Kontrola HJT: totalne zashitovanej PC

[hadic]

hotovo, combofix proveden. log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:14, on 26.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\já\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nlp] C:\WINDOWS\system32\nlp.exe \u
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\já\Plocha\lle-1\LLE.exe hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeylogger\KeyLogger.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O23 - Service: Služba Google Update (gupdate1ca0b59fbbe09ff) (gupdate1ca0b59fbbe09ff) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5807 bytes

[Reklama]

[jaro3]

Ten log z Combofixu potřebuji, jinak to vypadá dobře , jen překopírujeme spoolsv..

Toto je co za složku:
C:\Documents and Settings\já\Plocha\eliska\mp3 ??

[hadic]

taky jsem se divil co to tam dela, v cem je ta slozka tak zajimava ze se objevuje na kazdym tom vypisu... tam ma sestra mp3ky.

A ten log z combofixu jsem nemohl vlozit pac je zahadne velkej (120kb) celej log je tu: http://firsthyip.ic.cz/ComboFix.txt

[jaro3]

Příště to sem můžeš dát na víckrát , ale je to jedno .

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Fcopy::
C:\WINDOWS\system32\dllcache\spoolsv.exe | C:\WINDOWS\system32\spoolsv.exe

File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\0B.tmp
c:\windows\system32\047.tmp
c:\windows\system32\06.tmp
c:\windows\system32\07.tmp

Collect::
c:\windows\system32\jf6wmj.tmp
c:\windows\system32\pzyoi5.tmp
c:\windows\system32\uqtmsd.dll

Driver::
klisu;klisu
klisu
tfmiywbd;tfmiywbd
tfmiywbd
wrarvz;wrarvz
wrarvz
xfckaigrc;xfckaigrc
xfckaigrc
ebciw
szyzlv
emmyb
cnzyeall

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4736:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klisu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfmiywbd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wrarvz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xfckaigrc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cnzyeall]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21627ef5-5dc7-47a2-9392-427ba2634d93}]

Netsvc::
ebciw
szyzlv
emmyb
cnzyeall

Firefox::
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=vIrGd.dBMUw.AAuSnkCecA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit a_2009-10-26@14.14.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Budou tři .Pošli mi je jako přílohu přes SZ. Dík.

Toto otestuj na Virustotal
c:\\Program Files\\EverStep\\Program\\EverStep.exe
c:\\Documents and Settings\\já\\ocuf.exe
Vlož sem pak odkazy výsledků.

[GambaHa]

Zdravím počítačovníci, prosim přestaňte na chvilku pracovat a pošlete mi hlas do soutěže
Kinder čokolada. Cena SMS je jen 3 Kč. Jmenuju se Máťa je mi 9 a váš hlas fakt potřebuju.
Tvar SMS je KINDER HLAS KGPC2N na číslo 9000903. díky moc

//Vítej na fóru, vybrala sis špatnou sekci, nejlépe by bylo , kdybys to tady zase smazala, tady se zabýváme viry, ne posíláním SMS. jaro3

[hadic]

ComboFix 09-10-26.01 - já 26.10.2009 22:35.4.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1983.1495 [GMT 1:00]
Spuštěný z: c:\documents and settings\já\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\já\Plocha\CFScript.txt

FILE ::
"c:\windows\system32\047.tmp"
"c:\windows\system32\06.tmp"
"c:\windows\system32\07.tmp"
"c:\windows\system32\0B.tmp"
"c:\windows\system32\d3d9caps.dat"

file zipped: c:\windows\system32\jf6wmj.tmp
file zipped: c:\windows\system32\pzyoi5.tmp
file zipped: c:\windows\system32\uqtmsd.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
c:\windows\system32\d3d9caps.dat
c:\windows\system32\jf6wmj.tmp
c:\windows\system32\pzyoi5.tmp
c:\windows\system32\uqtmsd.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\spoolsv.exe --> c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CNZYEALL
-------\Legacy_EBCIW
-------\Legacy_EMMYB
-------\Legacy_KLISU
-------\Legacy_SZYZLV
-------\Legacy_TFMIYWBD
-------\Legacy_WRARVZ
-------\Legacy_XFCKAIGRC
-------\Service_cnzyeall


