presun viru do truhly nejde pomoc Vyřešeno

[jaro3]

Najdi a smaž: C:\SDFix

Vypni rez.ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[pikass]

tak tady je ten log

ComboFix 08-12-16.03 - Petr 2008-12-17 21:44:59.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1526.1069 [GMT 0:00]
Spuštěný z: c:\documents and settings\Petr\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp27.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-17 do 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-17 19:22 . 2008-12-17 19:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-17 19:20 . 2008-12-17 19:20 <DIR> d-------- c:\windows\ERUNT
2008-12-17 18:57 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-17 18:33 . 2008-12-17 18:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 18:33 . 2008-12-17 18:34 <DIR> d-------- c:\documents and settings\Petr\Application Data\Malwarebytes
2008-12-17 18:33 . 2008-12-17 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 18:33 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 18:33 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 17:58 . 2008-12-05 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2008-12-05 17:37 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-05 17:37 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-05 17:37 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-12-05 17:37 . 2008-12-05 17:37 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-05 17:37 . 2008-12-05 17:37 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-05 17:34 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-12-05 17:34 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-05 17:34 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-05 17:34 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-05 17:34 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-05 17:34 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-05 17:31 . 2008-12-05 17:31 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-05 17:30 . 2008-12-05 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-22 10:32 . 2008-11-22 10:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-22 08:38 . 2008-11-22 08:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-20 16:54 . 2008-11-20 16:54 <DIR> d--hs---- C:\FOUND.040
2008-11-18 18:34 . 2008-11-18 18:34 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 17:56 --------- d-----w c:\documents and settings\Petr\Application Data\dvdcss
2008-11-05 16:56 --------- d-----w c:\program files\VideoLAN
2008-11-05 16:56 --------- d-----w c:\documents and settings\Petr\Application Data\vlc
2008-11-02 20:18 --------- d-----w c:\program files\NCH Swift Sound
2008-11-02 20:18 --------- d-----w c:\documents and settings\Petr\Application Data\NCH Swift Sound
2008-11-02 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-27 17:24 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 02:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-10 19:08 737,280 ----a-w c:\windows\iun6002.exe
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 17:45 21,840 ----a-w c:\windows\system32\SIntfNT.dll
2008-09-28 17:45 17,212 ----a-w c:\windows\system32\SIntf32.dll
2008-09-28 17:45 12,067 ----a-w c:\windows\system32\SIntf16.dll
2008-09-18 01:40 42,320 ----a-w c:\windows\system32\xfcodec.dll
2006-10-25 14:17 625,035,295 ----a-w c:\documents and settings\Petr\0compressed.zip
2004-12-07 09:13 976,020 ----a-w c:\program files\BDAXP.cab
2003-02-28 06:00 12,800 ----a-w c:\documents and settings\Petr\cnmss Canon i250 (Local).exe
2008-09-13 13:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2002-11-29 4749824]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2006-01-06 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ6\\Icq.exe"=
"d:\\HRY\\NFS U2\\SPEED2.EXE"=
"d:\\HRY\\nfs most wantet\\speed.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-15 111184]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2008-01-12 12856]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2008-03-30 115968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
S3 DMSKSSRh;DMSKSSRh; []
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S4 AutoSyncService;Memeo AutoSync ;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10aa10e7-b141-11dc-bdf0-0016d46816c7}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-14 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-12-14 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []

2008-12-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []

2008-12-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: ÓA±EIO3«ÁéIÂÔO(&B)
TCP: {F30B0D9C-6DBF-4F30-BA7A-265D561B5F4C} = 10.0.0.4,10.0.0.2
FF - ProfilePath - c:\documents and settings\Petr\Application Data\Mozilla\Firefox\Profiles\bhw1u3w5.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60327&qkw=
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 21:48:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\program files\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\program files\COMMON FILES\PCSUITE\SERVICES\SERVICELAYER.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
.
**************************************************************************
.
Celkový čas: 2008-12-17 21:51:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-17 21:51:08

Před spuštěním: 6 365 511 680 bytes free
Po spuštění: 6,357,745,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

228 --- E O F --- 2008-12-12 04:22:06

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\FOUND.040

File::
C:\DOCUME~1\Petr\LOCALS~1\Temp\DMSKSSRh.sys
c:\windows\iun6002.exe

Driver::
DMSKSSRh

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
Vlož sem pak výsledky.

