Prosim o kontrolu logu

[mflaska]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:25, on 14.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\streamserve\PreviewServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\TEMP\qgi12.tmp
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\blphcjvcj0egfa.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [lphcjvcj0egfa] C:\WINDOWS\system32\lphcjvcj0egfa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ncfnsput - C:\WINDOWS\SYSTEM32\ncfnsput.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Preview - StreamServe, Inc. - C:\streamserve\PreviewServer.exe

--
End of file - 5167 bytes

je na pozadi nejakej cajk, neco stylu: mas kompa nadlyho vycisti ho....sem tam mi vyskoci z nodu cerv win32/Nuwar.CX. Jinak tam je jeste nejakej Antivirus XP 2008...

[Reklama]

[fredik]

Vítej na fóru

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[mflaska]

ComboFix 08-07-14.2 - magda 2008-07-16 7:37:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.231 [GMT 2:00]
Running from: C:\Documents and Settings\magda\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Data aplikací\rhcnvcj0egfa
C:\Documents and Settings\magda\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\magda\Data aplikací\rhcnvcj0egfa
C:\Documents and Settings\magda\Data aplikací\shclvcj0egfa
C:\Program Files\rhcnvcj0egfa
C:\WINDOWS\system32\blphcjvcj0egfa.scr
c:\windows\system32\Drivers\Vbf37.sys
C:\WINDOWS\system32\lphcjvcj0egfa.exe
C:\WINDOWS\system32\phcjvcj0egfa.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Legacy_VBF37
-------\Service_sysrest.sys
-------\Service_Vbf37


((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 20:02 . 2008-07-15 19:52 60,928 --a------ C:\WINDOWS\system32\E6.tmp
2008-07-15 16:00 . 2008-07-15 15:44 60,928 --a------ C:\WINDOWS\system32\6A.tmp
2008-07-15 13:38 . 2008-07-15 13:28 60,928 --a------ C:\WINDOWS\system32\20.tmp
2008-07-15 13:18 . 2008-07-15 13:08 60,928 --a------ C:\WINDOWS\system32\18.tmp
2008-07-14 13:51 . 2008-07-14 13:41 60,928 --a------ C:\WINDOWS\system32\80.tmp
2008-07-14 12:20 . 2008-07-14 12:10 60,928 --a------ C:\WINDOWS\system32\4B.tmp
2008-07-14 12:00 . 2008-07-14 11:49 60,928 --a------ C:\WINDOWS\system32\46.tmp
2008-07-14 11:39 . 2008-07-14 11:28 60,928 --a------ C:\WINDOWS\system32\30.tmp
2008-07-14 11:18 . 2008-07-14 11:08 60,928 --a------ C:\WINDOWS\system32\2B.tmp
2008-07-14 10:57 . 2008-07-14 10:47 60,928 --a------ C:\WINDOWS\system32\25.tmp
2008-07-14 10:47 . 2008-07-14 10:37 60,928 --a------ C:\WINDOWS\system32\11.tmp
2008-07-14 10:04 . 2008-07-14 10:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 09:58 . 2008-07-14 09:48 60,928 --a------ C:\WINDOWS\system32\26.tmp
2008-07-14 09:50 . 2008-07-14 09:50 <DIR> d-------- C:\Program Files\CCleaner
2008-07-14 09:48 . 2008-07-14 09:48 15,328 --a------ C:\WINDOWS\system32\sysrest.Vsys
2008-07-14 08:15 . 2008-07-14 08:05 60,928 --a------ C:\WINDOWS\system32\13.tmp
2008-07-11 14:14 . 2006-02-07 16:58 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-07-11 14:14 . 2008-07-14 10:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-07-11 14:14 . 2008-07-16 07:40 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-07-11 14:14 . 2008-07-14 10:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-11 08:29 . 2008-07-11 08:19 60,928 --a------ C:\WINDOWS\system32\2A.tmp
2008-07-10 13:13 . 2008-07-10 13:03 60,928 --a------ C:\WINDOWS\system32\27.tmp
2008-06-20 19:42 . 2008-06-20 19:42 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 06:24 --------- d-----w C:\Program Files\ESET
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 12:53 1056768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-01-15 18:36 778240]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"TERTkulnbuIXmu"= {94F899E9-3E52-3343-C4A8-132294124FC6} - C:\WINDOWS\system32\drulw.dll [2007-04-16 17:54 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dim04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Preview;Preview;C:\streamserve\PreviewServer.exe [2004-09-21 02:33]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 12:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S0 Dim04;Dim04;C:\WINDOWS\system32\Drivers\Dim04.sys []

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphcjvcj0egfa - C:\WINDOWS\system32\lphcjvcj0egfa.exe
Notify-ncfnsput - ncfnsput.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 07:43:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-16 7:46:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 05:45:30

Adresářů: 10, Volných bajtů: 23,328,727,040
Adres ý…: 14, Volněch bajt…: 23,303,413,760

133 --- E O F --- 2008-07-16 01:00:31



pustil jsem ho tedy...tady jsou vysledky...

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
Dim04

File::
C:\WINDOWS\system32\E6.tmp
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\80.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\sysrest.Vsys
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\27.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"TERTkulnbuIXmu"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dim04.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf37.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[mflaska]

ComboFix 08-07-14.2 - magda 2008-07-17 7:18:02.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.213 [GMT 2:00]
Running from: C:\Documents and Settings\magda\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\magda\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\80.tmp
C:\WINDOWS\system32\E6.tmp
C:\WINDOWS\system32\sysrest.Vsys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\4B.tmp
C:\WINDOWS\system32\6A.tmp
C:\WINDOWS\system32\80.tmp
C:\WINDOWS\system32\E6.tmp
C:\WINDOWS\system32\sysrest.Vsys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DIM04
-------\Service_Dim04


((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-14 10:04 . 2008-07-14 10:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 09:50 . 2008-07-14 09:50 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 14:14 . 2006-02-07 16:58 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-07-11 14:14 . 2006-02-07 17:49 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-07-11 14:14 . 2008-07-14 10:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-07-11 14:14 . 2008-07-16 07:40 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-07-11 14:14 . 2008-07-14 10:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-20 19:42 . 2008-06-20 19:42 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 06:24 --------- d-----w C:\Program Files\ESET
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 12:53 1056768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-01-15 18:36 778240]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Preview;Preview;C:\streamserve\PreviewServer.exe [2004-09-21 02:33]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 12:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 07:24:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MLANG.dll
-> ?:\WINDOWS\system32\MLANG.dll
-> ?:\WINDOWS\system32\MLANG.dll
-> ?:\WINDOWS\system32\MLANG.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-07-17 7:27:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 05:26:32
ComboFix2.txt 2008-07-16 05:46:43

Adresářů: 10, Volných bajtů: 23,196,299,264
Adres ý…: 13, Volněch bajt…: 23,260,819,456

134 --- E O F --- 2008-07-16 01:00:31

[mflaska]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:34, on 17.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\streamserve\PreviewServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Preview - StreamServe, Inc. - C:\streamserve\PreviewServer.exe

--
End of file - 4336 bytes



udelal jsem vse presne tak, jak jsi napsal. cekam na dalsi pokyny :)

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině (nepoužít jeho malware scaner, nebo přes něj odstranit co najde)

Máš ještě nějaké problémy?