Hugous875 kontrola logu

[hugous875]

Prosím o kontrolu logu z HiJackThis, aplikace WINLOGON.EXE mi žere skoro 90% výkonu CPU. Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:30, on 22.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {33EC6585-6B1B-4B6A-BD44-F7C678F6D9D4} - C:\WINDOWS.0\system32\yabaa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvusrop - wvusrop.dll (file missing)
O20 - Winlogon Notify: yabaa - C:\WINDOWS.0\system32\yabaa.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4570 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[hugous875]

Díky za odpověď, provedl jsem scan a níže je výsledný log soubor...předem děkuji za rady...




ComboFix 07-12-21.4 - xxx 2007-12-22 12:13:09.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.70 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\aabay.bak1
C:\WINDOWS.0\system32\aabay.ini
C:\WINDOWS.0\system32\efcaxxv.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-22 12:24 . 2007-12-22 12:27 455 ---hs---- C:\WINDOWS.0\system32\aabay.ini
2007-12-22 11:55 . 2007-12-22 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 11:27 . 2007-12-22 11:28 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-22 10:36 . 2007-12-22 10:36 <DIR> d-------- C:\Program Files\Totalcmd
2007-12-22 10:36 . 2007-12-22 12:23 1,182 --a------ C:\WINDOWS.0\wincmd.ini
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\UC.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\RAR.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKUNZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\NOCLOSE.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\LHA.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\ARJ.PIF
2007-12-22 10:30 . 2007-12-22 10:30 377 --ahs---- C:\WINDOWS.0\system32\kknnn.ini
2007-12-22 10:29 . 2007-12-22 10:30 263,220 ---hs---- C:\WINDOWS.0\system32\yabaa.dll
2007-12-22 10:22 . 26,171 C:\WINDOWS.0\system32\wvusrop.dll
2007-12-21 18:46 . 2007-12-21 18:46 49 --a------ C:\WINDOWS.0\NeroDigital.ini
2007-12-21 18:25 . 2007-12-21 18:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Program Files\BSplayerPro
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\WMPBurn
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Wave Editor
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Toolkit
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero StartSmart
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero SoundTrax
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero BackItUp
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\CoverDesigner
2007-12-21 17:01 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS.0\system32\imagr5.dll
2007-12-21 17:01 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS.0\system32\imagx5.dll
2007-12-21 17:01 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS.0\system32\ImagXpr5.dll
2007-12-21 17:01 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS.0\system32\NeroCheck.exe
2007-12-21 17:01 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS.0\system32\TwnLib20.dll
2007-12-21 17:01 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS.0\system32\picn20.dll
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Program Files\Winamp
2007-12-21 12:49 . 2007-12-21 12:49 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-20 12:06 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS.0\system32\dllcache\fltmgr.sys
2007-12-20 12:06 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS.0\system32\dllcache\fltmc.exe
2007-12-20 12:06 . 2006-08-21 13:27 16,896 --------- C:\WINDOWS.0\system32\dllcache\fltlib.dll
2007-12-20 10:59 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS.0\system32\dllcache\rpcrt4.dll
2007-12-20 07:31 . 2007-12-20 07:31 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabˇdka Start
2007-12-20 06:50 . 2007-12-21 17:03 316,640 --a------ C:\WINDOWS.0\WMSysPr9.prx
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\provisioning
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\peernet
2007-12-20 06:45 . 2007-12-20 06:45 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
2007-12-20 06:36 . 2007-12-20 06:36 <DIR> d-------- C:\WINDOWS.0\EHome
2007-12-19 07:38 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS.0\system32\drivers\netwlan5.img
2007-12-19 07:38 . 2004-08-17 15:49 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
2007-12-19 07:38 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS.0\system32\secupd.sig
2007-12-19 07:38 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
2007-12-19 06:30 . 2004-08-17 23:49 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
2007-12-19 06:30 . 2004-08-17 23:49 330,240 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
2007-12-19 06:30 . 2004-08-17 23:49 265,728 --a------ C:\WINDOWS.0\system32\h323.tsp
2007-12-19 06:30 . 2004-03-30 02:53 40,960 --------- C:\WINDOWS.0\system32\dllcache\evtgprov.dll
2007-12-19 06:30 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS.0\system32\xpsp1hfm.exe
2007-12-18 18:13 . 2005-10-20 23:30 1,083,904 --a------ C:\WINDOWS.0\system32\esent.dll
2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\WINDOWS.0\system32\bits
2007-12-18 17:44 . 2007-12-18 17:44 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2007-12-18 17:44 . 2006-05-25 10:29 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2007-12-18 17:30 . 2007-12-18 17:30 <DIR> d-------- C:\Program Files\dc++
2007-12-18 08:20 . 2007-12-18 08:20 <DIR> d-------- C:\Program Files\vso
2007-12-18 07:30 . 2007-06-26 07:10 1,104,896 --a------ C:\WINDOWS.0\system32\msxml3.dll
2007-12-16 15:30 . 2006-01-04 04:36 68,096 --a------ C:\WINDOWS.0\system32\webclnt.dll
2007-12-15 12:29 . 2006-05-19 14:42 110,592 --------- C:\WINDOWS.0\system32\dllcache\dhcpcsvc.dll
