virus

[weed.farmer]

můžete mi prosím poradit co s tím? je to strašně zpomalený

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:34, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rwinqldq.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ICQLite\ICQLite.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: H - {9FF1F987-4767-4986-99CB-425E55CC946D} - C:\WINDOWS\system32\gooels.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - C:\WINDOWS\system32\vtuuuro.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinqldq.exe OLI001
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinqldq.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D98EDF-4D93-407E-982E-BCC2ED48DD7A}: NameServer = 213.192.29.34,213.192.29.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtuuuro - C:\WINDOWS\SYSTEM32\vtuuuro.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/oem/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 7980 bytes

[Reklama]

[fredik]

Vítej na fóru:

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[weed.farmer]

ok, díky za odpověď ani jsem ji nečekal tak rychle :)
takze tady je Report.txt:


SDFix: Version 1.113

Run by oem on st 31.10.2007 at 19:20

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\6_exception.nls - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 19:30:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Owo54]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:c18b552a
"s1"=dword:f8a8630e
"s2"=dword:33ab8cf1
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,90,63,90,8d,d4,70,db,1e,c8,ec,f4,d8,1a,1d,f1,02,5d,ab,41,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fc,19,4e,96,5d,b9,8b,c8,4c,9b,05,34,e0,5e,77,45,12,..
"khjeh"=hex:e1,81,65,42,08,8c,7c,67,8a,d0,0e,0b,dd,e6,1f,d7,9c,bc,21,39,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:59,7f,7c,1b,9d,39,09,59,ff,ea,3e,87,6d,34,d0,14,8d,b2,dc,39,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Owo54]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,90,63,90,8d,d4,70,db,1e,c8,ec,f4,d8,1a,1d,f1,02,5d,ab,41,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fc,19,4e,96,5d,b9,8b,c8,4c,9b,05,34,e0,5e,77,45,12,..
"khjeh"=hex:e1,81,65,42,08,8c,7c,67,8a,d0,0e,0b,dd,e6,1f,d7,9c,bc,21,39,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:59,7f,7c,1b,9d,39,09,59,ff,ea,3e,87,6d,34,d0,14,8d,b2,dc,39,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:91,87,ec,a1,78,03,df,de,00,c5,da,0e,39,14,9d,79,e5,09,5a,a0,45,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

C:\WINDOWS\System32\drivers\Owo54.sys 178688 bytes executable
C:\WINDOWS\System32\drivers\symavc32.sys 178688 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Games\\Team17\\Worms Armageddon\\Landgen.exe"="C:\\Games\\Team17\\Worms Armageddon\\Landgen.exe:*:Enabled:Landgen"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Documents and Settings\\oem\\Plocha\\samp\\samp-server.exe"="C:\\Documents and Settings\\oem\\Plocha\\samp\\samp-server.exe:*:Disabled:samp-server"
"C:\\Games\\Westwood\\SUN\\Game.exe"="C:\\Games\\Westwood\\SUN\\Game.exe:*:Disabled:Main executable for Tiberian Sun"
"C:\\Games\\Flatout\\flatout.exe"="C:\\Games\\Flatout\\flatout.exe:*:Disabled:flatout"
"C:\\Games\\Counter-Strike v1.6\\hl.exe"="C:\\Games\\Counter-Strike v1.6\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Disabled:Speed"
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Disabled:speed2"
"C:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\Games\\Team17\\wormsarm\\WA.exe"="C:\\Games\\Team17\\wormsarm\\WA.exe:*:Disabled:Worms Armageddon"
"C:\\Games\\Team17\\Worms Armageddon\\WA.exe"="C:\\Games\\Team17\\Worms Armageddon\\WA.exe:*:Disabled:Worms Armageddon"
"C:\\WINDOWS\\strs.exe"="C:\\WINDOWS\\strs.exe:*:Disabled:Str §ca syst‚mu"
"C:\\Games\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Games\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"="C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe:*:Enabled:rct"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAV.exe"="C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAV.exe:*:Enabled:eTrust EZ Antivirus"
"C:\\Games\\CD\\TDU\\TestDriveUnlimited.exe"="C:\\Games\\CD\\TDU\\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 7 Dec 2003 0 A.SHR --- "C:\abc\EBD.SYS"
Sun 25 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Tue 10 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 7 Dec 2003 0 A.SHR --- "C:\Documents and Settings\oem\Local Settings\Temp\Rar$DR01.610\EBD.SYS"
Wed 1 Oct 2003 237,056 A..H. --- "C:\Documents and Settings\oem\Plocha\Mama\TESCO\manu l\3Program VU\1Package\CR\3vyber\~WRL0002.tmp"

Finished!

a ComboFix:

