Prosím o kontrolu logu z HJT a MWAV

[Nebesky]

Zdravím. Prosím o kontrolu logu. Zřejmě vlastí chybou jsem si natáhl do pc trojana.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:43, on 2.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd7\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BMbfd97d52] Rundll32.exe "C:\WINDOWS\system32\etwpeior.dll",s
O4 - HKLM\..\Run: [bcea4ece] rundll32.exe "C:\WINDOWS\system32\erilojat.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AA4C1F-CB98-45CB-8460-28EA0FC91D3B}: NameServer = 193.179.148.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HTTP SSL HTTPFilterImapiService (HTTPFilterImapiService) - Unknown owner - C:\WINDOWS\system32\appmgmtsq.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5451 bytes


A zde je log z MWAV

Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\adsnww.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erdpnycj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\feyglsne.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\okjxymrw.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\uwtilawe.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DOCUME~1\Nebesky\LOCALS~1\TEMPOR~1\Content.IE5\71G8L3BV\kb456456[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DOCUME~1\Nebesky\LOCALS~1\TEMPOR~1\Content.IE5\XDZNL8JG\kb671231[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Nebesky\Local Settings\Temporary Internet Files\Content.IE5\71G8L3BV\kb456456[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Nebesky\Local Settings\Temporary Internet Files\Content.IE5\XDZNL8JG\kb671231[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\rfby.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{DE12E1A9-30E3-42FA-A979-232A032B0678}\RP12\A0000552.dll indentifikován jako "not-a-virus:AdWare.Win32.NewDotNet.m". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{DE12E1A9-30E3-42FA-A979-232A032B0678}\RP13\A0000651.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\adsnww.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erdpnycj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\feyglsne.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\okjxymrw.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\uwtilawe.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.

[Reklama]

[fredik]

Vítej na fóru

Nejdřív odstraň pozůstatky po NewDotNet

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Nebesky]