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-26 do 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 21:35 . 2004-08-17 13:49 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2009-10-26 21:35 . 2004-08-17 13:49 57856 ----a-w- c:\windows\system32\spoolsv.exe
2009-10-26 18:56 . 2004-08-03 22:04 13568 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
2009-10-26 18:55 . 2001-10-24 11:25 26624 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2009-10-26 18:54 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-26 18:53 . 2001-10-24 11:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-10-26 18:52 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-26 18:51 . 2001-10-24 11:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-10-26 18:51 . 2004-08-17 14:45 2183168 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-25 21:51 . 2009-10-25 21:51 -------- d-----w- c:\program files\Scorpions WinCheater
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Alwil Software
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\windows\USB Vibration
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\program files\USB Vibration
2009-10-21 13:08 . 2009-10-21 13:08 -------- d-----w- c:\program files\IVT Corporation
2009-10-20 20:38 . 2009-10-20 20:38 -------- d-----w- C:\ZAV_DOMA
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\cs-CZ
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\program files\MSBuild
2009-10-11 21:09 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-11 21:08 . 2009-10-11 21:08 -------- d-----w- c:\program files\Reference Assemblies
2009-10-11 21:08 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-11 20:54 . 2009-10-11 20:54 -------- d-----r- C:\MSOCache
2009-10-10 14:59 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2009-10-08 16:02 . 2009-10-08 16:02 -------- d-----w- c:\program files\Biromsoft
2009-10-08 15:53 . 2004-08-09 15:43 94208 ----a-w- c:\windows\amcap.exe
2009-10-08 15:53 . 2004-07-30 16:50 286720 ----a-w- c:\windows\vsnpstd3.exe
2009-10-08 15:53 . 2004-06-15 13:18 53248 ----a-w- c:\windows\system32\dsnpstd3.dll
2009-10-08 15:53 . 2009-10-08 15:53 -------- d-----w- c:\program files\Common Files\snpstd3
2009-10-08 15:53 . 2004-08-06 13:48 20480 ----a-w- c:\windows\usnpstd3.exe
2009-10-08 15:52 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll
2009-10-08 15:52 . 2004-11-05 09:21 57344 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-10-08 15:52 . 2004-08-30 09:00 36864 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-10-08 15:52 . 2005-11-21 10:51 53248 ----a-r- c:\windows\system\dsnpstd3.dll
2009-10-08 15:51 . 2004-10-29 11:52 413696 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-10-08 15:49 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system\vfwwdm32.dll
2009-10-08 09:30 . 2009-10-08 09:30 -------- d-----w- c:\windows\nview
2009-10-08 09:30 . 2008-02-25 04:29 360448 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraiins.dll
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraidco.dll
2009-10-08 09:29 . 2008-02-19 10:13 199168 ----a-r- c:\windows\system32\fdco1.dll
2009-10-08 09:29 . 2008-01-29 04:37 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-10-08 09:29 . 2008-03-06 09:23 442368 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-08 09:28 . 2008-01-29 04:36 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-10-08 09:28 . 2008-01-29 04:13 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-10-08 09:28 . 2008-01-29 04:37 950272 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-10-08 09:28 . 2008-01-29 04:37 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\nvusmu.exe
2009-10-08 09:28 . 2008-02-15 07:15 14336 ----a-r- c:\windows\system32\drivers\nvsmu.sys
2009-10-08 09:28 . 2008-02-13 04:27 35840 ----a-r- c:\windows\system32\NVCOSMU.DLL
2009-10-08 09:28 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 08:14 . 2001-10-25 11:00 76516 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 08:14 . 2001-10-25 11:00 424082 ----a-w- c:\windows\system32\perfh005.dat
2009-10-23 18:57 . 2009-03-24 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 09:02 . 2009-04-24 11:14 -------- d-----w- c:\program files\Ubisoft
2009-10-08 09:01 . 2009-04-24 11:16 -------- d-----w- c:\program files\3DO
2009-10-08 08:55 . 2009-03-31 13:27 -------- d-----w- c:\program files\Google
2009-09-25 13:45 . 2009-09-25 13:44 -------- d-----w- c:\program files\HomeKeylogger
2009-09-20 17:12 . 2009-09-20 17:12 -------- d-----w- c:\program files\ReadManiac
2009-09-10 20:11 . 2009-04-23 21:01 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-08-28 12:54 . 2009-08-28 11:15 17549 ----a-w- c:\windows\War3Unin.dat
2009-08-28 11:15 . 2009-08-28 11:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-28 11:15 . 2009-08-28 11:15 126976 ----a-w- c:\windows\War3Unin.exe
2009-08-28 11:15 . 2009-08-28 11:14 -------- d-----w- c:\program files\Warcraft III
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-26_19.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 21:39 . 2009-10-26 21:39 16384 c:\windows\temp\Perflib_Perfdata_368.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-07-30 286720]
"nlp"="c:\windows\system32\nlp.exe" [BU]
"LPT LED Effect"="c:\documents and settings\já\Plocha\lle-1\LLE.exe" [BU]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HomeKeyLogger"="c:\program files\HomeKeylogger\KeyLogger.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\j \Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\já\\Plocha\\Já\\qipinfium9000\\infium.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\já\\ocuf.exe"=

