prosim o kontrolu logu + problem s pc

[tazky1]

blbne mi pc nevim cim to.nejde mi ani jit do pridat odebrat programy napise to:operace byla zrušena zý duvodu platnyhc pro tento PC.obratte se na sparvce systemu a pak mi furt vyskakuje hlaska:
Windows Security alert
Warning potetial spyware operation!
your computer is making unauthorized copies of your system and internet files.run full scan no to prevent any unauthor.acces to your files.click yes to dowmnload spyware remover.
pak je tam yes no a kdyz dam cokoliv nic se nestane.spyware mam, antivir taky vsechny ocharny, nevim komu se to povedlo .prosim poradte.neni to pc muj ale u pritelkyne.doma to mam naistalovany stejne a vsechno sedi a slape ale tady bud neco nekdo odklik nebo nevim cim se to takhle najednou pokazilo.
prosim poradtte Log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C:\ras.exe] C:\ras.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\njdvjurw.dll",sitypnow
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svhost] C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: vtuvwxu - vtuvwxu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Reklama]

[zlobyl]

Vypadá to na nějakého hajzlíka.

Fixni:

Kód: Vybrat vše

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Otestuj na nějakém virus-testeru: (např.Jottiscan)

Kód: Vybrat vše

O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: vtuvwxu - vtuvwxu.dll (file missing)

P.S.:Zapni si zobrazování skrytých a systémových souborů a u těch tří bez uvedené cesty zkus použít funkci Hledat.

Pak nás informuj o výsledku...

[tazky1]

takze u O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat

A-Squared Found nothing
AntiVir Found TR/Peed.JZ.11
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.JZ
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Proxy.1739
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-virus:Hoax.Win32.Renos.lq
Fortinet Found Misc/Renos
Kaspersky Anti-Virus Found not-virus:Hoax.Win32.Renos.lq
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

C:\WINDOWS\system32\awtsq.dll (file missing)- u tohohle mi to nenslo nic

vtuvwxu.dll tenhle to nenaslo taky

u autorun.exe:cesta C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\autorun.exe

A-Squared Found nothing
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.JZ
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Fakealert.357
F-Prot Antivirus Found Possibly a new variant of W32/Fathom.3-based!Maximus
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/HckPk-A
VirusBuster Found nothing
VBA32 Found nothing
u system.exe: cesta je C:\Documents and Settings\Simona\Nabídka Start\Programy\Po spuštění\system.exe

A-Squared Found nothing
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.JZ
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Fakealert.357
F-Prot Antivirus Found Possibly a new variant of W32/Fathom.3-based!Maximus
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/HckPk-A
VirusBuster Found nothing
VBA32 Found nothing

[fredik]

Postupuj podle tohoto návodu: Printer.exe, WinAvXX.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Otestuj tento soubor a dej sem výsledek:
C:\ras.exe

Dej sem pak i nový log z HJT.

[tazky1]

Postupuj podle tohoto návodu: Printer.exe, WinAvXX.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Otestuj tento soubor a dej sem výsledek:
C:\ras.exe

Dej sem pak i nový log z HJT.

takze nejdriv sem to udelal pordle tohohle Printer.exe, WinAvXX.exe[/url]
po tom byl log takovej

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C:\ras.exe] C:\ras.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\njdvjurw.dll",sitypnow
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svhost] C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: vtuvwxu - vtuvwxu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
a pak sem co projel combofixem jehoz log je:

ComboFix 07-10-17.8 - Simona 2007-10-17 13:59:05.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.674 [GMT 2:00]
Running from: C:\Documents and Settings\Simona\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Simona\Plocha\internet.lnk
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\njdvjurw.dll
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\wrujvdjn.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 13:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 13:49 <DIR> d-------- C:\PrinterBegone
2007-10-16 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 13:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-16 13:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 22:31 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-10-08 22:31 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-10-08 22:31 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-10-08 22:31 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-10-08 21:44 <DIR> d-------- C:\Program Files\HP
2007-10-08 21:41 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-08 21:40 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-06 12:50 <DIR> d-------- C:\Program Files\MPPR
2007-10-06 11:37 <DIR> d-------- C:\Program Files\Torrent Master
2007-10-06 11:25 <DIR> d---s---- C:\Documents and Settings\Simona\UserData
2007-10-06 11:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-06 11:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-06 11:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-06 11:20 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-04 13:04 <DIR> d-------- C:\Program Files\3DO
2007-10-04 13:04 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-10-04 12:58 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-04 12:23 <DIR> d-------- C:\Documents and Settings\Simona\WINDOWS
2007-10-04 12:23 299,520 --a------ C:\WINDOWS\uninst.exe
2007-10-04 11:42 <DIR> d-------- C:\Program Files\Disney Interactive
2007-10-03 13:26 <DIR> d-------- C:\Program Files\uTorrent
2007-10-01 21:53 <DIR> d-------- C:\Program Files\Nero
2007-10-01 21:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-01 21:29 <DIR> d-------- C:\Program Files\The KMPlayer
2007-10-01 20:16 <DIR> d-------- C:\Program Files\BitComet
2007-10-01 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-30 16:04 <DIR> d-------- C:\Program Files\XviD
2007-09-30 16:04 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-30 16:04 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-30 16:04 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2007-09-30 15:59 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-09-30 15:56 97,848 --a------ C:\WINDOWS\system32\bass.dll
2007-09-30 15:37 651,774 --a------ C:\WINDOWS\system32\Rainingoutmywindow.scr
2007-09-30 12:57 16 --a------ C:\WINDOWS\popcinfo.dat
2007-09-26 17:40 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-09-26 16:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-26 16:05 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-09-26 16:04 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2007-09-26 16:03 <DIR> d-------- C:\Program Files\Santa Claus in Trouble
2007-09-26 16:02 <DIR> d-------- C:\Program Files\S64Games
2007-09-26 16:01 <DIR> d-------- C:\Program Files\DarXide games
2007-09-26 16:01 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-09-26 16:01 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-09-26 15:59 <DIR> d-------- C:\Program Files\Webteh
2007-09-26 15:31 <DIR> d-------- C:\Program Files\Common Files\Drunken Clock
2007-09-26 15:06 90,112 --a------ C:\WINDOWS\OpenAL32.dll
2007-09-26 14:16 <DIR> d-------- C:\Program Files\Skype
2007-09-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-26 00:29 8,416 --a------ C:\WINDOWS\windir32.exe
2007-09-26 00:19 <DIR> d-------- C:\Program Files\CCleaner
2007-09-26 00:13 <DIR> d-------- C:\Program Files\ICQ6
2007-09-25 23:46 <DIR> d-------- C:\WINDOWS\ShellNew
2007-09-25 23:31 777,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-25 23:31 19,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-25 23:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-09-25 23:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-25 23:12 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-25 23:12 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-25 23:12 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-25 15:48 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-09-25 15:48 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-09-25 11:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-25 11:54 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-25 11:54 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-25 11:54 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-24 08:50 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-09-24 08:48 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-20 22:16 <DIR> d-------- C:\Program Files\EA GAMES
2007-09-20 22:16 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-09-20 22:12 <DIR> d-------- C:\Program Files\ASUSTeK
2007-09-20 22:11 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-09-20 22:08 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-09-20 22:08 <DIR> d-------- C:\Program Files\Realtek AC97
2007-09-20 22:08 <DIR> d-------- C:\Program Files\AvRack
2007-09-20 22:08 10,476,032 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2007-09-20 22:08 3,842,560 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-20 22:08 577,536 -r------- C:\WINDOWS\soundman.exe
2007-09-20 22:08 307,200 -r------- C:\WINDOWS\alcupd.exe
2007-09-20 22:08 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-09-20 22:08 135,168 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-09-20 22:08 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-09-20 22:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 22:03 <DIR> d-------- C:\Program Files\AMD
2007-09-20 22:03 176,128 -ra------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-20 22:03 38,400 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-09-20 22:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-09-20 22:01 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-20 22:01 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 15:40 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-09-25 22:11 2,924 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-25 22:11 11,492 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-20 19:41 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 12:06 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51]
"nwiz"="nwiz.exe" [2005-12-14 08:51 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-25 23:11]
"C:\ras.exe"="C:\ras.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Svhost"="C:\WINDOWS\system32\svhost.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsq]
C:\WINDOWS\system32\awtsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwxu]
vtuvwxu.dll

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 13:27:20 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 14:01:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\ras.exe"="C:\\ras.exe"
.
Completion time: 2007-10-17 14:02:42 - machine was rebooted
.
--- E O F ---

ras.exe sem nanasel a zaverecnej HJT po vsem co sem ted proved je:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C:\ras.exe] C:\ras.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svhost] C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: vtuvwxu - vtuvwxu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\windir32.exe

DirLook::
C:\Documents and Settings\Simona\WINDOWS

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\ras.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svhost"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwxu]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Dej sem taky nový log z HJT.