Zdravím provedl jsem postup podle návodu a zde je log z Cobofix

ComboFix 08-07-02.5 - Nebesky 2008-07-03 21:03:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.687 [GMT 2:00]
Running from: C:\Documents and Settings\Nebesky\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\BMbfd97d52.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\deuvoqui.dll
C:\WINDOWS\system32\erdpnycj.dll
C:\WINDOWS\system32\etwpeior.dll
C:\WINDOWS\system32\feyglsne.dll
C:\WINDOWS\system32\iuqovued.ini
C:\WINDOWS\system32\jcynpdre.ini
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ssqooml.dll
C:\WINDOWS\system32\tajolire.ini
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\twadijmf.ini
C:\WINDOWS\system32\unsddcms.ini
C:\WINDOWS\system32\uwtilawe.dll
C:\WINDOWS\system32\wrmyxjko.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 21:08 . 2008-07-03 21:08 <DIR> d-------- C:\Temp\tn3
2008-07-02 23:15 . 2008-07-02 23:15 0 --a------ C:\23990098.$$$
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-07-02 21:05 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-07-02 21:05 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-07-02 21:05 . 2008-07-02 21:08 50 --a------ C:\WINDOWS\Lic.xxx
2008-07-02 21:02 . 2008-07-02 21:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-01 22:18 . 2008-07-01 22:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-01 16:05 . 2008-07-01 16:05 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-01 16:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-01 16:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-01 16:04 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-01 16:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-01 16:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-01 16:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-01 16:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-01 16:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-01 16:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\CyberLink
2008-06-29 18:39 . 2008-06-29 18:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 18:00 . 2008-06-29 18:00 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 17:29 . 2008-07-01 16:06 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-06-29 10:08 . 2008-06-14 20:00 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-29 10:08 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 09:38 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 12:06 . 2008-06-29 17:50 <DIR> d-------- C:\Program Files\Setup Files
2008-06-26 12:02 . 2008-06-26 12:02 <DIR> d-------- C:\Program Files\MSI
2008-06-26 11:16 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-26 11:02 . 2008-06-26 11:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-26 10:47 . 2008-07-01 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 10:47 . 2008-06-26 10:47 <DIR> d--hs---- C:\Documents and Settings\Nebesky\UserData
2008-06-26 10:31 . 2008-06-26 10:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-06-26 10:30 . 2008-07-03 20:57 110,340 --a------ C:\WINDOWS\BMbfd97d52.xml
2008-06-25 23:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 22:58 . 2008-07-03 21:08 <DIR> d-------- C:\Temp
2008-06-25 22:56 . 2008-06-25 22:56 167,976 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-25 22:36 . 2008-06-25 22:36 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-25 22:31 . 2008-06-25 22:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 22:28 . 2008-06-25 22:28 <DIR> d-------- C:\lj1000hb
2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 22:20 . 2008-06-25 22:20 390 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 22:19 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 22:12 . 2008-06-25 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 22:11 . 2008-06-25 22:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 22:08 . 2008-06-25 22:08 <DIR> dr-h----- C:\MSOCache
2008-06-25 21:51 . 2008-06-29 23:18 <DIR> d-------- C:\Program Files\Dealio
2008-06-25 21:50 . 2008-06-25 21:50 86,144 --a------ C:\WINDOWS\system32\drivers\amdk77.sys
2008-06-25 21:50 . 2008-06-25 21:50 37,888 -rahs---- C:\WINDOWS\system32\adsnww.exe
2008-06-25 21:50 . 2008-06-25 21:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-25 21:50 . 2008-06-25 22:57 32 --a-s---- C:\WINDOWS\system32\1510756794.dat
2008-06-25 21:49 . 2008-06-25 21:49 37,888 -rahs---- C:\WINDOWS\system32\appmgmtsq.exe.17811071
