Smitrfraud c.coreservice v systemu

[mmireczech]

prosím o pomoc. Sbybot objevil smitfrauda v systemu a nelze se jej zbavit. Dle návodu co jsem již přečetl zasílám log z HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:07, on 14.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MMireczech\Plocha\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{9868BA45-F5E2-4FEB-9032-58894ED44E94}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe

--
End of file - 5319 bytes


a ještě log z Combofixu - tak doufám že to je vše správně

ComboFix 08-02-14.1 - MMireczech 2008-02-14 9:39:34.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.567 [GMT 1:00]
Running from: C:\Documents and Settings\MMireczech\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://onlinesafepro.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NM
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 00:29 . 2008-02-14 00:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-14 00:29 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-14 00:29 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-02-14 00:29 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-02-14 00:29 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-14 00:29 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-14 00:29 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-14 00:29 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-02-14 00:29 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-14 00:29 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-14 00:29 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-02-14 00:18 . 2008-02-14 00:21 <DIR> d-------- C:\totalcmd
2008-02-14 00:18 . 2008-02-14 00:20 465 --a------ C:\WINDOWS\wincmd.ini
2008-02-13 23:14 . 2008-02-13 23:14 177,152 --a------ C:\Program Files\utorrent-1.6.1.exe
2008-02-13 22:06 . 2008-02-13 22:06 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-13 22:06 . 2008-02-13 22:06 86,144 --a------ C:\WINDOWS\system32\drivers\acpiecc.sys
2008-02-13 00:32 . 2008-02-13 00:33 <DIR> d-------- C:\Program Files\Multi Password Recovery
2008-02-07 17:01 . 2008-02-12 19:18 <DIR> d-------- C:\My PageManager
2008-02-06 21:16 . 2008-02-13 22:34 <DIR> d-------- C:\Program Files\TotalCommander UP
2008-02-05 23:30 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-03 17:35 . 2008-02-03 17:35 2,321,152 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-01-26 17:34 . 2008-01-26 17:34 <DIR> d-------- C:\Program Files\DivX
2008-01-26 14:44 . 2008-01-26 14:44 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 14:43 . 2008-01-26 14:43 <DIR> d-------- C:\Program Files\Java
2008-01-26 14:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 14:42 . 2008-01-26 14:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 00:38 . 2004-06-12 01:48 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-01-26 00:38 . 2003-01-04 14:33 96,768 --a------ C:\WINDOWS\system32\Jpeg2000.dll
2008-01-26 00:38 . 1996-10-30 09:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2008-01-26 00:10 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-01-26 00:10 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll
2008-01-26 00:10 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll
2008-01-26 00:10 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll
2008-01-26 00:10 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll
2008-01-26 00:10 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll
2008-01-26 00:10 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll
2008-01-26 00:10 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll
2008-01-19 23:06 . 2003-04-01 17:19 38,604 --a------ C:\WINDOWS\system32\drivers\DVC.sys
2008-01-19 23:06 . 2003-04-01 17:19 2,171 --a------ C:\WINDOWS\system32\drivers\DVC.inf
2008-01-16 23:39 . 2008-02-06 22:46 <DIR> d-------- C:\Filmy
