Prosim kontrolu

[Pipin]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:15, on 10.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\System32\mccthdvymw.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Windows update 55] mccthdvymw.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows update 55] mccthdvymw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3750 bytes

[Reklama]

[Pipin]

Pravidelne mi na plochu vyskakuje nejaka chyba a odpocitava se cas do vypnuti PC :(

[fredik]

Odpočítávání zastavíš tímto:
Start -> Spustit... a napiš tam příkaz: shutdown -a to by mělo zabránit vypnutí.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Baron Prášil]

ten komp je naprosto a úplně nezabezpečenej!!

ukonči v taskmanageru
mccthdvymw.exe

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [Windows update 55] mccthdvymw.exe
O4 - HKLM\..\RunServices: [Windows update 55] mccthdvymw.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\System32\mccthdvymw.exe
zaškrtni Delete on Reboot
a klikni na křížek.stroj pude do restartu.
po restartu nainstaluj
FIREWALL
vyber si tady,doporučuju ZoneAlarm nebo Comodo
ANTIVIR - doporučim Avast ve free nebo Nod32 v placených(trial na 30dní-pro začátek doporučuju ten)
stahneš třeba na http://www.stahuj.cz

až to budeš mít,pošli novej log z hijackthis a napiš jak se chová komp

(ale můžeš udělat i to co píše fredik,samozřejmě)

[Pipin]

Diky obema,zatim sem udelal druhy postup ale jeste jsem si nevybral firewall,fredikuv postup jeste taky udelam,tady je zatim ten log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:50, on 10.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4307 bytes

[Baron Prášil]

podle logu je to ok.co komp?jestli blbne,pošli ten combofix
mimochodem taky bych doporučoval instalaci SP2
http://www.microsoft.com/downloads/deta ... laylang=cs

[Pipin]

Dnes se mi chtel zase sam vypnout.


ComboFix 07-12-09.1 - Martin 2007-12-11 15:41:55.1 - NTFSx86
Running from: C:\Documents and Settings\Martin\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-10 20:49 . 2007-12-10 20:49 <DIR> d-------- C:\WINDOWS\Sun
2007-12-10 20:49 . 2007-12-10 20:49 <DIR> d-------- C:\Program Files\Java
2007-12-10 20:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-10 20:47 . 2007-12-10 20:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-10 20:46 . 2007-12-10 20:49 671 --a------ C:\WINDOWS\mozver.dat
2007-12-10 20:39 . 2007-12-10 20:39 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-10 20:39 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-10 20:39 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-10 20:39 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-10 20:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-10 20:39 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-10 20:39 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-10 20:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-10 20:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-10 20:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-10 18:43 . 2007-12-10 20:36 134,144 --a------ C:\WINDOWS\system32\Samsong.exe
2007-12-10 18:43 . 2007-12-10 20:36 65 --a------ C:\WINDOWS\system32\o
2007-12-10 18:39 . 2007-12-10 18:39 133,632 -ra------ C:\WINDOWS\system32\expIorer23.exe
2007-12-10 18:08 . 2007-12-10 18:08 66 --a------ C:\WINDOWS\system32\wbt.inf
2007-12-10 17:27 . 2007-12-10 17:27 <DIR> d-------- C:\Program Files\Brother
