Takze jsem udelal obe ty veci, doufam ze spravne :)
Combo fix mi napsal toto :)ComboFix 08-07-31.06 - uzivatel 2008-08-02 19:48:33.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.346 [GMT 2:00]
Running from: C:\Documents and Settings\uzivatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\uzivatel\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\qjqckovw.dll
C:\WINDOWS\system32\rmmmkspt.ini
C:\WINDOWS\system32\rmmmkspt.tmp
C:\WINDOWS\system32\tpskmmmr.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\qjqckovw.dll
C:\WINDOWS\system32\rmmmkspt.ini
C:\WINDOWS\system32\tpskmmmr.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.
2008-07-31 09:36 . 2008-07-31 09:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-31 09:36 . 2008-07-31 10:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 09:36 . 2008-07-31 10:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-07-27 16:46 . 2008-08-02 12:36 <DIR> d-------- C:\Downloads
2008-07-27 16:17 . 2008-07-27 16:17 <DIR> d-------- C:\Documents and Settings\uzivatel\Data aplikací\FlashFXP
2008-07-27 16:16 . 2008-07-27 16:17 <DIR> d-------- C:\Program Files\FlashFXP
2008-07-20 12:22 . 2008-07-20 12:22 <DIR> d-------- C:\WUTemp
2008-07-19 07:41 . 2008-07-19 07:41 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-07 09:25 . 2008-07-07 09:57 <DIR> d-------- C:\Program Files\RapidSpool
2008-07-02 08:01 . 2008-07-02 08:01 <DIR> d-------- C:\Program Files\QIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 17:16 --------- d-----w C:\Program Files\CzechRO
2008-08-02 08:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-02 08:05 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-02 06:19 --------- d-----w C:\Documents and Settings\uzivatel\Data aplikací\OpenOffice.org2
2008-06-09 14:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-09 17:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-04 08:14 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-01_21.56.06.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-30 06:55:17 59,866 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-08-01 19:55:46 59,866 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-03-30 06:55:17 51,260 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-01 19:55:46 51,260 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 06:55:17 333,898 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-08-01 19:55:46 333,898 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-03-30 06:55:17 336,916 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-01 19:55:46 336,916 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 20:05 13312]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 20:05 13312]
C:\Documents and Settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 18:32:04 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 03:35]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\System32\regedt32.exe [2001-10-25 16:00]
*Newly Created Service* - CATCHME
*Newly Created Service* - PNKBSTRK
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-02 19:50:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-02 19:51:50
ComboFix-quarantined-files.txt 2008-08-02 17:51:46
ComboFix2.txt 2008-08-01 19:56:21
Pre-Run: Volných bajtů: 43,421,224,960
Post-Run: Volných bajtů: 43,421,339,648
97
a hijackthis vytvoril totoLogfile of HijackThis v1.99.1
Scan saved at 19:53:58, on 2.8.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\uzivatel\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.qip.ruR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.seznam.cz/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EA55DF8-5A3C-4C6A-B879-AF83270028B2}: NameServer = 194.228.41.65,194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EA55DF8-5A3C-4C6A-B879-AF83270028B2}: NameServer = 194.228.41.65,194.228.41.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EA55DF8-5A3C-4C6A-B879-AF83270028B2}: NameServer = 194.228.41.65,194.228.41.113
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
MM13 píše:jeste by jsi si mohl nainstalovat SP3, preci jenom SP1 je dost stara
co to je? :))