[pikass]

tady je ten log

ComboFix 08-12-16.03 - Petr 2008-12-18 16:43:40.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1526.1060 [GMT 0:00]
Spuštěný z: c:\documents and settings\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\docume~1\Petr\LOCALS~1\Temp\DMSKSSRh.sys
c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.040
c:\found.040\FILE0000.CHK
c:\found.040\FILE0001.CHK
c:\windows\iun6002.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh


((((((((((((((((((((((((( Soubory vytvořené od 2008-11-18 do 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-17 19:22 . 2008-12-17 19:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-17 19:20 . 2008-12-17 19:20 <DIR> d-------- c:\windows\ERUNT
2008-12-17 18:57 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-17 18:33 . 2008-12-17 18:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 18:33 . 2008-12-17 18:34 <DIR> d-------- c:\documents and settings\Petr\Application Data\Malwarebytes
2008-12-17 18:33 . 2008-12-17 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 18:33 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 18:33 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 17:58 . 2008-12-05 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2008-12-05 17:37 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-05 17:37 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-05 17:37 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-12-05 17:37 . 2008-12-05 17:37 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-05 17:37 . 2008-12-05 17:37 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-05 17:34 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-12-05 17:34 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-05 17:34 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-05 17:34 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-05 17:34 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-05 17:34 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-05 17:31 . 2008-12-05 17:31 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-05 17:30 . 2008-12-05 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-22 10:32 . 2008-11-22 10:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-22 08:38 . 2008-11-22 08:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-18 18:34 . 2008-11-18 18:34 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 17:56 --------- d-----w c:\documents and settings\Petr\Application Data\dvdcss
2008-11-05 16:56 --------- d-----w c:\program files\VideoLAN
2008-11-05 16:56 --------- d-----w c:\documents and settings\Petr\Application Data\vlc
2008-11-02 20:18 --------- d-----w c:\program files\NCH Swift Sound
2008-11-02 20:18 --------- d-----w c:\documents and settings\Petr\Application Data\NCH Swift Sound
2008-11-02 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-27 17:24 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 02:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 17:45 21,840 ----a-w c:\windows\system32\SIntfNT.dll
2008-09-28 17:45 17,212 ----a-w c:\windows\system32\SIntf32.dll
2008-09-28 17:45 12,067 ----a-w c:\windows\system32\SIntf16.dll
2008-09-18 01:40 42,320 ----a-w c:\windows\system32\xfcodec.dll
2006-10-25 14:17 625,035,295 ----a-w c:\documents and settings\Petr\0compressed.zip
2004-12-07 09:13 976,020 ----a-w c:\program files\BDAXP.cab
2003-02-28 06:00 12,800 ----a-w c:\documents and settings\Petr\cnmss Canon i250 (Local).exe
2008-09-13 13:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-17_21.50.07.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-18 16:47:34 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_754.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2002-11-29 4749824]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2006-01-06 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"YSearchProtection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ6\\Icq.exe"=
"d:\\HRY\\NFS U2\\SPEED2.EXE"=
"d:\\HRY\\nfs most wantet\\speed.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-15 111184]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2008-01-12 12856]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2008-03-30 115968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S4 AutoSyncService;Memeo AutoSync ;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10aa10e7-b141-11dc-bdf0-0016d46816c7}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-14 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-12-14 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []

2008-12-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []

2008-12-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: ÓA±EIO3«ÁéIÂÔO(&B)
TCP: {F30B0D9C-6DBF-4F30-BA7A-265D561B5F4C} = 10.0.0.4,10.0.0.2
FF - ProfilePath - c:\documents and settings\Petr\Application Data\Mozilla\Firefox\Profiles\bhw1u3w5.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60327&qkw=
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 16:48:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\program files\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE
c:\program files\COMMON FILES\PCSUITE\SERVICES\SERVICELAYER.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-12-18 16:50:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-18 16:50:26
ComboFix2.txt 2008-12-17 21:51:16

Před spuštěním: 6 316 097 536 bytes free
Po spuštění: 6,288,719,872 bytes free

231 --- E O F --- 2008-12-12 04:22:06

[pikass]

a tady je ten hj log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:40, on 18.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ6\\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ6\\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8902846718
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30B0D9C-6DBF-4F30-BA7A-265D561B5F4C}: NameServer = 10.0.0.4,10.0.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8573 bytes

a jdu skusit otestovat ty tri soubor co tady mam

[pikass]

tady je ten prvni
Antivirus Verze Poslední ak
tualizace Výsledek
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Rozšiřující informace
MD5: 222810667d9fc2fab1bef82a8e510a1b
SHA1: 663000df604807aac920620cc76840ef4f1411c8
SHA256: 21d5c5740e44807bc1da355ae1decff08f9412b3364d37feeb8ee5e379166e86
SHA512: 83670a24867c06879906b39a31c3136f34b800b0698bb6d60eded49a69bd6cc83ad9008e8f6bac81f78b96c8f1cfcd5ba085a70dd285918001c0d99c75e3d113