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-12-10 17:25 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2007-12-10 17:24 . 2007-12-10 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Brother
2007-12-10 17:19 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-10 17:18 . 2007-12-10 17:18 <DIR> d-------- C:\WUTemp
2007-12-10 17:18 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-10 17:18 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-10 17:18 . 2002-08-29 01:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-10 17:18 . 2002-08-29 01:32 28,160 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-10 17:10 . 2007-12-10 17:35 <DIR> d-------- C:\Program Files\ICQ6
2007-12-10 17:10 . 2007-12-10 17:35 <DIR> d-------- C:\Documents and Settings\Martin\Data aplikací\ICQ
2007-12-10 17:02 . 2007-12-10 17:03 <DIR> d-------- C:\Program Files\QIP
2007-12-10 16:58 . 2007-12-10 16:58 <DIR> d-------- C:\Program Files\totalcmd
2007-12-10 16:58 . 2007-12-10 16:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-10 16:56 . 2007-12-10 16:57 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2007-12-10 16:56 . 2007-12-10 16:56 <DIR> dr-h----- C:\MSOCache
2007-12-10 16:55 . 2007-12-10 16:55 <DIR> d-------- C:\Program Files\IrfanView
2007-12-10 16:53 . 2007-12-10 16:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 16:49 . 2007-12-10 16:49 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-10 16:49 . 2007-12-10 16:49 <DIR> d-------- C:\Program Files\CCleaner
2007-12-10 16:49 . 2007-12-10 16:49 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-10 16:46 . 2007-12-10 16:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-10 16:46 . 2007-12-10 16:46 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-12-10 16:44 . 2007-12-10 16:44 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 16:44 . 2007-12-10 16:44 90,240 --a------ C:\WINDOWS\system32\drivers\sptd0397.sys
2007-12-10 16:42 . 2007-12-10 16:42 <DIR> d-------- C:\Program Files\AIMP Classic
2007-12-10 16:40 . 2007-12-10 16:40 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-10 16:38 . 2007-12-10 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-12-10 16:34 . 2007-12-10 16:35 <DIR> d-------- C:\WINDOWS\nview
2007-12-10 16:34 . 2007-12-10 16:34 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-10 16:34 . 2007-12-10 17:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-10 16:33 . 2007-12-10 16:33 <DIR> d-------- C:\Program Files\NVIDIA
2007-12-10 16:33 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-12-10 16:32 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-10 16:32 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-10 16:32 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-10 16:32 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\tsbjbtvn.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\jjlenkbt.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\jbnshhqj.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\hwexrtne.exe
2007-12-10 17:57 57,856 ----a-w C:\WINDOWS\Help\bzehxvnz.exe
2007-12-09 21:36 558,142 ----a-w C:\WINDOWS\java\Packages\EPJBP75R.ZIP
2007-12-09 21:36 155,995 ----a-w C:\WINDOWS\java\Packages\MLBXVRXZ.ZIP
2007-12-09 21:36 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-10-25 14:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-10-25 14:00 C:\WINDOWS\system32\rundll32.exe]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update 55]
mccthdvymw.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 15:42:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 15:42:36
.
--- E O F ---