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [16.4.2009 20:05 2996]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [21.8.2009 14:45 19020]
R3 xTouch;xTouch;c:\windows\system32\drivers\xTouch.sys [28.7.2009 9:38 67968]
S2 gupdate1ca0b59fbbe09ff;Služba Google Update (gupdate1ca0b59fbbe09ff);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 EGXFilter;EGXFilter;c:\windows\system32\drivers\EGXFilter.sys [28.7.2009 9:38 80896]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {5A05FD30-C819-4DCF-AAE7-D6342936C338} = 192.168.124.1
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 22:39
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1444)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\combofix\CF31674.exe
c:\combofix\hidec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\msiexec.exe
c:\combofix\mbr.cfxxe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-26 22:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-26 21:41
ComboFix2.txt 2009-10-26 19:17
ComboFix3.txt 2009-10-26 18:16
ComboFix4.txt 2009-10-24 14:43
ComboFix5.txt 2009-10-26 21:34

Před spuštěním: Volných bajtů: 209 041 580 032
Po spuštění: Volných bajtů: 209 007 259 648

- - End Of File - - A1220ECB8EE23A027A83A9926A43535B



HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:29, on 26.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\já\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nlp] C:\WINDOWS\system32\nlp.exe \u
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\já\Plocha\lle-1\LLE.exe hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeylogger\KeyLogger.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A05FD30-C819-4DCF-AAE7-D6342936C338}: NameServer = 192.168.124.1
O23 - Service: Služba Google Update (gupdate1ca0b59fbbe09ff) (gupdate1ca0b59fbbe09ff) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5933 bytes

[hadic]

Tak, everstep je cistej a to druhy je zde: http://firsthyip.ic.cz/ofuc.html

[jaro3]

O.K.

Takže ještě jeden script v CF:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\\Documents and Settings\\já\\ocuf.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\já\\ocuf.exe"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Log z HJT dávat nemusíš. Doporučuji přejít z Internet Explorer v6.00 na verzi IE7.

Vymaž z obsahu této složky , vše , co nejsou nahrávky mp3:
C:\Documents and Settings\já\Plocha\eliska\mp3

[hadic]

tu je log. v ty slozce MP3 jsou ciste jen mp3ky a obcas obrazek alba. zadnej spustitelnej soubor ani knihovna

ComboFix 09-10-27.08 - já 28.10.2009 22:44.5.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1983.1443 [GMT 1:00]
Spuštěný z: c:\documents and settings\já\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\já\Plocha\CFscript.txt

