Zákeřný vir

[old.k]

Ahoj všichni,
mám problém se svým notebookem. Z ničeho nic se mi stalo, že startuje strašně dlouhou dobu (tak 5 mintu) a i jeho chod je strašně zpomalený. Zkoušel jsem počítač projíždět různými antiviry, ale zatím nic nepomohlo. Můžete mi prosím někdo pradit? Přikládám svůj log. Předem díky.

Logfile of HijackThis v1.99.1
Scan saved at 15:35:33, on 1.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Avast4\ashQuick.exe
B:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Cas 2] c:\Program Files\cas\Čas 2.1\Cas 2.1.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Reklama]

[Baron Prášil]

tak odinstaluj AVG

nainstaluj firewall
vyber si tady,doporučuju Comodo

nainstaluj taky antispyware
doporučuju Spybot S&D nebo Spyware Terminator

ale šmejd v logu vidět neni,proto
udělej log z MWAV

a samozřejmě hygiena
vyčisti systém CCleanerem a RegCleanerem(nejlépe před tím MWAVem)

defragmentuj,pokud to bude třeba
třeba tímto O&O Defrag 2000

[old.k]

Všechno jsem provedl, ale problému jsem se nezbavil, tady je ten log.

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\dočasné\192.168.0.6 - Instalacky\BearShare V6.exe//WiseSFX Dropper//WISE0044.BIN//stream//data0005 indentifikován jako "not-a-virus:AdWare.Win32.Softomate.aa". Provedené akce: Nic nebylo provedeno.

[Baron Prášil]

smaž C:\dočasné\192.168.0.6 - Instalacky\BearShare V6.exe

odinstaluj BearShare

[old.k]

Nemám ho nainstalovaný, jen tam mám instalačku.

[Baron Prášil]

ok.

udělej log z Combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah

[old.k]