[fredik]

Kdy jsi naposledy dělala kompletní kontrolu Pc Antivirem? Po použití ComboFix-u si aktualizuj antivir a udělej s ním kompletní kontrolu. Worma kterého ho tam máš Avast detekuje takže by ti měl další soubory odstranit.

Ten firewall si doinstaluj co nejdříve, pokud ho ještě nemáš už teď je pozdě!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\expIorer23.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\Samsong.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe
C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe
C:\WINDOWS\Help\tsbjbtvn.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\bzehxvnz.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update 55]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesut
+
dej sem nový log z HJT.

[Pipin]

PC byl uplne nove nainstalovanej takze sem nic jeste nedelal.


CoMBOFIX:


ComboFix 07-12-09.1 - Martin 2007-12-11 18:03:12.2 - NTFSx86

Running from: C:\Documents and Settings\Martin\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin\Plocha\CFScript.txt

FILE
C:\WINDOWS\Help\bzehxvnz.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
C:\WINDOWS\Help\tsbjbtvn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe
C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
C:\WINDOWS\system32\expIorer23.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\Samsong.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Help\bzehxvnz.exe
C:\WINDOWS\Help\hwexrtne.exe
C:\WINDOWS\Help\jbnshhqj.exe
C:\WINDOWS\Help\jjlenkbt.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
C:\WINDOWS\Help\tsbjbtvn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe
C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe
C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
C:\WINDOWS\system32\expIorer23.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\Samsong.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-11 16:08 . 2007-12-11 17:17 0 --a------ C:\WINDOWS\system32\WindowsUpdater.exe
2007-12-10 20:49 . 2007-12-10 20:49 <DIR> d-------- C:\WINDOWS\Sun
2007-12-10 20:49 . 2007-12-10 20:49 <DIR> d-------- C:\Program Files\Java
2007-12-10 20:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-10 20:47 . 2007-12-10 20:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-10 20:46 . 2007-12-10 20:49 671 --a------ C:\WINDOWS\mozver.dat
2007-12-10 20:39 . 2007-12-10 20:39 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-10 20:39 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-10 20:39 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-10 20:39 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-10 20:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-10 20:39 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-10 20:39 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-10 20:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-10 20:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-10 20:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-10 18:08 . 2007-12-10 18:08 66 --a------ C:\WINDOWS\system32\wbt.inf
2007-12-10 17:27 . 2007-12-10 17:27 <DIR> d-------- C:\Program Files\Brother
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-10 17:25 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-12-10 17:25 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2007-12-10 17:19 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-10 17:18 . 2007-12-10 17:18 <DIR> d-------- C:\WUTemp
2007-12-10 17:18 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-10 17:18 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-10 17:18 . 2002-08-29 01:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-10 17:18 . 2002-08-29 01:32 28,160 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-10 17:10 . 2007-12-10 17:35 <DIR> d-------- C:\Program Files\ICQ6
2007-12-10 17:02 . 2007-12-10 17:03 <DIR> d-------- C:\Program Files\QIP
2007-12-10 16:58 . 2007-12-10 16:58 <DIR> d-------- C:\Program Files\totalcmd
2007-12-10 16:58 . 2007-12-10 16:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-10 16:56 . 2007-12-10 16:57 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2007-12-10 16:56 . 2007-12-10 16:56 <DIR> dr-h----- C:\MSOCache
2007-12-10 16:55 . 2007-12-10 16:55 <DIR> d-------- C:\Program Files\IrfanView
2007-12-10 16:53 . 2007-12-10 16:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 16:49 . 2007-12-10 16:49 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-10 16:49 . 2007-12-10 16:49 <DIR> d-------- C:\Program Files\CCleaner
2007-12-10 16:49 . 2007-12-10 16:49 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-10 16:46 . 2007-12-10 16:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-10 16:46 . 2007-12-10 16:46 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-12-10 16:44 . 2007-12-10 16:44 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 16:44 . 2007-12-10 16:44 90,240 --a------ C:\WINDOWS\system32\drivers\sptd0397.sys
2007-12-10 16:42 . 2007-12-10 16:42 <DIR> d-------- C:\Program Files\AIMP Classic
2007-12-10 16:40 . 2007-12-10 16:40 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-10 16:34 . 2007-12-10 16:35 <DIR> d-------- C:\WINDOWS\nview
2007-12-10 16:34 . 2007-12-10 16:34 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-10 16:34 . 2007-12-10 17:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-10 16:33 . 2007-12-10 16:33 <DIR> d-------- C:\Program Files\NVIDIA
2007-12-10 16:33 . 2007-12-10 17:25 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-12-10 16:32 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-10 16:32 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-10 16:32 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-10 16:32 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 21:36 558,142 ----a-w C:\WINDOWS\java\Packages\EPJBP75R.ZIP
2007-12-09 21:36 155,995 ----a-w C:\WINDOWS\java\Packages\MLBXVRXZ.ZIP
2007-12-09 21:36 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-10-25 14:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-10-25 14:00 C:\WINDOWS\system32\rundll32.exe]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\DOCUME~1\Martin\LOCALS~1\Temp\fkrvehqs.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 18:04:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 18:05:08 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 15:42
.
--- E O F ---




HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:36, on 11.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C9D3206-90A6-47D9-A7B2-82521F01775D}: NameServer = 213.29.120.70,193.85.1.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4358 bytes

[fredik]

Hlavní problém je v zabezpečení, protože ti chybí SP2 s následujícími aktualizacemi a firewall. Tento síťový červ využívá různé exploity, takže je pro něho tvůj systém otevřený.

Stáhni si už zmíněný SP2 pro WinXp, odkaz už tu dal Baron Prášil a firewall. Firewall si nainstaluj ale SP2 zatím ne.

Vytvoř si nový CFScript a vlož tentokrát do něho toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\WindowsUpdater.exe
C:\DOCUME~1\Martin\LOCALS~1\Temp\fkrvehqs.dll

Vlož sem log, který se ti zobrazí po použití skriptu.

Udělej a vlož sem pak ještě log z Mwav