ComboFix 07-10-30.5 - oem 2007-10-31 19:45:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.211 [GMT 1:00]
Running from: C:\Documents and Settings\oem\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění\ta_start.lnk
C:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění\think-adz.lnk
C:\temp\tn3
C:\WINDOWS\system32\drivers\OWO54.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_OWO54
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-31 19:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 19:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-31 17:14 147,968 --a------ C:\WINDOWS\R.COM
2007-10-31 17:14 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-10-31 16:38 <DIR> d-------- C:\Program Files\CCleaner
2007-10-31 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-30 19:15 <DIR> d-------- C:\zka
2007-10-30 19:15 <DIR> d-------- C:\slo
2007-10-29 17:47 7 --a------ C:\WINDOWS\system32\kpdsregn.exe
2007-10-29 17:40 196,718 --a------ C:\WINDOWS\system32\rwinqldq.exe
2007-10-29 17:40 30,720 --a------ C:\WINDOWS\system32\gooels.dll
2007-10-29 17:39 <DIR> d-------- C:\WINDOWS\Web Download
2007-10-29 17:39 31,254 --a------ C:\WINDOWS\system32\vtuuuro.dll
2007-10-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Eset
2007-10-28 14:29 <DIR> d-------- C:\WINDOWS\pss
2007-10-28 12:05 <DIR> d-------- C:\Program Files\PowerISO
2007-10-20 11:06 <DIR> d-------- C:\Program Files\Creative
2007-10-20 11:06 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-10-17 16:12 41 ---h----- C:\WINDOWS\dsez4173.dat
2007-09-30 19:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-21 09:17 28,680 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-06 18:08 <DIR> d-------- C:\Program Files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:10 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Azureus
2007-10-29 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 07:41 51,472 ----a-w C:\Documents and Settings\oem\Data aplikací\GDIPFONTCACHEV1.DAT
2007-10-12 14:13 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Skype
2007-09-27 17:58 --------- d-----w C:\Program Files\Azureus
2007-09-21 06:48 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Canon
2007-09-20 15:27 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-09-20 15:27 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-09-20 15:27 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-09-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-09-06 16:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-09-06 16:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-08-31 20:16 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Hamachi
2007-08-31 14:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-09 13:20 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FF1F987-4767-4986-99CB-425E55CC946D}]
2007-10-29 17:40 30720 --a------ C:\WINDOWS\system32\gooels.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}]
2007-10-29 17:39 31254 --a------ C:\WINDOWS\system32\vtuuuro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 20:04 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 20:05]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}"= C:\WINDOWS\system32\vtuuuro.dll [2007-10-29 17:39 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuro]
vtuuuro.dll 2007-10-29 17:39 31254 C:\WINDOWS\system32\vtuuuro.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;\??\C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\AUTORUN.EXE

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 19:59:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-31 20:03:15 - machine was rebooted
.
--- E O F ---

predem diky

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\kpdsregn.exe
C:\WINDOWS\system32\rwinqldq.exe
C:\WINDOWS\system32\gooels.dll
C:\WINDOWS\system32\vtuuuro.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FF1F987-4767-4986-99CB-425E55CC946D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuro]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Dej sem pak také nový log z HJT.

[weed.farmer]

tak jo:

ComboFix 07-10-30.5 - oem 2007-11-03 14:31:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.227 [GMT 1:00]
Running from: C:\Documents and Settings\oem\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\oem\Plocha\CFScript.txt

FILE::
C:\WINDOWS\system32\gooels.dll
C:\WINDOWS\system32\kpdsregn.exe
C:\WINDOWS\system32\rwinqldq.exe
C:\WINDOWS\system32\vtuuuro.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gooels.dll
C:\WINDOWS\system32\kpdsregn.exe
C:\WINDOWS\system32\rwinqldq.exe
C:\WINDOWS\system32\vtuuuro.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-10-31 19:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 19:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-10-31 17:16 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-10-31 17:14 147,968 --a------ C:\WINDOWS\R.COM
2007-10-31 17:14 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-10-31 16:38 <DIR> d-------- C:\Program Files\CCleaner
2007-10-31 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 17:39 <DIR> d-------- C:\WINDOWS\Web Download
2007-10-29 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Eset
2007-10-28 14:29 <DIR> d-------- C:\WINDOWS\pss
2007-10-28 12:05 <DIR> d-------- C:\Program Files\PowerISO
2007-10-20 11:06 <DIR> d-------- C:\Program Files\Creative
2007-10-20 11:06 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-10-17 16:12 41 ---h----- C:\WINDOWS\dsez4173.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 10:20 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd0685.sys
2007-10-30 16:10 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Azureus
2007-10-29 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 07:41 51,472 ----a-w C:\Documents and Settings\oem\Data aplikací\GDIPFONTCACHEV1.DAT
2007-10-12 14:13 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Skype
2007-09-27 17:58 --------- d-----w C:\Program Files\Azureus
2007-09-21 08:17 28,680 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 08:15 33,288 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 08:15 25,096 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-21 06:48 --------- d-----w C:\Documents and Settings\oem\Data aplikací\Canon
2007-09-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-09-06 17:08 --------- d-----w C:\Program Files\CyberLink
2007-09-06 16:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-09-06 16:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 20:04 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 20:05]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;\??\C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\AUTORUN.EXE

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 14:48:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 14:49:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-31 20:03
.
--- E O F ---

a Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:39, on 3.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D98EDF-4D93-407E-982E-BCC2ED48DD7A}: NameServer = 213.192.29.34,213.192.29.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/oem/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 6460 bytes

[weed.farmer]

Vypadá že se to spravilo. Díky moc. Můžete mi napsat čeho se mám vyvarovat aby se to už nestalo?
Jeste jednou dik

[fredik]

Jen teď přesně nevím jestli tam máš čistého Noda nebo ESS (eset smart security), pokud jen čistý nod tak by bylo dobré si pro lepší zabezpečení doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš tam starší verzi Javy, tak bych ti doporučil jeji update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6u2 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spíš dodržovat obecné zásady, mít aktualizovaný systém, antivir, antispyware (není vidět jestli nějaký používáš, pokud ne tak si nějaký nainstaluj). Neklikat/nestahovat všechno co vidím. Případně kdyby se dostal do ruky nějaký podezřelý soubor tak ho otestovat třeba zde nebo zde (ale i tak není zaručeno že když bude označený daný soubor za čistý že je).

Jinak log vypadá dobře, pokud jak říkáš nemáš další problémy tak by to bylo vše a nemáš za co.