2008-06-25 21:49 . 2008-06-25 21:50 37,888 --a------ C:\rfby.exe
2008-06-25 20:43 . 2008-06-25 20:48 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 20:41 . 2008-06-25 23:09 <DIR> d-------- C:\Program Files\Java
2008-06-25 20:41 . 2008-06-25 20:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-25 20:39 . 2008-06-25 20:39 <DIR> d-------- C:\Program Files\QIP
2008-06-25 20:34 . 2008-06-25 23:52 <DIR> d-------- C:\Program Files\ICQLite
2008-06-25 20:21 . 2008-06-25 20:21 <DIR> d-------- C:\Program Files\Crystal Player
2008-06-25 20:20 . 2008-06-25 20:20 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-25 20:20 . 2008-06-25 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-25 20:18 . 2008-06-25 20:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 19:57 . 2007-10-12 17:27 179,048 --a------ C:\WINDOWS\system32\e1000msg.dll
2008-06-25 19:57 . 2007-10-12 17:27 171,416 --a------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-06-25 19:57 . 2007-10-12 17:27 154,496 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-25 19:57 . 2007-10-12 17:27 63,352 --a------ C:\WINDOWS\system32\NicEtCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-06-25 19:57 . 2007-10-12 17:27 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 2,844 --a------ C:\WINDOWS\system32\e1000325.din
2008-06-25 19:44 . 2008-06-25 19:44 <DIR> d-------- C:\Program Files\Intel
2008-06-25 19:36 . 2008-06-25 19:36 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-25 19:36 . 2004-04-23 14:30 2,494,464 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-06-25 19:34 . 2003-08-06 10:43 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2008-06-25 19:34 . 2003-06-20 15:06 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2008-06-25 19:08 . 2003-09-17 15:57 8,440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-25 15:04 . 2008-06-25 14:55 <DIR> d--h----- C:\Documents and Settings\Nebesky\ćablony
2008-06-25 15:04 . 2008-07-03 21:06 <DIR> d-------- C:\Documents and Settings\Nebesky\Plocha
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ tisk rny
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ sˇś
2008-06-25 15:04 . 2008-06-29 17:38 <DIR> dr------- C:\Documents and Settings\Nebesky\Oblˇben‚ polo§ky
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> dr------- C:\Documents and Settings\Nebesky\Nabˇdka Start
2008-06-25 15:04 . 2008-07-02 21:05 <DIR> dr------- C:\Documents and Settings\Nebesky\Dokumenty
2008-06-25 15:04 . 2008-06-29 23:19 <DIR> dr-h----- C:\Documents and Settings\Nebesky\Data aplikacˇ
2008-06-25 15:04 . 2008-07-03 21:07 <DIR> d-------- C:\Documents and Settings\Nebesky
2008-06-25 15:04 . 2008-06-25 22:57 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikacˇ
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-25 15:04 . 2008-06-25 15:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-25 15:03 . 2008-06-25 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikacˇ
2008-06-25 15:03 . 2008-06-26 10:31 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-25 15:02 . 2008-06-25 14:55 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\ćablony
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Plocha
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ tisk rny
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ sˇś
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Oblˇben‚ polo§ky
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Nabˇdka Start
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dokumenty
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Data aplikacˇ
2008-06-25 15:01 . 2001-10-25 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:03 --------- d-----w C:\Program Files\ESET
2008-06-30 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:46 --------- d-----w C:\Program Files\totalcmd7
2008-06-25 16:26 --------- d-----w C:\Program Files\Kerio
2008-06-25 16:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-25 16:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-25 16:15 --------- d-----w C:\Program Files\ATI Technologies
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:17 917504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 amdk77;amdk77;C:\WINDOWS\system32\drivers\amdk77.sys [2008-06-25 21:50]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 HTTPFilterImapiService;HTTP SSL HTTPFilterImapiService;C:\WINDOWS\system32\appmgmtsq.exe []