2008-01-14 15:08 . 2008-01-14 15:11 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-01-14 13:05 . 2008-01-14 13:06 <DIR> d-------- C:\knihy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 08:42 36 ----a-w C:\WINDOWS\system32\drivers\Ids_cfg.dat
2008-02-14 08:01 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-13 23:11 178,778 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k
2008-02-13 23:01 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-13 17:34 --------- d-----w C:\Program Files\Stardock
2008-02-13 17:34 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-13 17:27 --------- d-----w C:\Program Files\Ahead
2008-02-12 22:36 --------- d-----w C:\Program Files\ESET
2008-02-12 22:28 --------- d-----w C:\Program Files\QIP
2008-02-12 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 21:02 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-05-30 23:16 107 ---ha-w C:\Program Files\Desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"Kalendar"="C:\Program Files\Kalendar\kalendar.exe" [2005-11-09 20:12 580608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-29 04:30 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 12:27 7286784]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-12 14:07 987136]
"nwiz"="nwiz.exe" [2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe]
"D_V_T"="C:\\dvt.exe" [2007-11-07 17:49 3584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-07 17:45 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2005-07-11 23:26 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=UmxSbxExw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MMireczech^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
path=C:\Documents and Settings\MMireczech\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2005-11-02 19:33 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D_V_T]
--a------ 2007-11-07 17:49 3584 C:\\dvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 08:00 81920 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-01-30 17:23 1363968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 KmxNdis;KmxNdis;C:\WINDOWS\system32\DRIVERS\kmxndis.sys [2005-08-16 11:42]
R1 acpiecc;acpiecc;C:\WINDOWS\system32\drivers\acpiecc.sys [2008-02-13 22:06]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2005-07-11 18:39]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2005-07-11 23:20]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2005-08-16 11:42]
R1 KmxIds;KmxIds;C:\WINDOWS\system32\DRIVERS\kmxids.sys [2005-08-11 14:31]
R2 KmxBiG;KmxBiG;C:\WINDOWS\system32\DRIVERS\KmxBiG.sys [2005-07-11 23:21]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2005-08-23 22:50]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 UmxAgent;FW Event Manager;"C:\Program Files\Tiny Firewall Pro\UmxAgent.exe" [2005-08-22 09:51]
R2 UmxCfg;FW Configuration Interpreter;"C:\Program Files\Common Files\PFShared\UmxCfg.exe" [2005-07-12 16:57]
R2 UmxLU;FW Live Update;"C:\Program Files\Common Files\PFShared\umxlu.exe" [2005-07-12 12:24]
R2 UmxPol;FW Policy Manager;"C:\Program Files\Common Files\PFShared\UmxPol.exe" [2005-07-12 00:21]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 03:13]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 07:50]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2005-08-23 12:41]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 DVC;USB DVC Svc;C:\WINDOWS\system32\Drivers\DVC.sys [2003-04-01 17:19]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd7b109f-661e-11dc-ad2a-0018f3c6c54f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e19d5a8c-3487-11dc-acd6-0018f3c6c54f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:27:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 09:42:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-02-14 9:43:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 08:43:30