2007-12-15 12:29 . 2006-05-19 14:42 95,744 --------- C:\WINDOWS.0\system32\dllcache\iphlpapi.dll
2007-12-15 12:29 . 2007-03-09 14:48 57,344 --a------ C:\WINDOWS.0\system32\dllcache\agentdpv.dll
2007-12-15 07:12 . 2006-08-25 16:51 617,472 --------- C:\WINDOWS.0\system32\dllcache\comctl32.dll
2007-12-15 07:12 . 2007-01-23 20:31 546,304 --------- C:\WINDOWS.0\system32\dllcache\hhctrl.ocx
2007-12-15 07:12 . 2006-08-14 11:34 332,928 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
2007-12-15 07:12 . 2005-08-22 19:36 197,632 --a------ C:\WINDOWS.0\system32\netman.dll
2007-12-13 16:44 . 2004-08-17 23:49 384,512 --a------ C:\WINDOWS.0\system32\ipsmsnap.dll
2007-12-13 16:44 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\ipsecsnp.dll
2007-12-13 16:44 . 2004-08-17 23:49 267,776 --a------ C:\WINDOWS.0\system32\oakley.dll
2007-12-13 16:44 . 2004-08-17 23:49 182,784 --a------ C:\WINDOWS.0\system32\ipsecsvc.dll
2007-12-13 16:44 . 2006-06-22 11:48 181,248 --------- C:\WINDOWS.0\system32\dllcache\rasmans.dll
2007-12-13 16:44 . 2005-08-23 04:40 124,416 --a------ C:\WINDOWS.0\system32\umpnpmgr.dll
2007-12-13 16:44 . 2004-08-17 23:49 105,472 --a------ C:\WINDOWS.0\system32\polstore.dll
2007-12-13 16:44 . 2007-03-08 16:38 40,960 --a------ C:\WINDOWS.0\system32\mf3216.dll
2007-12-13 16:44 . 2004-08-17 23:49 32,768 --a------ C:\WINDOWS.0\system32\winipsec.dll
2007-12-13 16:43 . 2006-05-05 10:41 453,120 --------- C:\WINDOWS.0\system32\dllcache\mrxsmb.sys
2007-12-13 16:43 . 2006-05-05 10:47 174,592 --------- C:\WINDOWS.0\system32\dllcache\rdbss.sys
2007-12-13 16:43 . 2004-08-17 23:49 102,400 --a------ C:\WINDOWS.0\system32\cscdll.dll
2007-12-13 16:43 . 2006-03-01 20:44 91,136 --a------ C:\WINDOWS.0\system32\mtxoci.dll
2007-12-13 16:43 . 2006-03-01 20:44 66,560 --a------ C:\WINDOWS.0\system32\mtxclu.dll
2007-12-13 16:43 . 2005-06-11 00:53 57,856 --a------ C:\WINDOWS.0\system32\spoolsv.exe
2007-12-12 19:35 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\winhttp.dll
2007-12-12 19:35 . 2004-08-17 23:49 18,944 --a------ C:\WINDOWS.0\system32\qmgrprxy.dll
2007-12-12 19:35 . 2004-08-17 23:49 8,192 --------- C:\WINDOWS.0\system32\bitsprx2.dll
2007-12-12 19:35 . 2004-08-17 23:49 7,168 --------- C:\WINDOWS.0\system32\bitsprx3.dll
2007-12-12 19:31 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS.0\system32\wuapi.dll
2007-12-12 19:31 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS.0\system32\wucltui.dll
2007-12-12 19:31 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS.0\system32\wuaucpl.cpl
2007-12-12 19:31 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS.0\system32\wuweb.dll
2007-12-12 19:31 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS.0\system32\wuaueng1.dll
2007-12-12 19:31 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS.0\system32\wuauclt1.exe
2007-12-12 19:31 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS.0\system32\wups.dll
2007-12-12 18:36 . 2007-12-12 18:36 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData
2007-12-10 19:25 . 2007-12-10 19:25 <DIR> d---s---- C:\Documents and Settings\xxx\UserData
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\WINDOWS.0\system32\DRVSTORE
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\Nokia
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\DIFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 05:50 8,972 ----a-w C:\WINDOWS.0\PCHealth\HelpCtr\Config\Cntstore.bin
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS.0\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS.0\system32\drivers\secdrv.sys
2007-10-30 10:19 3,079,680 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS.0\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS.0\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ------w C:\WINDOWS.0\system32\dllcache\shell32.dll
2007-10-11 06:14 96,768 ------w C:\WINDOWS.0\system32\dllcache\inseng.dll
2007-10-11 06:14 660,480 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
2007-10-11 06:14 615,936 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
2007-10-11 06:14 474,112 ------w C:\WINDOWS.0\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ------w C:\WINDOWS.0\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ------w C:\WINDOWS.0\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS.0\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
2007-10-11 06:14 1,495,040 ------w C:\WINDOWS.0\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS.0\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS.0\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS.0\system32\dllcache\iedw.exe
2005-09-09 18:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi
2005-09-09 18:55 4,588,454 ----a-w C:\Program Files\setup.exe
2005-09-09 18:55 37,766,164 ----a-w C:\Program Files\Data1.cab
2005-09-09 18:55 35 ----a-w C:\Program Files\SCSSDist.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0A1B829-20BB-44F6-A668-8874E1E6F70D}]
2007-12-22 10:30 263220 ---hs---- C:\WINDOWS.0\system32\yabaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}]
C:\WINDOWS.0\system32\wvusrop.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 23:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"NVIEW"="nview.dll" [2003-07-28 15:19 C:\WINDOWS.0\system32\nview.dll]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-06 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS.0\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-17 23:49]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"= C:\WINDOWS.0\system32\wvusrop.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusrop]
wvusrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabaa]
C:\WINDOWS.0\system32\yabaa.dll 2007-12-22 10:30 263220 C:\WINDOWS.0\system32\yabaa.dll