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMbfd97d52 - C:\WINDOWS\system32\etwpeior.dll
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 21:09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 19:10:10

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Driver::
amdk77
HTTPFilterImapiService

Collect::
C:\WINDOWS\system32\appmgmtsq.exe.17811071
C:\WINDOWS\system32\appmgmtsq.exe
C:\rfby.exe

File::
C:\WINDOWS\BMbfd97d52.xml
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\adsnww.exe
C:\WINDOWS\system32\1510756794.dat
C:\WINDOWS\system32\drivers\amdk77.sys

Folder::
C:\Temp\tn3
C:\Temp

FileLook::
C:\WINDOWS\system32\sporder.dll

DirLook::
C:\lj1000hb

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, pošli mi ho přes SZ jako přílohu, případně ho vlož jako přílohu ke svému dalšímu příspěvku. (Zvol spíš první variantu)

[Nebesky]

Projel jsem to podle návodu tady přihazuji poslední log.

ComboFix 08-07-02.5 - Nebesky 2008-07-05 13:24:19.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.733 [GMT 2:00]
Running from: C:\Documents and Settings\Nebesky\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nebesky\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMbfd97d52.xml
C:\WINDOWS\system32\1510756794.dat
C:\WINDOWS\system32\adsnww.exe
C:\WINDOWS\system32\drivers\amdk77.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nebesky\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\rfby.exe
C:\Temp
C:\temp\tn3
C:\WINDOWS\BMbfd97d52.xml
C:\WINDOWS\system32\1510756794.dat
C:\WINDOWS\system32\adsnww.exe
C:\WINDOWS\system32\appmgmtsq.exe.17811071
C:\WINDOWS\system32\drivers\amdk77.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMDK77
-------\Legacy_HTTPFILTERIMAPISERVICE
-------\Service_amdk77
-------\Service_HTTPFilterImapiService