[pikass]

tady je te druhy
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Rozšiřující informace
MD5: 9a7a95e48e629a075c6d883d0ee524c8
SHA1: 8dd7c09354a5b9396ceb5ceefb11dde9aee1f2dc
SHA256: 48f7be0521aad955fbc9af57608a76d0c0222d5cf628b2448b9a04071e2d77a3
SHA512: 149bca9d42799d5cf6cd6ac1d3642c90f47912f511106794621dad0e5e40c6dbf0a5d11bd9152f247099230ba6a77f7734bae596c776607132996d7b50944644

[pikass]

tady je ten treti

AhnLab-V3 2008.7.29.1 2008.08.01 -
AntiVir 7.8.1.15 2008.08.01 -
Authentium 5.1.0.4 2008.07.31 -
Avast 4.8.1195.0 2008.07.31 -
AVG 8.0.0.156 2008.08.01 -
BitDefender 7.2 2008.08.01 -
CAT-QuickHeal 9.50 2008.08.01 -
ClamAV 0.93.1 2008.08.01 -
DrWeb 4.44.0.09170 2008.08.01 -
eSafe 7.0.17.0 2008.07.29 -
eTrust-Vet 31.6.6001 2008.08.01 -
Ewido 4.0 2008.08.01 -
F-Prot 4.4.4.56 2008.07.31 -
F-Secure 7.60.13501.0 2008.08.01 -
Fortinet 3.14.0.0 2008.08.01 -
GData 2.0.7306.1023 2008.08.01 -
Ikarus T3.1.1.34.0 2008.08.01 -
K7AntiVirus 7.10.399 2008.07.31 -
Kaspersky 7.0.0.125 2008.08.01 -
McAfee 5351 2008.07.31 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3317 2008.08.01 -
Norman 5.80.02 2008.08.01 -
Panda 9.0.0.4 2008.08.01 -
PCTools 4.4.2.0 2008.08.01 -
Prevx1 V2 2008.08.01 -
Rising 20.55.42.00 2008.08.01 -
Sophos 4.31.0 2008.08.01 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.01 -
TheHacker 6.2.96.391 2008.07.31 -
TrendMicro 8.700.0.1004 2008.08.01 -
VBA32 3.12.8.2 2008.08.01 -
ViRobot 2008.8.1.1321 2008.08.01 -
VirusBuster 4.5.11.0 2008.08.01 -
Webwasher-Gateway 6.6.2 2008.08.01 -
Rozšiřující informace
File size: 12067 bytes
MD5...: c72263a0b16b36e0b4bd2fd442fffd54
SHA1..: eeefb634c1077a4dccaa99f3db6ed3d935650110
SHA256: d263e730a51fe2f103fd592ab3489c8c10ecbc66b951a5e8bde7bf4f79c75c45
SHA512: 61ed743f75ab790cacc14eee62456a0d081d7adf252c3b18149ef4f74dade63c
39d33da1a7cc23dc19a169e29decd41365e67df208037fd89307fd489f3ec7ec
PEiD..: -
PEInfo: -
packers (Kaspersky): PkLite

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Napiš jak se chová comp a karanténa Avastu.

[pikass]

comp jede v klidu ale porad mi to po testu avastem vyhodi to okno 2infikovane reklamni material a dalsi slozky co jsou pod heslem a nejde snema nic udelat
a v karatene jsou am ty viry co tam byly mazat je nebudu v truhle neskodi
systemove soubor v truhle co jsou nakazene jsou :kernell32.dll ,winsock.dll ,winsock32.dll, wsock32.dll

infikovane soubor jsou a0214228.exe.vir

dik moc za pomoc za cas straveny tady

[jaro3]

Stáhni si :Dr. Web CureIt

dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat.
Soubor a0214228.exe můžeš smazat.
Ostatní výše dej léčit, i když ten winsock32.dll vypadá na nákazu.U ostatních záleží na destinaci.
Můžeš otestovat na Virustotal
a vložit výsledky.

[pikass]

chtel jsem se zeptat kdyz dam lecit v tom dr eb antivirus a on to smze tak je to v poradku maze veci ktere se muzou smazat? dik za pomoc a trpelivost z myma dotazama