R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS.0\system32\DRIVERS\n100325.sys [2001-10-24 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-04 07:04]

*Newly Created Service* - DOMAINSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:02 C:\WINDOWS.0\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 12:26:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 12:30:08 - machine was rebooted
.
2007-12-21 17:53:06 --- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS.0\system32\aabay.ini
C:\WINDOWS.0\system32\kknnn.ini
C:\WINDOWS.0\system32\yabaa.dll
C:\WINDOWS.0\system32\wvusrop.dll

DirLook::
C:\WINDOWS.0\system32\NtmsData

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0A1B829-20BB-44F6-A668-8874E1E6F70D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusrop]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabaa]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
dej sem taky nový log z HJT.

[hugous875]

Tak jsem to provedl dle pokynů a tady je nový COMBOFIXlog:
ComboFix 07-12-21.4 - xxx 2007-12-22 17:11:27.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.87 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxx\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS.0\system32\aabay.ini
C:\WINDOWS.0\system32\kknnn.ini
C:\WINDOWS.0\system32\wvusrop.dll
C:\WINDOWS.0\system32\yabaa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\aabay.ini
C:\WINDOWS.0\system32\kknnn.ini
C:\WINDOWS.0\system32\wvusrop.dll
C:\WINDOWS.0\system32\yabaa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-22 12:27 . 2007-12-22 12:27 74,260 --a------ C:\WINDOWS.0\system32\iwdbyfdb.exe
2007-12-22 12:26 . 2007-12-22 12:26 103,928 ---hs---- C:\WINDOWS.0\system32\aabay.bak1
2007-12-22 11:55 . 2007-12-22 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 11:27 . 2007-12-22 11:28 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-22 10:36 . 2007-12-22 10:36 <DIR> d-------- C:\Program Files\Totalcmd
2007-12-22 10:36 . 2007-12-22 12:23 1,182 --a------ C:\WINDOWS.0\wincmd.ini
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\UC.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\RAR.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKUNZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\NOCLOSE.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\LHA.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\ARJ.PIF
2007-12-21 18:46 . 2007-12-21 18:46 49 --a------ C:\WINDOWS.0\NeroDigital.ini
2007-12-21 18:25 . 2007-12-21 18:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Program Files\BSplayerPro
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\WMPBurn
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Wave Editor
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Toolkit
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero StartSmart
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero SoundTrax
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero BackItUp
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\CoverDesigner
2007-12-21 17:01 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS.0\system32\imagr5.dll
2007-12-21 17:01 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS.0\system32\imagx5.dll
2007-12-21 17:01 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS.0\system32\ImagXpr5.dll
2007-12-21 17:01 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS.0\system32\NeroCheck.exe
2007-12-21 17:01 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS.0\system32\TwnLib20.dll
2007-12-21 17:01 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS.0\system32\picn20.dll
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Program Files\Winamp
2007-12-21 12:49 . 2007-12-21 12:49 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-20 12:06 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS.0\system32\dllcache\fltmgr.sys
2007-12-20 12:06 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS.0\system32\dllcache\fltmc.exe
2007-12-20 12:06 . 2006-08-21 13:27 16,896 --------- C:\WINDOWS.0\system32\dllcache\fltlib.dll
2007-12-20 10:59 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS.0\system32\dllcache\rpcrt4.dll
2007-12-20 07:31 . 2007-12-20 07:31 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabˇdka Start
2007-12-20 06:50 . 2007-12-21 17:03 316,640 --a------ C:\WINDOWS.0\WMSysPr9.prx
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\provisioning
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\peernet
2007-12-20 06:45 . 2007-12-20 06:45 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
2007-12-20 06:36 . 2007-12-20 06:36 <DIR> d-------- C:\WINDOWS.0\EHome
2007-12-19 07:38 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS.0\system32\drivers\netwlan5.img
2007-12-19 07:38 . 2004-08-17 15:49 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
2007-12-19 07:38 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS.0\system32\secupd.sig
2007-12-19 07:38 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
2007-12-19 06:30 . 2004-08-17 23:49 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
2007-12-19 06:30 . 2004-08-17 23:49 330,240 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
2007-12-19 06:30 . 2004-08-17 23:49 265,728 --a------ C:\WINDOWS.0\system32\h323.tsp
2007-12-19 06:30 . 2004-03-30 02:53 40,960 --------- C:\WINDOWS.0\system32\dllcache\evtgprov.dll
2007-12-19 06:30 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS.0\system32\xpsp1hfm.exe
2007-12-18 18:13 . 2005-10-20 23:30 1,083,904 --a------ C:\WINDOWS.0\system32\esent.dll
2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\WINDOWS.0\system32\bits
2007-12-18 17:44 . 2007-12-18 17:44 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2007-12-18 17:44 . 2006-05-25 10:29 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2007-12-18 17:30 . 2007-12-18 17:30 <DIR> d-------- C:\Program Files\dc++
2007-12-18 08:20 . 2007-12-18 08:20 <DIR> d-------- C:\Program Files\vso
2007-12-18 07:30 . 2007-06-26 07:10 1,104,896 --a------ C:\WINDOWS.0\system32\msxml3.dll
2007-12-16 15:30 . 2006-01-04 04:36 68,096 --a------ C:\WINDOWS.0\system32\webclnt.dll
2007-12-15 12:29 . 2006-05-19 14:42 110,592 --------- C:\WINDOWS.0\system32\dllcache\dhcpcsvc.dll
2007-12-15 12:29 . 2006-05-19 14:42 95,744 --------- C:\WINDOWS.0\system32\dllcache\iphlpapi.dll
2007-12-15 12:29 . 2007-03-09 14:48 57,344 --a------ C:\WINDOWS.0\system32\dllcache\agentdpv.dll
2007-12-15 07:12 . 2006-08-25 16:51 617,472 --------- C:\WINDOWS.0\system32\dllcache\comctl32.dll
2007-12-15 07:12 . 2007-01-23 20:31 546,304 --------- C:\WINDOWS.0\system32\dllcache\hhctrl.ocx
2007-12-15 07:12 . 2006-08-14 11:34 332,928 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
2007-12-15 07:12 . 2005-08-22 19:36 197,632 --a------ C:\WINDOWS.0\system32\netman.dll
2007-12-13 16:44 . 2004-08-17 23:49 384,512 --a------ C:\WINDOWS.0\system32\ipsmsnap.dll
2007-12-13 16:44 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\ipsecsnp.dll
2007-12-13 16:44 . 2004-08-17 23:49 267,776 --a------ C:\WINDOWS.0\system32\oakley.dll
2007-12-13 16:44 . 2004-08-17 23:49 182,784 --a------ C:\WINDOWS.0\system32\ipsecsvc.dll
2007-12-13 16:44 . 2006-06-22 11:48 181,248 --------- C:\WINDOWS.0\system32\dllcache\rasmans.dll
2007-12-13 16:44 . 2005-08-23 04:40 124,416 --a------ C:\WINDOWS.0\system32\umpnpmgr.dll
2007-12-13 16:44 . 2004-08-17 23:49 105,472 --a------ C:\WINDOWS.0\system32\polstore.dll
2007-12-13 16:44 . 2007-03-08 16:38 40,960 --a------ C:\WINDOWS.0\system32\mf3216.dll
2007-12-13 16:44 . 2004-08-17 23:49 32,768 --a------ C:\WINDOWS.0\system32\winipsec.dll
2007-12-13 16:43 . 2006-05-05 10:41 453,120 --------- C:\WINDOWS.0\system32\dllcache\mrxsmb.sys
2007-12-13 16:43 . 2006-05-05 10:47 174,592 --------- C:\WINDOWS.0\system32\dllcache\rdbss.sys
2007-12-13 16:43 . 2004-08-17 23:49 102,400 --a------ C:\WINDOWS.0\system32\cscdll.dll
2007-12-13 16:43 . 2006-03-01 20:44 91,136 --a------ C:\WINDOWS.0\system32\mtxoci.dll
2007-12-13 16:43 . 2006-03-01 20:44 66,560 --a------ C:\WINDOWS.0\system32\mtxclu.dll
2007-12-13 16:43 . 2005-06-11 00:53 57,856 --a------ C:\WINDOWS.0\system32\spoolsv.exe
2007-12-12 19:35 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\winhttp.dll
2007-12-12 19:35 . 2004-08-17 23:49 18,944 --a------ C:\WINDOWS.0\system32\qmgrprxy.dll
2007-12-12 19:35 . 2004-08-17 23:49 8,192 --------- C:\WINDOWS.0\system32\bitsprx2.dll
2007-12-12 19:35 . 2004-08-17 23:49 7,168 --------- C:\WINDOWS.0\system32\bitsprx3.dll
2007-12-12 19:31 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS.0\system32\wuapi.dll
2007-12-12 19:31 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS.0\system32\wucltui.dll
2007-12-12 19:31 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS.0\system32\wuaucpl.cpl
2007-12-12 19:31 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS.0\system32\wuweb.dll
2007-12-12 19:31 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS.0\system32\wuaueng1.dll
2007-12-12 19:31 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS.0\system32\wuauclt1.exe
2007-12-12 19:31 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS.0\system32\wups.dll
2007-12-12 18:36 . 2007-12-12 18:36 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData
2007-12-10 19:25 . 2007-12-10 19:25 <DIR> d---s---- C:\Documents and Settings\xxx\UserData
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\WINDOWS.0\system32\DRVSTORE
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\Nokia
2007-12-10 19:12 . 2007-12-10 19:12 <DIR> d-------- C:\Program Files\DIFX
2007-12-10 19:12 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS.0\system32\nmwcdcls.dll
2007-12-09 12:52 . 2001-10-24 12:01 129,024 --a------ C:\WINDOWS.0\system32\drivers\n100325.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 05:50 8,972 ----a-w C:\WINDOWS.0\PCHealth\HelpCtr\Config\Cntstore.bin
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS.0\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS.0\system32\drivers\secdrv.sys
2007-10-30 10:19 3,079,680 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS.0\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS.0\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ------w C:\WINDOWS.0\system32\dllcache\shell32.dll
2007-10-11 06:14 96,768 ------w C:\WINDOWS.0\system32\dllcache\inseng.dll
2007-10-11 06:14 660,480 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
2007-10-11 06:14 615,936 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
2007-10-11 06:14 474,112 ------w C:\WINDOWS.0\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ------w C:\WINDOWS.0\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ------w C:\WINDOWS.0\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS.0\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
2007-10-11 06:14 1,495,040 ------w C:\WINDOWS.0\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS.0\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS.0\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS.0\system32\dllcache\iedw.exe
2005-09-09 18:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi
2005-09-09 18:55 4,588,454 ----a-w C:\Program Files\setup.exe
2005-09-09 18:55 37,766,164 ----a-w C:\Program Files\Data1.cab
2005-09-09 18:55 35 ----a-w C:\Program Files\SCSSDist.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS.0\system32\NtmsData ----