[tazky1]

,2007-10-17 18:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-17 13:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 13:49 <DIR> d-------- C:\PrinterBegone
2007-10-16 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 13:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-16 13:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 22:31 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-10-08 22:31 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-10-08 22:31 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-10-08 22:31 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-10-08 21:44 <DIR> d-------- C:\Program Files\HP
2007-10-08 21:41 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-08 21:40 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-06 12:50 <DIR> d-------- C:\Program Files\MPPR
2007-10-06 11:37 <DIR> d-------- C:\Program Files\Torrent Master
2007-10-06 11:25 <DIR> d---s---- C:\Documents and Settings\Simona\UserData
2007-10-06 11:21 <DIR> d-------- C:\Program Files\D-Tools
2007-10-06 11:21 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-10-06 11:21 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-10-06 11:20 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-04 13:04 <DIR> d-------- C:\Program Files\3DO
2007-10-04 13:04 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-10-04 12:58 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-04 12:23 <DIR> d-------- C:\Documents and Settings\Simona\WINDOWS
2007-10-04 12:23 299,520 --a------ C:\WINDOWS\uninst.exe
2007-10-04 11:42 <DIR> d-------- C:\Program Files\Disney Interactive
2007-10-03 13:26 <DIR> d-------- C:\Program Files\uTorrent
2007-10-01 21:53 <DIR> d-------- C:\Program Files\Nero
2007-10-01 21:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-01 21:29 <DIR> d-------- C:\Program Files\The KMPlayer
2007-10-01 20:16 <DIR> d-------- C:\Program Files\BitComet
2007-10-01 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-30 16:04 <DIR> d-------- C:\Program Files\XviD
2007-09-30 16:04 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-30 16:04 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-30 16:04 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2007-09-30 15:59 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-09-30 15:56 97,848 --a------ C:\WINDOWS\system32\bass.dll
2007-09-30 15:37 651,774 --a------ C:\WINDOWS\system32\Rainingoutmywindow.scr
2007-09-30 12:57 16 --a------ C:\WINDOWS\popcinfo.dat
2007-09-26 17:40 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-09-26 16:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-26 16:05 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-09-26 16:04 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2007-09-26 16:03 <DIR> d-------- C:\Program Files\Santa Claus in Trouble
2007-09-26 16:02 <DIR> d-------- C:\Program Files\S64Games
2007-09-26 16:01 <DIR> d-------- C:\Program Files\DarXide games
2007-09-26 16:01 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-09-26 16:01 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-09-26 15:59 <DIR> d-------- C:\Program Files\Webteh
2007-09-26 15:31 <DIR> d-------- C:\Program Files\Common Files\Drunken Clock
2007-09-26 15:06 90,112 --a------ C:\WINDOWS\OpenAL32.dll
2007-09-26 14:16 <DIR> d-------- C:\Program Files\Skype
2007-09-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-26 00:19 <DIR> d-------- C:\Program Files\CCleaner
2007-09-26 00:13 <DIR> d-------- C:\Program Files\ICQ6
2007-09-25 23:46 <DIR> d-------- C:\WINDOWS\ShellNew
2007-09-25 23:31 777,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-25 23:31 19,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-25 23:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-09-25 23:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-25 23:12 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-25 23:12 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-25 23:12 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-25 15:48 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-09-25 15:48 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-09-25 11:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-25 11:54 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-25 11:54 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-25 11:54 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-24 08:50 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-09-24 08:48 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-20 22:16 <DIR> d-------- C:\Program Files\EA GAMES
2007-09-20 22:16 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-09-20 22:12 <DIR> d-------- C:\Program Files\ASUSTeK
2007-09-20 22:11 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-09-20 22:08 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-09-20 22:08 <DIR> d-------- C:\Program Files\Realtek AC97
2007-09-20 22:08 <DIR> d-------- C:\Program Files\AvRack
2007-09-20 22:08 10,476,032 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2007-09-20 22:08 3,842,560 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-20 22:08 577,536 -r------- C:\WINDOWS\soundman.exe
2007-09-20 22:08 307,200 -r------- C:\WINDOWS\alcupd.exe
2007-09-20 22:08 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-09-20 22:08 135,168 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-09-20 22:08 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-09-20 22:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 22:03 <DIR> d-------- C:\Program Files\AMD
2007-09-20 22:03 176,128 -ra------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-20 22:03 38,400 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-09-20 22:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-09-20 22:01 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-20 22:01 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 15:40 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-09-25 22:11 2,924 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-25 22:11 11,492 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-20 19:41 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Simona\WINDOWS ----