((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-02 23:15 . 2008-07-02 23:15 0 --a------ C:\23990098.$$$
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-07-02 21:05 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-07-02 21:05 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-07-02 21:05 . 2008-07-02 21:08 50 --a------ C:\WINDOWS\Lic.xxx
2008-07-02 21:02 . 2008-07-02 21:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-01 22:18 . 2008-07-01 22:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-01 16:05 . 2008-07-01 16:05 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-01 16:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-01 16:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-01 16:04 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-01 16:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-01 16:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-01 16:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-01 16:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-01 16:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-01 16:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\CyberLink
2008-06-29 18:39 . 2008-06-29 18:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 18:00 . 2008-06-29 18:00 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 17:29 . 2008-07-01 16:06 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-06-29 10:08 . 2008-06-14 20:00 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-29 10:08 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 09:38 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 12:06 . 2008-06-29 17:50 <DIR> d-------- C:\Program Files\Setup Files
2008-06-26 12:02 . 2008-06-26 12:02 <DIR> d-------- C:\Program Files\MSI
2008-06-26 11:16 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-26 11:02 . 2008-06-26 11:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-26 10:47 . 2008-07-01 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 10:47 . 2008-06-26 10:47 <DIR> d--hs---- C:\Documents and Settings\Nebesky\UserData
2008-06-26 10:31 . 2008-06-26 10:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-06-25 23:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 22:36 . 2008-06-25 22:36 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-25 22:31 . 2008-06-25 22:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 22:28 . 2008-06-25 22:28 <DIR> d-------- C:\lj1000hb
2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 22:20 . 2008-06-25 22:20 390 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 22:19 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 22:12 . 2008-06-25 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 22:11 . 2008-06-25 22:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 22:08 . 2008-06-25 22:08 <DIR> dr-h----- C:\MSOCache
2008-06-25 21:51 . 2008-06-29 23:18 <DIR> d-------- C:\Program Files\Dealio
2008-06-25 21:50 . 2008-06-25 21:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-25 20:43 . 2008-06-25 20:48 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 20:41 . 2008-06-25 23:09 <DIR> d-------- C:\Program Files\Java
2008-06-25 20:41 . 2008-06-25 20:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-25 20:39 . 2008-06-25 20:39 <DIR> d-------- C:\Program Files\QIP
2008-06-25 20:34 . 2008-06-25 23:52 <DIR> d-------- C:\Program Files\ICQLite
2008-06-25 20:21 . 2008-06-25 20:21 <DIR> d-------- C:\Program Files\Crystal Player
2008-06-25 20:20 . 2008-06-25 20:20 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-25 20:20 . 2008-06-25 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-25 20:18 . 2008-06-25 20:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 19:57 . 2007-10-12 17:27 179,048 --a------ C:\WINDOWS\system32\e1000msg.dll
2008-06-25 19:57 . 2007-10-12 17:27 171,416 --a------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-06-25 19:57 . 2007-10-12 17:27 154,496 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-25 19:57 . 2007-10-12 17:27 63,352 --a------ C:\WINDOWS\system32\NicEtCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-06-25 19:57 . 2007-10-12 17:27 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 2,844 --a------ C:\WINDOWS\system32\e1000325.din
2008-06-25 19:44 . 2008-06-25 19:44 <DIR> d-------- C:\Program Files\Intel
2008-06-25 19:36 . 2008-06-25 19:36 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-25 19:36 . 2004-04-23 14:30 2,494,464 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-06-25 19:34 . 2003-08-06 10:43 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2008-06-25 19:34 . 2003-06-20 15:06 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2008-06-25 19:08 . 2003-09-17 15:57 8,440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-25 15:04 . 2008-06-25 14:55 <DIR> d--h----- C:\Documents and Settings\Nebesky\ćablony
2008-06-25 15:04 . 2008-07-05 13:26 <DIR> d-------- C:\Documents and Settings\Nebesky\Plocha
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ tisk rny
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ sˇś
2008-06-25 15:04 . 2008-06-29 17:38 <DIR> dr------- C:\Documents and Settings\Nebesky\Oblˇben‚ polo§ky
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> dr------- C:\Documents and Settings\Nebesky\Nabˇdka Start
2008-06-25 15:04 . 2008-07-02 21:05 <DIR> dr------- C:\Documents and Settings\Nebesky\Dokumenty
2008-06-25 15:04 . 2008-06-29 23:19 <DIR> dr-h----- C:\Documents and Settings\Nebesky\Data aplikacˇ
2008-06-25 15:04 . 2008-07-03 21:07 <DIR> d-------- C:\Documents and Settings\Nebesky
2008-06-25 15:04 . 2008-06-25 22:57 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikacˇ
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-25 15:04 . 2008-06-25 15:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-25 15:03 . 2008-06-25 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikacˇ
2008-06-25 15:03 . 2008-06-26 10:31 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-25 15:02 . 2008-06-25 14:55 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\ćablony
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Plocha
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ tisk rny
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ sˇś
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Oblˇben‚ polo§ky
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Nabˇdka Start
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dokumenty
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Data aplikacˇ
2008-06-25 15:01 . 2001-10-25 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:03 --------- d-----w C:\Program Files\ESET
2008-06-30 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:46 --------- d-----w C:\Program Files\totalcmd7
2008-06-25 16:26 --------- d-----w C:\Program Files\Kerio
2008-06-25 16:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-25 16:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-25 16:15 --------- d-----w C:\Program Files\ATI Technologies
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- C:\WINDOWS\system32\sporder.dll ----
Company: Microsoft Corporation
File Description: WinSock2 reorder service providers
File Version: 5.00.2095.1
Product Name: Microsoft(R) Windows (R) 2000 Operating System
Copyright: Copyright (C) Microsoft Corp. 1981-1999
Original file name: sporder.dll
MD5: f12e514aea35cd28ba6c080e707550f9