2007-12-12 18:37 82760 --a------ C:\WINDOWS.0\system32\NtmsData\NTMSIDX
2007-12-12 18:37 106496 --a------ C:\WINDOWS.0\system32\NtmsData\NTMSDATA.BAK
2007-12-12 18:37 106496 --a------ C:\WINDOWS.0\system32\NtmsData\NTMSDATA
2007-12-12 18:36 816 --a------ C:\WINDOWS.0\system32\NtmsData\NTMSREG


((((((((((((((((((((((((((((( snapshot@2007-12-22_12.27.35.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS.0\erdnt\subs\ERDNT.EXE
+ 2007-12-22 16:27:22 16,384 ----a-w C:\WINDOWS.0\Temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 23:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"NVIEW"="nview.dll" [2003-07-28 15:19 C:\WINDOWS.0\system32\nview.dll]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-06 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS.0\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-17 23:49]

R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS.0\system32\DRIVERS\n100325.sys [2001-10-24 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-04 07:04]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:02 C:\WINDOWS.0\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:27:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 17:29:17 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-22 12:30
.
2007-12-21 17:53:06 --- E O F ---




A zde je nový HIJACKTHIS log..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:24, on 22.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
c:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4150 bytes


Prosím o kontrolu..díky...

[fredik]

Vytvoř si nový CFScript a tentokrát vlož do něho toto:

Kód: Vybrat vše

File::
C:\WINDOWS.0\system32\iwdbyfdb.exe
C:\WINDOWS.0\system32\aabay.bak1

Vlož sem pak log z Combofix, který se ti zobrazí.