((((((((((((((((((((((((((((( snapshot@2007-10-17_14.02.03.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 21:01:26 25,856 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\usbprint.sys
+ 2003-09-01 11:14:10 192,512 ----a-w C:\WINDOWS\LastGood\system32\hpzcoi09.dll
+ 2003-09-01 11:14:52 258,048 ----a-w C:\WINDOWS\LastGood\system32\hpzcon09.dll
+ 2003-09-01 11:09:04 132,615 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpf2p809.dat
+ 2003-09-01 10:39:38 192,512 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpz2ku09.dll
+ 2003-09-01 11:18:00 233,472 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzcfg09.exe
+ 2003-09-01 11:14:10 192,512 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzcoi09.dll
+ 2003-09-01 11:14:52 258,048 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzcon09.dll
+ 2003-09-01 11:01:14 630,784 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzeng09.exe
+ 2003-06-19 10:43:26 1,585,152 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzimc09.dll
+ 2003-06-19 10:45:22 221,184 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzime09.dll
+ 2003-09-01 11:19:04 188,416 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzjui09.dll
+ 2003-09-01 10:48:02 462,848 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzpm309.dll
+ 2003-09-01 11:27:08 323,584 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzpre09.exe
+ 2003-09-01 10:51:08 9,719,808 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzr3209.dll
+ 2002-10-30 10:10:22 49,152 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzrer09.dll
+ 2003-09-01 10:42:22 323,584 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzrm309.dll
+ 2003-09-01 11:36:32 679,936 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzslk09.dll
+ 2003-09-01 11:23:24 184,386 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzsnt09.dll
+ 2003-09-01 11:40:18 364,544 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzstc09.exe
+ 2003-09-01 11:08:48 163,840 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpzstw09.exe
+ 2003-09-01 11:43:18 61,440 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpztbi09.dll
+ 2003-09-01 11:42:50 176,128 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpztbu09.exe
+ 2003-09-01 11:35:10 430,080 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpdeskjet_35007052\hpztbx09.exe
+ 2003-09-01 11:23:24 184,386 ----a-w C:\WINDOWS\system32\hpzsnt09.dll
+ 2003-09-01 11:09:04 132,615 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpf2p809.dat
+ 2003-09-01 10:39:38 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku09.dll
+ 2003-09-01 11:18:00 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg09.exe
+ 2003-09-01 11:14:10 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi09.dll
+ 2003-09-01 11:14:52 258,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon09.dll
+ 2003-09-01 11:01:14 630,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng09.exe
+ 2003-06-19 10:43:26 1,585,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc09.dll
+ 2003-06-19 10:45:22 221,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime09.dll
+ 2003-09-01 11:19:04 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui09.dll
+ 2003-09-01 10:48:02 462,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm309.dll
+ 2003-09-01 11:27:08 323,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre09.exe
+ 2003-09-01 10:51:08 9,719,808 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3209.dll
+ 2002-10-30 10:10:22 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrer09.dll
+ 2003-09-01 10:42:22 323,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm309.dll
+ 2003-09-01 11:36:32 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk09.dll
+ 2003-09-01 11:23:24 184,386 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt09.dll
+ 2003-09-01 11:40:18 364,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe
+ 2003-09-01 11:08:48 163,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw09.exe
+ 2003-09-01 11:43:18 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi09.dll
+ 2003-09-01 11:42:50 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu09.exe
+ 2003-09-01 11:35:10 430,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx09.exe
+ 2003-09-01 11:42:50 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
- 2007-10-16 14:00:31 6,245,630 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-10-17 13:00:30 6,259,020 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-10-17 13:00:22 59,904 ----a-w C:\WINDOWS\system32\ZoneLabs\Updates\unpacked==anti_spyware=SpywareDatabase-70-Patch.zip\tools\patch.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 12:06 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51]
"nwiz"="nwiz.exe" [2005-12-14 08:51 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-25 23:11]
"C:\ras.exe"="C:\ras.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SWUPath"=C:\Program Files\Hewlett-Packard\HP Software Update\shellExWin.exe -m

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 13:27:20 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 20:14:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\ras.exe"="C:\\ras.exe"
.
Completion time: 2007-10-17 20:14:43
C:\ComboFix2.txt ... 2007-10-17 14:02
.
--- E O F ---

[fredik]

Log z Combofix se tu nevložil celý chybí mu začátek.
Otevři si soubor ComboFix2.txt který najdeš na disku C a vlož sem co je nad těmito řádky.
,2007-10-17 18:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-17 13:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 13:49 <DIR> d-------- C:\PrinterBegone

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [C:\ras.exe] C:\ras.exe
po zaškrtnutí klikni na tlačítko Fix Checked

Po tom sem dej nový log z HJT.