FILE ::
"c:\\Documents and Settings\\já\\ocuf.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Documents and Settings\\já\\ocuf.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-26 21:35 . 2004-08-17 13:49 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2009-10-26 21:35 . 2004-08-17 13:49 57856 ------w- c:\windows\system32\spoolsv.exe
2009-10-26 18:56 . 2004-08-03 22:04 13568 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
2009-10-26 18:55 . 2001-10-24 11:25 26624 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2009-10-26 18:54 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-26 18:53 . 2001-10-24 11:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-10-26 18:52 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-26 18:51 . 2001-10-24 11:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-10-26 18:51 . 2004-08-17 14:45 2183168 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Alwil Software
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\windows\USB Vibration
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\program files\USB Vibration
2009-10-21 13:08 . 2009-10-21 13:08 -------- d-----w- c:\program files\IVT Corporation
2009-10-20 20:38 . 2009-10-28 19:09 -------- d-----w- C:\ZAV_DOMA
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\cs-CZ
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\program files\MSBuild
2009-10-11 21:09 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-11 21:08 . 2009-10-11 21:08 -------- d-----w- c:\program files\Reference Assemblies
2009-10-11 21:08 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-11 20:54 . 2009-10-11 20:54 -------- d-----r- C:\MSOCache
2009-10-10 14:59 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2009-10-08 16:02 . 2009-10-08 16:02 -------- d-----w- c:\program files\Biromsoft
2009-10-08 15:53 . 2004-08-09 15:43 94208 ----a-w- c:\windows\amcap.exe
2009-10-08 15:53 . 2004-07-30 16:50 286720 ----a-w- c:\windows\vsnpstd3.exe
2009-10-08 15:53 . 2004-06-15 13:18 53248 ----a-w- c:\windows\system32\dsnpstd3.dll
2009-10-08 15:53 . 2009-10-08 15:53 -------- d-----w- c:\program files\Common Files\snpstd3
2009-10-08 15:53 . 2004-08-06 13:48 20480 ----a-w- c:\windows\usnpstd3.exe
2009-10-08 15:52 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll
2009-10-08 15:52 . 2004-11-05 09:21 57344 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-10-08 15:52 . 2004-08-30 09:00 36864 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-10-08 15:52 . 2005-11-21 10:51 53248 ----a-r- c:\windows\system\dsnpstd3.dll
2009-10-08 15:51 . 2004-10-29 11:52 413696 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-10-08 15:49 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system\vfwwdm32.dll
2009-10-08 09:30 . 2009-10-08 09:30 -------- d-----w- c:\windows\nview
2009-10-08 09:30 . 2008-02-25 04:29 360448 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraiins.dll
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraidco.dll
2009-10-08 09:29 . 2008-02-19 10:13 199168 ----a-r- c:\windows\system32\fdco1.dll
2009-10-08 09:29 . 2008-01-29 04:37 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-10-08 09:29 . 2008-03-06 09:23 442368 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-08 09:28 . 2008-01-29 04:36 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-10-08 09:28 . 2008-01-29 04:13 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-10-08 09:28 . 2008-01-29 04:37 950272 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-10-08 09:28 . 2008-01-29 04:37 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\nvusmu.exe
2009-10-08 09:28 . 2008-02-15 07:15 14336 ----a-r- c:\windows\system32\drivers\nvsmu.sys
2009-10-08 09:28 . 2008-02-13 04:27 35840 ----a-r- c:\windows\system32\NVCOSMU.DLL
2009-10-08 09:28 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 22:38 . 2009-09-20 17:12 -------- d-----w- c:\program files\ReadManiac
2009-10-26 22:34 . 2009-03-28 19:36 104318 ----a-w- c:\windows\hpoins04.dat
2009-10-25 08:14 . 2001-10-25 11:00 76516 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 08:14 . 2001-10-25 11:00 424082 ----a-w- c:\windows\system32\perfh005.dat
2009-10-23 18:57 . 2009-03-24 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 09:02 . 2009-04-24 11:14 -------- d-----w- c:\program files\Ubisoft
2009-10-08 09:01 . 2009-04-24 11:16 -------- d-----w- c:\program files\3DO
2009-10-08 08:55 . 2009-03-31 13:27 -------- d-----w- c:\program files\Google
2009-09-25 13:45 . 2009-09-25 13:44 -------- d-----w- c:\program files\HomeKeylogger
2009-09-10 20:11 . 2009-04-23 21:01 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-08-28 12:54 . 2009-08-28 11:15 17549 ----a-w- c:\windows\War3Unin.dat
2009-08-28 11:15 . 2009-08-28 11:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-28 11:15 . 2009-08-28 11:15 126976 ----a-w- c:\windows\War3Unin.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-08-17 13:49 . 2004-08-17 13:49 161513 --sha-r- c:\windows\system32\uqtmsd.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-26_19.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 21:47 . 2009-10-28 21:47 16384 c:\windows\temp\Perflib_Perfdata_540.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-07-30 286720]
"nlp"="c:\windows\system32\nlp.exe" [BU]
"LPT LED Effect"="c:\documents and settings\já\Plocha\lle-1\LLE.exe" [BU]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HomeKeyLogger"="c:\program files\HomeKeylogger\KeyLogger.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\j \Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\já\\Plocha\\Já\\qipinfium9000\\infium.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4736:TCP"= 4736:TCP:pekzbf