"oldk" - 2007-07-02 20:43:19 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wpcap.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 20:41 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 19:41 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-02 19:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-07-01 19:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-07-01 19:40 147,968 --a------ C:\WINDOWS\R.COM
2007-07-01 19:40 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-07-01 19:36 <DIR> d-------- C:\Program Files\CCleaner
2007-07-01 19:21 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-06-28 23:00 <DIR> d-------- C:\Program Files\Ad-Aware SE Personal
2007-06-28 23:00 <DIR> d-------- C:\DOCUME~1\oldk\DATAAP~1\Lavasoft
2007-06-28 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-06-14 21:31 <DIR> d-------- C:\DOCUME~1\oldk\DATAAP~1\Apple Computer
2007-06-12 14:53 <DIR> d-------- C:\doźasn‚
2007-06-12 09:04 <DIR> d-------- C:\Program Files\MirandaPack
2007-06-11 23:03 <DIR> dr------- C:\Program Files\MirandaPack byBEDAv1.1
2007-06-11 20:06 <DIR> d-------- C:\DOCUME~1\oldk\DATAAP~1\Miranda
2007-06-11 13:19 <DIR> d-------- C:\winnt
2007-06-11 13:19 <DIR> d-------- C:\phptriad
2007-06-11 13:18 <DIR> d-------- C:\apache
2007-06-11 12:35 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2007-06-06 08:47 154,624 --a------ C:\WINDOWS\system32\drivers\wlluc48.sys
2007-06-05 22:08 <DIR> d-------- C:\Program Files\ICQPlus
2007-06-05 21:53 <DIR> d-------- C:\DOCUME~1\oldk\DATAAP~1\ICQ
2007-06-05 08:33 <DIR> d-------- C:\DOCUME~1\oldk\DATAAP~1\CyberLink
2007-06-04 16:01 <DIR> d-------- C:\Program Files\WinPcap
2007-06-04 16:00 <DIR> d-------- C:\Program Files\GIT
2007-06-03 23:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 20:32:52 12,288 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2007-07-01 16:23:49 -------- d-----w C:\Program Files\Warcraft III
2007-06-26 12:27:03 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Hamachi
2007-06-24 16:44:39 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Skype
2007-06-19 08:50:24 -------- d-----w C:\Program Files\Winamp
2007-06-16 20:30:07 -------- d-----w C:\Program Files\ICQLite
2007-06-16 20:08:57 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\teamspeak2
2007-06-10 14:26:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 17:57:46 89,760 ----a-w C:\WINDOWS\War3Unin.dat
2007-05-31 11:51:26 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-31 11:42:20 -------- d-----w C:\Program Files\Lionhead Studios
2007-05-28 16:55:08 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-25 14:50:34 -------- d-----w C:\Program Files\Hamachi
2007-05-24 20:53:54 -------- d-----w C:\Program Files\Realtek
2007-05-23 06:00:30 -------- d-----w C:\Program Files\Sacred
2007-05-23 05:56:30 120,320 ----a-w C:\WINDOWS\system32\drivers\SSHDRV65.sys
2007-05-22 21:33:46 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Nokia Multimedia Player
2007-05-22 18:19:47 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\PC Suite
2007-05-22 14:32:37 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-20 22:47:15 -------- d-----w C:\Program Files\PSPad
2007-05-20 22:42:35 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Blueberry
2007-05-20 22:02:52 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll
2007-05-20 22:02:52 27,776 ----a-w C:\WINDOWS\system32\bbcap.dll
2007-05-20 22:02:52 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2007-05-20 22:02:46 -------- d-----w C:\Program Files\Common Files\Blueberry Software
2007-05-20 22:02:46 -------- d-----w C:\Program Files\Blueberry Software
2007-05-20 16:25:31 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Nokia
2007-05-20 16:25:30 -------- d-----w C:\Program Files\DIFX
2007-05-20 16:25:13 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-20 16:25:10 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-20 16:24:17 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-20 16:23:36 -------- d-----w C:\Program Files\Nokia
2007-05-20 16:23:25 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\DataLayer
2007-05-18 08:31:39 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-05-18 08:31:39 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-05-17 16:38:04 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Hewlett-Packard
2007-05-17 16:37:14 20,458 ----a-w C:\WINDOWS\hpoins01.dat
2007-05-17 16:37:04 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-17 16:37:02 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-05-17 16:32:58 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-17 12:37:23 69,114 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-05-17 12:37:23 390,176 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-05-16 23:19:27 -------- d-----w C:\Program Files\BSplayer Pro
2007-05-16 18:53:36 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\AdobeUM
2007-05-16 17:10:25 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-16 15:18:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 14:50:13 -------- d-----w C:\Program Files\Verdict Free
2007-05-16 14:41:05 -------- d-----w C:\Program Files\CyberLink
2007-05-16 14:39:37 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Zoner
2007-05-16 14:37:21 -------- d-----w C:\Program Files\Zoner
2007-05-16 14:28:24 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Ahead
2007-05-16 14:27:37 -------- d-----w C:\Program Files\Nero
2007-05-16 14:27:37 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-16 14:26:04 -------- d-----w C:\Program Files\Yahoo!
2007-05-16 14:17:35 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-16 14:14:41 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\ICQLite
2007-05-16 14:05:50 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-16 14:02:46 -------- d-----w C:\Program Files\Skype
2007-05-16 14:02:35 -------- d-----w C:\Program Files\RegCleaner
2007-05-16 14:01:26 -------- d-----w C:\Program Files\QuickTime
2007-05-16 13:59:47 -------- d-----w C:\Program Files\Daemon
2007-05-16 13:56:58 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\Talkback
2007-05-16 13:54:06 -------- d-----w C:\Program Files\TC PowerPack
2007-05-16 13:53:48 -------- d-----w C:\Program Files\StrongDC++
2007-05-16 13:53:22 -------- d-----w C:\Program Files\Movie Maker
2007-05-16 13:53:05 -------- d-----w C:\Program Files\Messenger
2007-05-16 13:46:00 -------- d-----w C:\Program Files\Seznam
2007-05-16 12:43:19 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-16 12:43:16 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-16 12:32:18 -------- d-----w C:\Program Files\Notebook Hardware Control
2007-05-16 12:31:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-05-16 12:31:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-05-16 12:23:00 -------- d-----w C:\Program Files\Atheros
2007-05-16 12:22:17 -------- d-----w C:\Program Files\Synaptics
2007-05-16 12:18:20 -------- d-----w C:\Program Files\Launch Manager
2007-05-16 12:09:43 -------- d-----w C:\Program Files\WIDCOMM
2007-05-16 12:03:27 -------- d-----w C:\DOCUME~1\oldk\DATAAP~1\ATI
2007-05-16 11:42:20 -------- d-----w C:\Program Files\ATI Technologies
2007-05-16 11:42:08 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-16 11:34:17 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-16 11:25:26 -------- d-----w C:\Program Files\Windows NT
2007-05-16 11:06:19 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-16 11:06:03 0 --sha-r C:\MSDOS.SYS
2007-05-16 11:06:03 0 --sha-r C:\IO.SYS
2007-05-16 11:06:03 0 ----a-w C:\CONFIG.SYS
2007-05-16 11:06:03 0 ------w C:\AUTOEXEC.BAT
2007-05-16 11:03:36 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-16 11:03:07 21,812 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 11:02:44 -------- d-----w C:\Program Files\Online Services
2007-05-16 11:02:27 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-25 14:22:50 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 11:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 19:40]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 C:\WINDOWS\Alcmtr.exe]
"Cas 2"="c:\Program Files\cas\Čas 2.1\Cas 2.1.exe" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-02 19:38]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f1c66a-03b3-11dc-ae89-0016cf528e7c}]
AutoRun\command- G:\arun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-02 19:02:16 C:\WINDOWS\tasks\At1.job
2007-06-17 16:38:06 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1179419835.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 22:29:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2196]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 22:36:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 22:35

--- E O F ---

[Baron Prášil]

použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a tento skript

Files to delete:
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\emptyregdb.dat

[old.k]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ceohyxpg

*******************

Script file located at: \??\C:\erpnoarh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
File C:\WINDOWS\system32\emptyregdb.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Problém se nevyřešil.