[hugous875]

Moc děkuji za včerejší odpověď. Včera mi pomáhal zdatnější uživatel PC, ale dnes jsem na to sám. Řídil jsme se dle tých pokynů a pravděpodobně jsem dospěl k požadovanému závěru. Tady jej níže posílál a ještě jednou díky za poskytnutou pomoc

nový log:




Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.97 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxx\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 18:34 . 2007-12-22 18:34 <DIR> d-------- C:\WINDOWS.0\system32\cs-cz
2007-12-22 18:30 . 2007-12-22 18:34 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2007-12-22 18:18 . 2007-12-22 18:18 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-22 12:27 . 2007-12-22 12:27 74,260 --a------ C:\WINDOWS.0\system32\iwdbyfdb.exe
2007-12-22 12:26 . 2007-12-22 12:26 103,928 ---hs---- C:\WINDOWS.0\system32\aabay.bak1
2007-12-22 11:55 . 2007-12-22 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 11:27 . 2007-12-22 11:28 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-22 11:10 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS.0\system32\dllcache\ieapfltr.dat
2007-12-22 11:10 . 2007-07-01 04:36 1,024,000 --------- C:\WINDOWS.0\system32\dllcache\ieframe.dll.mui
2007-12-22 11:10 . 2007-10-11 00:50 459,264 --------- C:\WINDOWS.0\system32\dllcache\msfeeds.dll
2007-12-22 11:10 . 2007-10-11 00:50 383,488 --------- C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2007-12-22 11:10 . 2007-10-11 00:50 267,776 --------- C:\WINDOWS.0\system32\dllcache\iertutil.dll
2007-12-22 11:10 . 2007-10-11 00:50 63,488 --------- C:\WINDOWS.0\system32\dllcache\icardie.dll
2007-12-22 11:10 . 2007-10-11 00:50 52,224 --------- C:\WINDOWS.0\system32\dllcache\msfeedsbs.dll
2007-12-22 11:10 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2007-12-22 11:09 . 2007-10-11 00:50 6,065,664 --------- C:\WINDOWS.0\system32\dllcache\ieframe.dll
2007-12-22 11:09 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS.0\system32\dllcache\custsat.dll
2007-12-22 10:36 . 2007-12-22 10:36 <DIR> d-------- C:\Program Files\Totalcmd
2007-12-22 10:36 . 2007-12-22 18:35 1,182 --a------ C:\WINDOWS.0\wincmd.ini
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\UC.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\RAR.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKUNZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\NOCLOSE.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\LHA.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\ARJ.PIF
2007-12-21 18:46 . 2007-12-21 18:46 49 --a------ C:\WINDOWS.0\NeroDigital.ini
2007-12-21 18:26 . 2007-12-21 18:26 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\vlc
2007-12-21 18:25 . 2007-12-21 18:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Program Files\BSplayerPro
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\BSplayer PRO
2007-12-21 17:04 . 2007-12-21 17:04 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\Ahead
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\WMPBurn
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Wave Editor
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Toolkit
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero StartSmart
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero SoundTrax
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero BackItUp
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\CoverDesigner
2007-12-21 17:01 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS.0\system32\imagr5.dll
2007-12-21 17:01 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS.0\system32\imagx5.dll
2007-12-21 17:01 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS.0\system32\ImagXpr5.dll
2007-12-21 17:01 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS.0\system32\NeroCheck.exe
2007-12-21 17:01 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS.0\system32\TwnLib20.dll
2007-12-21 17:01 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS.0\system32\picn20.dll
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Program Files\Winamp
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\Winamp
2007-12-21 12:49 . 2007-12-21 12:49 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-20 12:06 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS.0\system32\dllcache\fltmgr.sys
2007-12-20 12:06 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS.0\system32\dllcache\fltmc.exe
2007-12-20 12:06 . 2006-08-21 13:27 16,896 --------- C:\WINDOWS.0\system32\dllcache\fltlib.dll
2007-12-20 10:59 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS.0\system32\dllcache\rpcrt4.dll
2007-12-20 07:31 . 2007-12-20 07:31 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start
2007-12-20 06:50 . 2007-12-21 17:03 316,640 --a------ C:\WINDOWS.0\WMSysPr9.prx
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\provisioning
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\peernet
2007-12-20 06:45 . 2007-12-20 06:45 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
2007-12-20 06:36 . 2007-12-20 06:36 <DIR> d-------- C:\WINDOWS.0\EHome
2007-12-19 07:38 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS.0\system32\drivers\netwlan5.img
2007-12-19 07:38 . 2004-08-17 15:49 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
2007-12-19 07:38 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS.0\system32\secupd.sig
2007-12-19 07:38 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
2007-12-19 06:30 . 2004-08-17 23:49 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
2007-12-19 06:30 . 2004-08-17 23:49 330,240 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
2007-12-19 06:30 . 2004-08-17 23:49 265,728 --a------ C:\WINDOWS.0\system32\h323.tsp
2007-12-19 06:30 . 2004-03-30 02:53 40,960 --------- C:\WINDOWS.0\system32\dllcache\evtgprov.dll
2007-12-19 06:30 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS.0\system32\xpsp1hfm.exe
2007-12-18 18:13 . 2005-10-20 23:30 1,083,904 --a------ C:\WINDOWS.0\system32\esent.dll
2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\WINDOWS.0\system32\bits
2007-12-18 17:44 . 2007-12-18 17:44 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2007-12-18 17:44 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2007-12-18 17:30 . 2007-12-18 17:30 <DIR> d-------- C:\Program Files\dc++
2007-12-18 09:24 . 2007-12-18 09:24 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\TuneUp Software
2007-12-18 09:24 . 2007-12-18 09:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software
2007-12-18 08:20 . 2007-12-18 08:20 <DIR> d-------- C:\Program Files\vso
2007-12-18 08:09 . 2007-12-18 08:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\DVD Shrink
2007-12-18 07:30 . 2007-06-26 07:10 1,104,896 --a------ C:\WINDOWS.0\system32\msxml3.dll
2007-12-16 15:30 . 2006-01-04 04:36 68,096 --a------ C:\WINDOWS.0\system32\webclnt.dll
2007-12-15 12:29 . 2006-05-19 14:42 110,592 --------- C:\WINDOWS.0\system32\dllcache\dhcpcsvc.dll
2007-12-15 12:29 . 2006-05-19 14:42 95,744 --------- C:\WINDOWS.0\system32\dllcache\iphlpapi.dll
2007-12-15 12:29 . 2007-03-09 14:48 57,344 --a------ C:\WINDOWS.0\system32\dllcache\agentdpv.dll
2007-12-15 07:12 . 2006-08-25 16:51 617,472 --------- C:\WINDOWS.0\system32\dllcache\comctl32.dll
2007-12-15 07:12 . 2007-01-23 20:31 546,304 --------- C:\WINDOWS.0\system32\dllcache\hhctrl.ocx
2007-12-15 07:12 . 2006-08-14 11:34 332,928 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
2007-12-15 07:12 . 2005-08-22 19:36 197,632 --a------ C:\WINDOWS.0\system32\netman.dll
2007-12-13 16:44 . 2004-08-17 23:49 384,512 --a------ C:\WINDOWS.0\system32\ipsmsnap.dll
2007-12-13 16:44 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\ipsecsnp.dll
2007-12-13 16:44 . 2004-08-17 23:49 267,776 --a------ C:\WINDOWS.0\system32\oakley.dll
2007-12-13 16:44 . 2004-08-17 23:49 182,784 --a------ C:\WINDOWS.0\system32\ipsecsvc.dll
2007-12-13 16:44 . 2006-06-22 11:48 181,248 --------- C:\WINDOWS.0\system32\dllcache\rasmans.dll
2007-12-13 16:44 . 2005-08-23 04:40 124,416 --a------ C:\WINDOWS.0\system32\umpnpmgr.dll
2007-12-13 16:44 . 2004-08-17 23:49 105,472 --a------ C:\WINDOWS.0\system32\polstore.dll
2007-12-13 16:44 . 2007-03-08 16:38 40,960 --a------ C:\WINDOWS.0\system32\mf3216.dll
2007-12-13 16:44 . 2004-08-17 23:49 32,768 --a------ C:\WINDOWS.0\system32\winipsec.dll
2007-12-13 16:43 . 2006-05-05 10:41 453,120 --------- C:\WINDOWS.0\system32\dllcache\mrxsmb.sys
2007-12-13 16:43 . 2006-05-05 10:47 174,592 --------- C:\WINDOWS.0\system32\dllcache\rdbss.sys
2007-12-13 16:43 . 2004-08-17 23:49 102,400 --a------ C:\WINDOWS.0\system32\cscdll.dll
2007-12-13 16:43 . 2006-03-01 20:44 91,136 --a------ C:\WINDOWS.0\system32\mtxoci.dll
2007-12-13 16:43 . 2006-03-01 20:44 66,560 --a------ C:\WINDOWS.0\system32\mtxclu.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 05:50 8,972 ----a-w C:\WINDOWS.0\PCHealth\HelpCtr\Config\Cntstore.bin
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS.0\system32\drivers\secdrv.sys
2007-10-31 03:57 3,590,656 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS.0\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS.0\system32\dllcache\quartz.dll
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS.0\system32\dllcache\shell32.dll
2007-10-11 06:14 474,112 ------w C:\WINDOWS.0\system32\dllcache\shlwapi.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS.0\system32\dllcache\cdfview.dll
2007-10-11 06:14 1,495,040 ------w C:\WINDOWS.0\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS.0\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS.0\system32\dllcache\browseui.dll
2007-10-10 23:50 824,832 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
2007-10-10 23:50 232,960 ----a-w C:\WINDOWS.0\system32\webcheck.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS.0\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS.0\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS.0\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
2007-10-10 10:58 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2005-09-09 18:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi
2005-09-09 18:55 4,588,454 ----a-w C:\Program Files\setup.exe
2005-09-09 18:55 37,766,164 ----a-w C:\Program Files\Data1.cab
2005-09-09 18:55 35 ----a-w C:\Program Files\SCSSDist.ini
2005-08-04 18:05 61,640 ----a-w C:\Documents and Settings\PC\Data aplikací\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 23:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"NVIEW"="nview.dll" [2003-07-28 15:19 C:\WINDOWS.0\system32\nview.dll]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS.0\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 11:50]
"MSConfig"="C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-17 23:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-17 23:49]