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [16.4.2009 20:05 2996]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [21.8.2009 14:45 19020]
R3 xTouch;xTouch;c:\windows\system32\drivers\xTouch.sys [28.7.2009 9:38 67968]
S2 gupdate1ca0b59fbbe09ff;Služba Google Update (gupdate1ca0b59fbbe09ff);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 yqfuuwkq;Network Config;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S3 EGXFilter;EGXFilter;c:\windows\system32\drivers\EGXFilter.sys [28.7.2009 9:38 80896]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yqfuuwkq

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {5A05FD30-C819-4DCF-AAE7-D6342936C338} = 192.168.124.1
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 22:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqfuuwkq]
"ServiceDll"="c:\windows\system32\uqtmsd.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\combofix\CF13612.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\hpcoretech\comp\hpdarc.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-28 22:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-28 21:49
ComboFix2.txt 2009-10-26 21:42
ComboFix3.txt 2009-10-26 19:17
ComboFix4.txt 2009-10-26 18:16
ComboFix5.txt 2009-10-28 21:42

Před spuštěním: Volných bajtů: 210 117 558 272
Po spuštění: Volných bajtů: 210 165 600 256

- - End Of File - - 554200D73DAE19410B50A030A6AF8164

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
pekzbf
yqfuuwkq
Yqfuuwkq

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4736:TCP"=-

NetSvcs::
Yqfuuwkq

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqfuuwkq]

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Zítra..

[hadic]

tu to je. ted ale zas prozmenu nefunguje spravne graficky rostredi. ted to je jako v nouzovym rezimu a nefunguje zvuk

ComboFix 09-10-28.06 - já 29.10.2009 13:24.6.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1983.1456 [GMT 1:00]
Spuštěný z: c:\documents and settings\já\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\já\Plocha\CFscript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YQFUUWKQ
-------\Service_yqfuuwkq