[Reklama]

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\iun6002.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D_V_T"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis

dále,odinstaluj kreklího noda a nainstaluj zadarmo Avasta nebo jinej av

smitfraud v logu nevidím-udělej zatím toto

[mmireczech]

Díky za rychlou odpověď. Posílám teda další logy. A NOD je taky pryč

ComboFix 08-02-14.1 - MMireczech 2008-02-14 15:51:21.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.628 [GMT 1:00]
Running from: C:\Documents and Settings\MMireczech\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\MMireczech\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\unvise32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\TUKernel.exe
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 15:37 . 2008-02-14 15:37 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-14 15:37 . 2008-02-14 15:54 36 --a------ C:\WINDOWS\system32\drivers\Ids_cfg.dat
2008-02-14 14:54 . 2008-02-14 14:54 <DIR> d-------- C:\Program Files\Astonsoft
2008-02-14 10:58 . 2008-02-14 10:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-14 10:19 . 2008-02-14 14:56 1,266 --a------ C:\WINDOWS\wincmd.ini
2008-02-14 00:18 . 2008-02-14 10:21 <DIR> d-------- C:\totalcmd
2008-02-13 23:14 . 2008-02-13 23:14 177,152 --a------ C:\Program Files\utorrent-1.6.1.exe
2008-02-13 22:06 . 2008-02-13 22:06 86,144 --a------ C:\WINDOWS\system32\drivers\acpiecc.sys
2008-02-13 00:32 . 2008-02-13 00:33 <DIR> d-------- C:\Program Files\Multi Password Recovery
2008-02-07 17:01 . 2008-02-12 19:18 <DIR> d-------- C:\My PageManager
2008-01-26 17:34 . 2008-01-26 17:34 <DIR> d-------- C:\Program Files\DivX
2008-01-26 14:44 . 2008-01-26 14:44 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 14:43 . 2008-01-26 14:43 <DIR> d-------- C:\Program Files\Java
2008-01-26 14:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 14:42 . 2008-01-26 14:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 00:38 . 2004-06-12 01:48 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-01-26 00:38 . 2003-01-04 14:33 96,768 --a------ C:\WINDOWS\system32\Jpeg2000.dll
2008-01-26 00:38 . 1996-10-30 09:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2008-01-26 00:10 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-01-26 00:10 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll
2008-01-26 00:10 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll
2008-01-26 00:10 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll
2008-01-26 00:10 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll
2008-01-26 00:10 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll
2008-01-26 00:10 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll
2008-01-26 00:10 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll
2008-01-19 23:06 . 2003-04-01 17:19 38,604 --a------ C:\WINDOWS\system32\drivers\DVC.sys
2008-01-19 23:06 . 2003-04-01 17:19 2,171 --a------ C:\WINDOWS\system32\drivers\DVC.inf
2008-01-16 23:39 . 2008-02-06 22:46 <DIR> d-------- C:\Filmy
2008-01-14 15:08 . 2008-01-14 15:11 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-01-14 13:05 . 2008-01-14 13:06 <DIR> d-------- C:\knihy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 14:53 181,082 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k
2008-02-14 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 17:34 --------- d-----w C:\Program Files\Stardock
2008-02-13 17:34 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-13 17:27 --------- d-----w C:\Program Files\Ahead
2008-02-12 22:36 --------- d-----w C:\Program Files\ESET
2008-02-12 22:28 --------- d-----w C:\Program Files\QIP
2007-12-18 21:02 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-05-30 23:16 107 ---ha-w C:\Program Files\Desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"Kalendar"="C:\Program Files\Kalendar\kalendar.exe" [2005-11-09 20:12 580608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-29 04:30 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 12:27 7286784]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-12 14:07 987136]
"nwiz"="nwiz.exe" [2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-07 17:45 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2005-07-11 23:26 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=UmxSbxExw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MMireczech^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
path=C:\Documents and Settings\MMireczech\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2005-11-02 19:33 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D_V_T]
--a------ 2007-11-07 17:49 3584 C:\\dvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 08:00 81920 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-01-30 17:23 1363968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 KmxNdis;KmxNdis;C:\WINDOWS\system32\DRIVERS\kmxndis.sys [2005-08-16 11:42]
R1 acpiecc;acpiecc;C:\WINDOWS\system32\drivers\acpiecc.sys [2008-02-13 22:06]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2005-07-11 18:39]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2005-07-11 23:20]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2005-08-16 11:42]
R1 KmxIds;KmxIds;C:\WINDOWS\system32\DRIVERS\kmxids.sys [2005-08-11 14:31]
R2 KmxBiG;KmxBiG;C:\WINDOWS\system32\DRIVERS\KmxBiG.sys [2005-07-11 23:21]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2005-08-23 22:50]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 UmxAgent;FW Event Manager;"C:\Program Files\Tiny Firewall Pro\UmxAgent.exe" [2005-08-22 09:51]
R2 UmxCfg;FW Configuration Interpreter;"C:\Program Files\Common Files\PFShared\UmxCfg.exe" [2005-07-12 16:57]
R2 UmxLU;FW Live Update;"C:\Program Files\Common Files\PFShared\umxlu.exe" [2005-07-12 12:24]
R2 UmxPol;FW Policy Manager;"C:\Program Files\Common Files\PFShared\UmxPol.exe" [2005-07-12 00:21]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 03:13]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 07:50]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2005-08-23 12:41]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 DVC;USB DVC Svc;C:\WINDOWS\system32\Drivers\DVC.sys [2003-04-01 17:19]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd7b109f-661e-11dc-ad2a-0018f3c6c54f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e19d5a8c-3487-11dc-acd6-0018f3c6c54f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:27:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 15:54:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-02-14 15:55:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 14:55:26
ComboFix2.txt 2008-02-14 08:43:40