C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Uninstall Fellowship.lnk - C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe [2002-10-04 14:49:30]
PowerReg Scheduler V3.exe [2004-12-15 15:16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-06 18:16 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS.0\system32\DRIVERS\n100325.sys [2001-10-24 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-04 07:04]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:02 C:\WINDOWS.0\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 11:57:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 11:57:54
C:\ComboFix3.txt ... 2007-12-22 12:30
C:\ComboFix2.txt ... 2007-12-22 17:29
.
2007-12-21 17:53:06 --- E O F ---

[fredik]

Stáhni tento program OTMoveIT (by OldTimer) a ulož si ho na plochu.
Spusť program
- Do levého sloupce zkopíruj tyto cesty označené tučně:
C:\WINDOWS.0\system32\iwdbyfdb.exe
C:\WINDOWS.0\system32\aabay.bak1

- Po zkopírování klikni na tlačítko MoveIt!
Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pak sem dej ten log z OTMoveit který najdeš na disku ze kterého jsi spustil OtmoveIt.exe v adresáři _OTMoveIt\MovedFiles\
(takže jestli soubor OTMoveit.exe spustíš z plochy tak ten log najdeš v souboru C:\_OTMoveIt\MovedFiles\12232007_******.log, kde místo hvězdiček bude čas kdy byl log vytvořen)

Pokud by to bylo moc komplikované tak sem zkopíruj po zmáčknutí tlačítka MoveIt! obsah pravého okna Results

Spusť pak znovu ComboFix (bez skriptu, jen ho spustíš) a dej sem log který se ti zobrazí po proběhnutí programu.

[hugous875]

Podle tebou zadané cesty se mi v souboru OTMoveIt zobrazil jen toto. Doufám, že je to tak správně. Zatim moc děkuji a jdu míchat salát. Jinak přeji krásné svátky, hugous875




C:\WINDOWS.0\system32\iwdbyfdb.exe moved successfully.
C:\WINDOWS.0\system32\aabay.bak1 moved successfully.

Created on 12.23.2007 17:46:32

[fredik]

Udělej nový log z ComboFix (viz. poslední věta v mém předchozím příspěvku) a nový log z HijackThis a dej se sem oba.