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 22:34 . 2009-10-28 22:34 -------- d-----w- c:\program files\MetaTrader - FXOpen
2009-10-26 21:35 . 2004-08-17 13:49 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2009-10-26 21:35 . 2004-08-17 13:49 57856 ------w- c:\windows\system32\spoolsv.exe
2009-10-26 18:56 . 2004-08-03 22:04 13568 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
2009-10-26 18:55 . 2001-10-24 11:25 26624 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2009-10-26 18:54 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-26 18:53 . 2001-10-24 11:24 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-10-26 18:52 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-26 18:51 . 2001-10-24 11:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-10-26 18:51 . 2004-08-17 14:45 2183168 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-23 20:44 . 2009-10-23 20:44 -------- d-----w- c:\program files\Alwil Software
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\windows\USB Vibration
2009-10-23 18:57 . 2009-10-23 18:57 -------- d-----w- c:\program files\USB Vibration
2009-10-21 13:08 . 2009-10-21 13:08 -------- d-----w- c:\program files\IVT Corporation
2009-10-20 20:38 . 2009-10-28 19:09 -------- d-----w- C:\ZAV_DOMA
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\cs-CZ
2009-10-11 21:11 . 2009-10-11 21:11 -------- d-----w- c:\program files\MSBuild
2009-10-11 21:09 . 2009-10-11 21:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-11 21:08 . 2009-10-11 21:08 -------- d-----w- c:\program files\Reference Assemblies
2009-10-11 21:08 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-11 20:54 . 2009-10-11 20:54 -------- d-----r- C:\MSOCache
2009-10-10 14:59 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2009-10-08 16:02 . 2009-10-08 16:02 -------- d-----w- c:\program files\Biromsoft
2009-10-08 15:53 . 2004-08-09 15:43 94208 ----a-w- c:\windows\amcap.exe
2009-10-08 15:53 . 2004-07-30 16:50 286720 ----a-w- c:\windows\vsnpstd3.exe
2009-10-08 15:53 . 2004-06-15 13:18 53248 ----a-w- c:\windows\system32\dsnpstd3.dll
2009-10-08 15:53 . 2009-10-08 15:53 -------- d-----w- c:\program files\Common Files\snpstd3
2009-10-08 15:53 . 2004-08-06 13:48 20480 ----a-w- c:\windows\usnpstd3.exe
2009-10-08 15:52 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll
2009-10-08 15:52 . 2004-11-05 09:21 57344 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-10-08 15:52 . 2004-08-30 09:00 36864 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-10-08 15:52 . 2005-11-21 10:51 53248 ----a-r- c:\windows\system\dsnpstd3.dll
2009-10-08 15:51 . 2004-10-29 11:52 413696 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-10-08 15:49 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system\vfwwdm32.dll
2009-10-08 09:30 . 2009-10-08 09:30 -------- d-----w- c:\windows\nview
2009-10-08 09:30 . 2008-02-25 04:29 360448 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraiins.dll
2009-10-08 09:29 . 2008-01-25 11:48 360448 ----a-r- c:\windows\system32\nvraidco.dll
2009-10-08 09:29 . 2008-02-19 10:13 199168 ----a-r- c:\windows\system32\fdco1.dll
2009-10-08 09:29 . 2008-01-29 04:37 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-10-08 09:29 . 2008-03-06 09:23 442368 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-08 09:28 . 2008-01-29 04:36 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-10-08 09:28 . 2008-01-29 04:13 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-10-08 09:28 . 2008-01-29 04:37 950272 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-10-08 09:28 . 2008-01-29 04:37 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\nvusmu.exe
2009-10-08 09:28 . 2008-02-15 07:15 14336 ----a-r- c:\windows\system32\drivers\nvsmu.sys
2009-10-08 09:28 . 2008-02-13 04:27 35840 ----a-r- c:\windows\system32\NVCOSMU.DLL
2009-10-08 09:28 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-10-08 09:28 . 2008-04-02 07:32 442368 ----a-r- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 22:38 . 2009-09-20 17:12 -------- d-----w- c:\program files\ReadManiac
2009-10-26 22:34 . 2009-03-28 19:36 104318 ----a-w- c:\windows\hpoins04.dat
2009-10-25 08:14 . 2001-10-25 11:00 76516 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 08:14 . 2001-10-25 11:00 424082 ----a-w- c:\windows\system32\perfh005.dat
2009-10-23 18:57 . 2009-03-24 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 09:02 . 2009-04-24 11:14 -------- d-----w- c:\program files\Ubisoft
2009-10-08 09:01 . 2009-04-24 11:16 -------- d-----w- c:\program files\3DO
2009-10-08 08:55 . 2009-03-31 13:27 -------- d-----w- c:\program files\Google
2009-09-25 13:45 . 2009-09-25 13:44 -------- d-----w- c:\program files\HomeKeylogger
2009-09-10 20:11 . 2009-04-23 21:01 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-08-28 12:54 . 2009-08-28 11:15 17549 ----a-w- c:\windows\War3Unin.dat
2009-08-28 11:15 . 2009-08-28 11:15 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-28 11:15 . 2009-08-28 11:15 126976 ----a-w- c:\windows\War3Unin.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-08-17 13:49 . 2004-08-17 13:49 161513 --sha-r- c:\windows\system32\uqtmsd.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-26_19.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 12:28 . 2009-10-29 12:28 16384 c:\windows\temp\Perflib_Perfdata_658.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-07-30 286720]
"nlp"="c:\windows\system32\nlp.exe" [BU]
"LPT LED Effect"="c:\documents and settings\já\Plocha\lle-1\LLE.exe" [BU]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HomeKeyLogger"="c:\program files\HomeKeylogger\KeyLogger.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\j \Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\já\\Plocha\\Já\\qipinfium9000\\infium.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [16.4.2009 20:05 2996]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [21.8.2009 14:45 19020]
R3 xTouch;xTouch;c:\windows\system32\drivers\xTouch.sys [28.7.2009 9:38 67968]
S2 gupdate1ca0b59fbbe09ff;Služba Google Update (gupdate1ca0b59fbbe09ff);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 EGXFilter;EGXFilter;c:\windows\system32\drivers\EGXFilter.sys [28.7.2009 9:38 80896]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {5A05FD30-C819-4DCF-AAE7-D6342936C338} = 192.168.124.1
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 13:28
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\HP\hpcoretech\comp\hpdarc.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2009-10-29 13:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-29 12:30
ComboFix2.txt 2009-10-28 21:49
ComboFix3.txt 2009-10-26 21:42
ComboFix4.txt 2009-10-26 19:17
ComboFix5.txt 2009-10-29 12:23

Před spuštěním: Volných bajtů: 210 138 898 432
Po spuštění: Volných bajtů: 210 088 644 608

- - End Of File - - 774D1015E920F75581940DFABB2204E9

[jaro3]

Tak ještě jednou:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\uqtmsd.dll


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Budeš muset přeinstalovat ovladače grafiky a zvuku.Mrkni se do správce zařízení.