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:07, on 14.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MMireczech\Plocha\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{9868BA45-F5E2-4FEB-9032-58894ED44E94}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe

--
End of file - 5109 bytes

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\acpiecc.sys

Folder::
C:\Program Files\Eset

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D_V_T]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd7b109f-661e-11dc-ad2a-0018f3c6c54f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e19d5a8c-3487-11dc-acd6-0018f3c6c54f}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+log z hijackthis+info o chování kompu

[mmireczech]

Tak posílám další logy. Komp se chová zatím bez problému a Spybot nenajde nic. Každopádně nevím jestli to je vše, ale moc moc díky. Jen se chci zeptat, podle toho co jsem viděl tak dělal bordel (s prominutím) ten crack a register D_V_T od Nodu?

ComboFix 08-02-14.1 - MMireczech 2008-02-14 17:22:48.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.650 [GMT 1:00]
Running from: C:\Documents and Settings\MMireczech\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\MMireczech\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\drivers\acpiecc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\acpiecc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Program Files\Eset
C:\Program Files\Eset\Install\advheur.nup
C:\Program Files\Eset\Install\archs.nup
C:\Program Files\Eset\Install\engine.nup
C:\Program Files\Eset\Install\charon.nup
C:\Program Files\Eset\Install\main.dll
C:\Program Files\Eset\Install\mfc42.dll
C:\Program Files\Eset\Install\mfc42u.dll
C:\Program Files\Eset\Install\msvcrt.dll
C:\Program Files\Eset\Install\ntbaseen.nup
C:\Program Files\Eset\Install\ntineten.nup
C:\Program Files\Eset\Install\ntstden.nup
C:\Program Files\Eset\Install\pwscan.nup
C:\Program Files\Eset\Install\readme.txt
C:\Program Files\Eset\Install\setup.exe
C:\Program Files\Eset\Install\setup.xml
C:\Program Files\Eset\Install\utilmod.nup
C:\Program Files\Eset\nod32.007
C:\WINDOWS\system32\drivers\acpiecc.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 16:20 . 2008-02-14 16:20 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-14 16:20 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-14 16:20 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-14 16:20 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-14 16:20 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-14 16:20 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-14 16:20 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-14 16:20 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-14 16:20 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-14 15:37 . 2008-02-14 17:25 36 --a------ C:\WINDOWS\system32\drivers\Ids_cfg.dat
2008-02-14 14:54 . 2008-02-14 14:54 <DIR> d-------- C:\Program Files\Astonsoft
2008-02-14 10:58 . 2008-02-14 10:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-14 10:19 . 2008-02-14 14:56 1,266 --a------ C:\WINDOWS\wincmd.ini
2008-02-14 00:18 . 2008-02-14 10:21 <DIR> d-------- C:\totalcmd
2008-02-13 23:14 . 2008-02-13 23:14 177,152 --a------ C:\Program Files\utorrent-1.6.1.exe
2008-02-13 00:32 . 2008-02-13 00:33 <DIR> d-------- C:\Program Files\Multi Password Recovery
2008-02-07 17:01 . 2008-02-12 19:18 <DIR> d-------- C:\My PageManager
2008-01-26 17:34 . 2008-01-26 17:34 <DIR> d-------- C:\Program Files\DivX
2008-01-26 14:44 . 2008-01-26 14:44 <DIR> d-------- C:\WINDOWS\Sun
2008-01-26 14:43 . 2008-01-26 14:43 <DIR> d-------- C:\Program Files\Java
2008-01-26 14:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 14:42 . 2008-01-26 14:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 00:38 . 2004-06-12 01:48 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-01-26 00:38 . 2003-01-04 14:33 96,768 --a------ C:\WINDOWS\system32\Jpeg2000.dll
2008-01-26 00:38 . 1996-10-30 09:35 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2008-01-26 00:10 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-01-26 00:10 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll
2008-01-26 00:10 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll
2008-01-26 00:10 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll
2008-01-26 00:10 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll
2008-01-26 00:10 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll
2008-01-26 00:10 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll
2008-01-26 00:10 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll
2008-01-19 23:06 . 2003-04-01 17:19 38,604 --a------ C:\WINDOWS\system32\drivers\DVC.sys
2008-01-19 23:06 . 2003-04-01 17:19 2,171 --a------ C:\WINDOWS\system32\drivers\DVC.inf
2008-01-16 23:39 . 2008-02-06 22:46 <DIR> d-------- C:\Filmy
2008-01-14 15:08 . 2008-01-14 15:11 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-01-14 13:05 . 2008-01-14 13:06 <DIR> d-------- C:\knihy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 16:24 181,762 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k
2008-02-14 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 17:34 --------- d-----w C:\Program Files\Stardock
2008-02-13 17:34 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-13 17:27 --------- d-----w C:\Program Files\Ahead
2008-02-12 22:28 --------- d-----w C:\Program Files\QIP
2007-12-18 21:02 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-05-30 23:16 107 ---ha-w C:\Program Files\Desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"Kalendar"="C:\Program Files\Kalendar\kalendar.exe" [2005-11-09 20:12 580608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-29 04:30 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 12:27 7286784]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-12 14:07 987136]
"nwiz"="nwiz.exe" [2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2005-07-11 23:26 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=UmxSbxExw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MMireczech^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
path=C:\Documents and Settings\MMireczech\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2005-11-02 19:33 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-23 12:27 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 08:00 81920 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-01-30 17:23 1363968 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 KmxNdis;KmxNdis;C:\WINDOWS\system32\DRIVERS\kmxndis.sys [2005-08-16 11:42]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2005-07-11 18:39]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2005-07-11 23:20]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2005-08-16 11:42]
R1 KmxIds;KmxIds;C:\WINDOWS\system32\DRIVERS\kmxids.sys [2005-08-11 14:31]
R2 KmxBiG;KmxBiG;C:\WINDOWS\system32\DRIVERS\KmxBiG.sys [2005-07-11 23:21]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2005-08-23 22:50]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 UmxAgent;FW Event Manager;"C:\Program Files\Tiny Firewall Pro\UmxAgent.exe" [2005-08-22 09:51]
R2 UmxCfg;FW Configuration Interpreter;"C:\Program Files\Common Files\PFShared\UmxCfg.exe" [2005-07-12 16:57]
R2 UmxLU;FW Live Update;"C:\Program Files\Common Files\PFShared\umxlu.exe" [2005-07-12 12:24]
R2 UmxPol;FW Policy Manager;"C:\Program Files\Common Files\PFShared\UmxPol.exe" [2005-07-12 00:21]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 03:13]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 07:50]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2005-08-23 12:41]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
S1 acpiecc;acpiecc;C:\WINDOWS\system32\drivers\acpiecc.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 DVC;USB DVC Svc;C:\WINDOWS\system32\Drivers\DVC.sys [2003-04-01 17:19]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:27:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 17:26:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-02-14 17:27:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 16:27:12
ComboFix2.txt 2008-02-14 14:55:42
ComboFix3.txt 2008-02-14 08:43:40







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:13, on 14.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MMireczech\Plocha\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{9868BA45-F5E2-4FEB-9032-58894ED44E94}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe

--
End of file - 5767 bytes

[Baron Prášil]

to už se nikdo nedový,ty můj kvítku medový ale krekem instalneš šmejda a Prášil s Tebou

logy sou v pohodě.zapni rezidentní štít SpyTerminatora.

vyčisti systém CCleanerem a RegCleanerem
a ttímto-stahni-spust T-Cleaner smaže vše po Combu,SDFixu,Avengeru atd.

[mmireczech]

Oká tak nech tajemství tajemstvím a kdybych chtěl něco okolo motorek tak se ozvi:-)). Tam mi přece jen je trochu líp než tady v tom PC chaosu:-))))). Každopádně díky díky dám si na tebe kalich té domácí slivovičky

[Baron Prášil]

až budeš chtít něco kolem motorek-určitě se ozvu třeba nějakej orgán
tajemství to není.já to nevím
neni zač a dám si na tebe dvojku červenýho