[hugous875]

Omlouvám se, přehlídl jsem to. Tady je tedy ten log z ComboFixu:


ComboFix 07-12-21.4 - xxx 2007-12-24 7:32:48.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.104 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 18:34 . 2007-12-22 18:34 <DIR> d-------- C:\WINDOWS.0\system32\cs-cz
2007-12-22 18:30 . 2007-12-22 18:34 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2007-12-22 18:18 . 2007-12-22 18:18 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-22 11:55 . 2007-12-22 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 11:27 . 2007-12-22 11:28 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-22 11:10 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS.0\system32\dllcache\ieapfltr.dat
2007-12-22 11:10 . 2007-07-01 04:36 1,024,000 --------- C:\WINDOWS.0\system32\dllcache\ieframe.dll.mui
2007-12-22 11:10 . 2007-10-11 00:50 459,264 --------- C:\WINDOWS.0\system32\dllcache\msfeeds.dll
2007-12-22 11:10 . 2007-10-11 00:50 383,488 --------- C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2007-12-22 11:10 . 2007-10-11 00:50 267,776 --------- C:\WINDOWS.0\system32\dllcache\iertutil.dll
2007-12-22 11:10 . 2007-10-11 00:50 63,488 --------- C:\WINDOWS.0\system32\dllcache\icardie.dll
2007-12-22 11:10 . 2007-10-11 00:50 52,224 --------- C:\WINDOWS.0\system32\dllcache\msfeedsbs.dll
2007-12-22 11:10 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2007-12-22 11:09 . 2007-10-11 00:50 6,065,664 --------- C:\WINDOWS.0\system32\dllcache\ieframe.dll
2007-12-22 11:09 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS.0\system32\dllcache\custsat.dll
2007-12-22 10:36 . 2007-12-22 10:36 <DIR> d-------- C:\Program Files\Totalcmd
2007-12-22 10:36 . 2007-12-22 18:35 1,182 --a------ C:\WINDOWS.0\wincmd.ini
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\UC.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\RAR.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\PKUNZIP.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\NOCLOSE.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\LHA.PIF
2007-12-22 10:36 . 2006-07-26 06:55 545 --a------ C:\WINDOWS.0\ARJ.PIF
2007-12-21 18:46 . 2007-12-21 18:46 49 --a------ C:\WINDOWS.0\NeroDigital.ini
2007-12-21 18:26 . 2007-12-21 18:26 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\vlc
2007-12-21 18:25 . 2007-12-21 18:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Program Files\BSplayerPro
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\BSplayer PRO
2007-12-21 17:04 . 2007-12-21 17:04 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\Ahead
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\WMPBurn
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Wave Editor
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero Toolkit
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero StartSmart
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero SoundTrax
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero BackItUp
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\Nero
2007-12-21 17:01 . 2007-12-21 17:01 <DIR> d-------- C:\Program Files\CoverDesigner
2007-12-21 17:01 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS.0\system32\imagr5.dll
2007-12-21 17:01 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS.0\system32\imagx5.dll
2007-12-21 17:01 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS.0\system32\ImagXpr5.dll
2007-12-21 17:01 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS.0\system32\NeroCheck.exe
2007-12-21 17:01 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS.0\system32\TwnLib20.dll
2007-12-21 17:01 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS.0\system32\picn20.dll
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Program Files\Winamp
2007-12-21 12:57 . 2007-12-21 12:57 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\Winamp
2007-12-21 12:49 . 2007-12-21 12:49 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-20 12:06 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS.0\system32\dllcache\fltmgr.sys
2007-12-20 12:06 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS.0\system32\dllcache\fltmc.exe
2007-12-20 12:06 . 2006-08-21 13:27 16,896 --------- C:\WINDOWS.0\system32\dllcache\fltlib.dll
2007-12-20 10:59 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS.0\system32\dllcache\rpcrt4.dll
2007-12-20 07:31 . 2007-12-20 07:31 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start
2007-12-20 06:50 . 2007-12-21 17:03 316,640 --a------ C:\WINDOWS.0\WMSysPr9.prx
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\provisioning
2007-12-20 06:48 . 2007-12-20 06:48 <DIR> d-------- C:\WINDOWS.0\peernet
2007-12-20 06:45 . 2007-12-20 06:45 <DIR> d-------- C:\WINDOWS.0\ServicePackFiles
2007-12-20 06:36 . 2007-12-20 06:36 <DIR> d-------- C:\WINDOWS.0\EHome
2007-12-19 07:38 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS.0\system32\drivers\netwlan5.img
2007-12-19 07:38 . 2004-08-17 15:49 11,776 --------- C:\WINDOWS.0\system32\spnpinst.exe
2007-12-19 07:38 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS.0\system32\secupd.sig
2007-12-19 07:38 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS.0\system32\secupd.dat
2007-12-19 06:30 . 2004-08-17 23:49 614,912 --a------ C:\WINDOWS.0\system32\h323msp.dll
2007-12-19 06:30 . 2004-08-17 23:49 330,240 --a------ C:\WINDOWS.0\system32\ipnathlp.dll
2007-12-19 06:30 . 2004-08-17 23:49 265,728 --a------ C:\WINDOWS.0\system32\h323.tsp
2007-12-19 06:30 . 2004-03-30 02:53 40,960 --------- C:\WINDOWS.0\system32\dllcache\evtgprov.dll
2007-12-19 06:30 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS.0\system32\xpsp1hfm.exe
2007-12-18 18:13 . 2005-10-20 23:30 1,083,904 --a------ C:\WINDOWS.0\system32\esent.dll
2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\WINDOWS.0\system32\bits
2007-12-18 17:44 . 2007-12-18 17:44 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2007-12-18 17:44 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2007-12-18 17:30 . 2007-12-18 17:30 <DIR> d-------- C:\Program Files\dc++