---- Directory of C:\lj1000hb ----

2003-05-27 13:37 99616 --a------ C:\lj1000hb\IMF16.drv
2003-05-27 13:37 98304 --a------ C:\lj1000hb\vsetup.dll
2003-05-27 13:37 949 --a------ C:\lj1000hb\zUsb.inf
2003-05-27 13:37 9216 --a------ C:\lj1000hb\Zlang.dll
2003-05-27 13:37 90112 --a------ C:\lj1000hb\apptune.exe
2003-05-27 13:37 900388 --a------ C:\lj1000hb\hpflash1.exe
2003-05-27 13:37 8911 --a------ C:\lj1000hb\zUsb.cat
2003-05-27 13:37 88504 --a------ C:\lj1000hb\dour65w.ttf
2003-05-27 13:37 88408 --a------ C:\lj1000hb\dour45w.ttf
2003-05-27 13:37 8704 --a------ C:\lj1000hb\ZPRINT32.EXE
2003-05-27 13:37 86016 --a------ C:\lj1000hb\ZSPOOL.DLL
2003-05-27 13:37 80712 --a------ C:\lj1000hb\dour66w.ttf
2003-05-27 13:37 80676 --a------ C:\lj1000hb\dour46w.ttf
2003-05-27 13:37 79002 --a------ C:\lj1000hb\SDhp1000.hlp
2003-05-27 13:37 77824 --a------ C:\lj1000hb\zlmhp1.dll
2003-05-27 13:37 7381 --a------ C:\lj1000hb\ZShp1000.hlp
2003-05-27 13:37 73728 --a------ C:\lj1000hb\ZSHP1000.dll
2003-05-27 13:37 71168 --a------ C:\lj1000hb\Sd32.dll
2003-05-27 13:37 65536 --a------ C:\lj1000hb\SDDM32.DLL
2003-05-27 13:37 5632 --a------ C:\lj1000hb\SDNTUM4.DLL
2003-05-27 13:37 54784 --a------ C:\lj1000hb\zPJL.dll
2003-05-27 13:37 52325 --a------ C:\lj1000hb\readme.wri
2003-05-27 13:37 49152 --a------ C:\lj1000hb\IMFPRINT.DLL
2003-05-27 13:37 47120 --a------ C:\lj1000hb\SD4.DLL
2003-05-27 13:37 45056 --a------ C:\lj1000hb\zpp.dll
2003-05-27 13:37 36864 --a------ C:\lj1000hb\zstatus.exe
2003-05-27 13:37 36864 --a------ C:\lj1000hb\zpppcl.dll
2003-05-27 13:37 36864 --a------ C:\lj1000hb\fwdl.exe
2003-05-27 13:37 3608 --a------ C:\lj1000hb\HPLJ1000.INF
2003-05-27 13:37 32351 --a------ C:\lj1000hb\hp1KW9x.cat
2003-05-27 13:37 32256 --a------ C:\lj1000hb\imfnt5.dll
2003-05-27 13:37 3005 --a------ C:\lj1000hb\SDhp1000.sdd
2003-05-27 13:37 29184 --a------ C:\lj1000hb\ZSPOOL32.EXE
2003-05-27 13:37 28672 --a------ C:\lj1000hb\zlm.dll
2003-05-27 13:37 28672 --a------ C:\lj1000hb\SDNT5UI.dll
2003-05-27 13:37 271 --a------ C:\lj1000hb\apptune.ini
2003-05-27 13:37 26624 --a------ C:\lj1000hb\QDPRINT.DLL
2003-05-27 13:37 23552 --a------ C:\lj1000hb\ZGDI32.DLL
2003-05-27 13:37 22608 --a------ C:\lj1000hb\USBPRINT.SYS
2003-05-27 13:37 2130206 --a------ C:\lj1000hb\guide.pdf
2003-05-27 13:37 20489 --a------ C:\lj1000hb\hp1KW2K.cat
2003-05-27 13:37 1953792 --a------ C:\lj1000hb\pcldll6l.dll
2003-05-27 13:37 19456 --a------ C:\lj1000hb\ZTAG32.DLL
2003-05-27 13:37 18944 --a------ C:\lj1000hb\SDIMF32.DLL
2003-05-27 13:37 16384 --a------ C:\lj1000hb\ZJBIG.dll
2003-05-27 13:37 1598 --a------ C:\lj1000hb\sd4.ini
2003-05-27 13:37 151552 --a------ C:\lj1000hb\SDhp1000.DLL
2003-05-27 13:37 147456 --a------ C:\lj1000hb\ZUNINST.EXE
2003-05-27 13:37 147456 --a------ C:\lj1000hb\Sr32.dll
2003-05-27 13:37 135168 --a------ C:\lj1000hb\SUhp1000.DLL
2003-05-27 13:37 122880 --a------ C:\lj1000hb\SDDMUI.DLL
2003-05-27 13:37 12288 --a------ C:\lj1000hb\USBMON.DLL
2003-05-27 13:37 12288 --a------ C:\lj1000hb\IMF32.DLL
2003-05-27 13:37 1145 --a------ C:\lj1000hb\SDhp1000.UNZ
2003-05-27 13:37 114233 --a------ C:\lj1000hb\sihp1000.img
2003-05-27 13:37 10751 --a------ C:\lj1000hb\read1st.txt
2001-11-15 09:17 54 --a------ C:\lj1000hb\HPLJ1000.DOI
1996-10-07 15:53 6020 --a------ C:\lj1000hb\HPLiccz.txt


------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-03_21.09.47.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 19:08:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 11:27:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:17 917504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 13:27:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-07-05 13:29:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 11:28:55
ComboFix2.txt 2008-07-03 19:10:18

Adresářů: 8, Volných bajtů: 8,405,000,192
Adres ý…: 9, Volněch bajt…: 8,394,993,664

286 --- E O F --- 2008-07-01 14:07:01

[fredik]

Dej sem ještě nový log z HJT + postni mi ten soubor (nedošel) dík.

[Nebesky]

Zdravím... Tady je poslední log z HJT a ten soubor jsem snad už poslal správně :-) Díky za čas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:10, on 6.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AA4C1F-CB98-45CB-8460-28EA0FC91D3B}: NameServer = 193.179.148.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5143 bytes

[guest]

Všechno O.K. Poděkuj Fredíkovi.

[fredik]

Dík za nahrání souboru.

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

Máš ještě nějaké problémy?

[Nebesky]

Vše je úplně v pořádku moc děkuji za pomoc. Určitě jak se mi něco znovu vyskytne v pc napíšu. Moc jsi mi pomohl...

[fredik]

Nemáš za co kdyby byl nějaký problém tak dej vědět.