03-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - h:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=h:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=h:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"h:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [19.6.2009 16:22 64160]
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [1.4.2008 11:26 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 11:26 20560]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1028432]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;h:\windows\system32\drivers\NETDLWL.sys [16.9.2006 15:03 159104]
S2 gupdate1c9afd2ce15070d;Služba Google Update (gupdate1c9afd2ce15070d);"h:\program files\Google\Update\GoogleUpdate.exe" /svc --> h:\program files\Google\Update\GoogleUpdate.exe [?]
S2 wlidsvc;Windows Live ID Sign-in Assistant;h:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-25 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - h:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - h:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {0418DDAB-60ED-4C64-ACA5-8BF5D811890C} = 10.100.1.254,212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpyEmergency - h:\program files\Spy Emergency 2008\SpyEmergency.exe
AddRemove-ASkola3D - h:\hry\ASkola3D\DeIsL1.isu
AddRemove-Governor of Poker1.0 - h:\windows\Governor of Poker\uninstall.exe
AddRemove-KnightsAndMerchants - h:\program files\KnightsAndMerchants\DeIsL1.isu
AddRemove-OpenTTD - h:\documents and settings\Trčka\Plocha\TTD\uninstall.exe
AddRemove-ShockwaveFlash - h:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-WOLAPI - h:\hry\Internet\UNINSTAP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 14:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-09-27 14:29
ComboFix-quarantined-files.txt 2009-09-27 12:29

Před spuštěním: Volných bajtů: 232 453 165 056
Po spuštění: Volných bajtů: 232 694 366 208

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

154 --- E O F --- 2009-09-26 06:35