2007-12-18 09:24 . 2007-12-18 09:24 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\TuneUp Software
2007-12-18 09:24 . 2007-12-18 09:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\TuneUp Software
2007-12-18 08:20 . 2007-12-18 08:20 <DIR> d-------- C:\Program Files\vso
2007-12-18 08:09 . 2007-12-18 08:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\DVD Shrink
2007-12-18 07:30 . 2007-06-26 07:10 1,104,896 --a------ C:\WINDOWS.0\system32\msxml3.dll
2007-12-16 15:30 . 2006-01-04 04:36 68,096 --a------ C:\WINDOWS.0\system32\webclnt.dll
2007-12-15 12:29 . 2006-05-19 14:42 110,592 --------- C:\WINDOWS.0\system32\dllcache\dhcpcsvc.dll
2007-12-15 12:29 . 2006-05-19 14:42 95,744 --------- C:\WINDOWS.0\system32\dllcache\iphlpapi.dll
2007-12-15 12:29 . 2007-03-09 14:48 57,344 --a------ C:\WINDOWS.0\system32\dllcache\agentdpv.dll
2007-12-15 07:12 . 2006-08-25 16:51 617,472 --------- C:\WINDOWS.0\system32\dllcache\comctl32.dll
2007-12-15 07:12 . 2007-01-23 20:31 546,304 --------- C:\WINDOWS.0\system32\dllcache\hhctrl.ocx
2007-12-15 07:12 . 2006-08-14 11:34 332,928 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
2007-12-15 07:12 . 2005-08-22 19:36 197,632 --a------ C:\WINDOWS.0\system32\netman.dll
2007-12-13 16:44 . 2004-08-17 23:49 384,512 --a------ C:\WINDOWS.0\system32\ipsmsnap.dll
2007-12-13 16:44 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\ipsecsnp.dll
2007-12-13 16:44 . 2004-08-17 23:49 267,776 --a------ C:\WINDOWS.0\system32\oakley.dll
2007-12-13 16:44 . 2004-08-17 23:49 182,784 --a------ C:\WINDOWS.0\system32\ipsecsvc.dll
2007-12-13 16:44 . 2006-06-22 11:48 181,248 --------- C:\WINDOWS.0\system32\dllcache\rasmans.dll
2007-12-13 16:44 . 2005-08-23 04:40 124,416 --a------ C:\WINDOWS.0\system32\umpnpmgr.dll
2007-12-13 16:44 . 2004-08-17 23:49 105,472 --a------ C:\WINDOWS.0\system32\polstore.dll
2007-12-13 16:44 . 2007-03-08 16:38 40,960 --a------ C:\WINDOWS.0\system32\mf3216.dll
2007-12-13 16:44 . 2004-08-17 23:49 32,768 --a------ C:\WINDOWS.0\system32\winipsec.dll
2007-12-13 16:43 . 2006-05-05 10:41 453,120 --------- C:\WINDOWS.0\system32\dllcache\mrxsmb.sys
2007-12-13 16:43 . 2006-05-05 10:47 174,592 --------- C:\WINDOWS.0\system32\dllcache\rdbss.sys
2007-12-13 16:43 . 2004-08-17 23:49 102,400 --a------ C:\WINDOWS.0\system32\cscdll.dll
2007-12-13 16:43 . 2006-03-01 20:44 91,136 --a------ C:\WINDOWS.0\system32\mtxoci.dll
2007-12-13 16:43 . 2006-03-01 20:44 66,560 --a------ C:\WINDOWS.0\system32\mtxclu.dll
2007-12-13 16:43 . 2005-06-11 00:53 57,856 --a------ C:\WINDOWS.0\system32\spoolsv.exe
2007-12-12 19:35 . 2004-08-17 23:49 351,232 --a------ C:\WINDOWS.0\system32\winhttp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 05:50 8,972 ----a-w C:\WINDOWS.0\PCHealth\HelpCtr\Config\Cntstore.bin
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS.0\system32\drivers\secdrv.sys
2007-10-31 03:57 3,590,656 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS.0\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS.0\system32\dllcache\quartz.dll
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS.0\system32\dllcache\shell32.dll
2007-10-11 06:14 474,112 ------w C:\WINDOWS.0\system32\dllcache\shlwapi.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS.0\system32\dllcache\cdfview.dll
2007-10-11 06:14 1,495,040 ------w C:\WINDOWS.0\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS.0\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS.0\system32\dllcache\browseui.dll
2007-10-10 23:50 824,832 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
2007-10-10 23:50 232,960 ----a-w C:\WINDOWS.0\system32\webcheck.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS.0\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS.0\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS.0\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
2007-10-10 10:58 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2005-09-09 18:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi
2005-09-09 18:55 4,588,454 ----a-w C:\Program Files\setup.exe
2005-09-09 18:55 37,766,164 ----a-w C:\Program Files\Data1.cab
2005-09-09 18:55 35 ----a-w C:\Program Files\SCSSDist.ini
2005-08-04 18:05 61,640 ----a-w C:\Documents and Settings\PC\Data aplikací\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 23:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"NVIEW"="nview.dll" [2003-07-28 15:19 C:\WINDOWS.0\system32\nview.dll]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 23:49 C:\WINDOWS.0\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS.0\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-17 23:49]

C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Uninstall Fellowship.lnk - C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe [2002-10-04 14:49:30]
PowerReg Scheduler V3.exe [2004-12-15 15:16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-06 18:16 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS.0\system32\DRIVERS\n100325.sys [2001-10-24 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-04 07:04]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:02 C:\WINDOWS.0\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 07:34:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 7:35:35
C:\ComboFix3.txt ... 2007-12-22 17:29
C:\ComboFix2.txt ... 2007-12-23 11:57
.
2007-12-21 17:53:06 --- E O F ---





a tady je ten log z hijackthis......




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:15, on 24.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4802 bytes




předem děkuji.....

[fredik]

Dodrž prosím tě přesné pořadí prvních dvou kroků:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Spusť znovu OTMoveIT a klikni na tlačítko CleanUp!. Načte se ti seznam a objeví se ti hláška tak dej Yes. Po proběhnutí se tě zeptá na restart tak ho opět povol přes volbu Yes.

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Logy vypadají dobře, máš ještě nějaké problémy.

PS: taky přeji pěkné svátky.