Kontrola logu (warezov.bui)

migrid · Příspěvek od **migrid** » ned 9. pro 2007, 10:45

Ahoj,
nemohli byste mi prosím zkotrolovat log? Warezov by měl být smazaný už nějakou dobu, ale počítač jede strašně pomalu, i když nemám přehlcenou paměť.
Díky moc, hezký den
migrid

rary · Příspěvek od **rary** » ned 9. pro 2007, 11:53

Aplikuj ComboFix:
Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.

migrid · Příspěvek od **migrid** » ned 9. pro 2007, 12:07

migrid · Příspěvek od **migrid** » ned 9. pro 2007, 12:51

Dopadlo to dobře, posílám výpis z ComboFixu

ComboFix 07-12-09.1 - admin 2007-12-09 12:27:01.1 - FAT32x86
Running from: C:\Documents and Settings\admin\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\T.EXE

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-11-22 08:18 . 2007-08-20 11:02 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:18 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:18 . 2007-03-08 06:09 1,024,000 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:18 . 2007-08-20 11:02 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:18 . 2007-08-20 11:02 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:18 . 2007-08-20 11:02 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:18 . 2007-08-20 11:02 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:18 . 2007-08-20 11:02 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:18 . 2007-08-17 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-22 08:14 . 2007-11-22 08:14 <DIR> d-------- C:\WINDOWS\system32\cs-cz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 21:32 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-08 21:32 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-20 15:03 7,937,804 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-08 18:58 --------- d-----w C:\Program Files\Java
2007-11-08 18:58 --------- d-----w C:\Program Files\Common Files\Java
2007-10-27 17:08 --------- d-----w C:\Documents and Settings\admin\Data aplikací\BitTorrent
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-09-01 15:08 16,321,537 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_01_15_46_01_full.dmp.zip
2007-09-01 15:08 16,165,422 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_01_15_47_27_full.dmp.zip
2007-09-01 15:08 114,970 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_01_15_58_40_small.dmp.zip
2007-09-01 15:08 113,532 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_01_16_01_17_small.dmp.zip
2007-09-01 15:07 113,561 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_01_15_43_31_small.dmp.zip
2006-12-29 08:19 113,877 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_28_19_34_31_small.dmp.zip
2005-06-10 13:51 396,288 ----a-w C:\Documents and Settings\admin\ppk.exe
2003-02-19 14:06 168 ----a-w C:\Program Files\score.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}]
C:\Program Files\Go!Zilla\GoIEHlp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{724AF22E-B573-4B35-895D-D54264292776}"= C:\PROGRA~1\Tiscali\TiscaliB.dll [2002-07-04 09:58 303104]

[HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724AF22E-B573-4B35-895D-D54264292776}"= C:\PROGRA~1\Tiscali\TiscaliB.dll [2002-07-04 09:58 303104]

[HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49]
"WinFixer2006"="C:\Program Files\WinFixer_2006\uwfx6.exe" []
"WinFixer"="C:\Program Files\WinFixer_2006\uwfx6.exe" []
"W_MRPPRN"="C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe" [2005-03-18 15:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 00:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-09-27 15:38 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 12:44 C:\WINDOWS\AGRSMMSG.exe]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 02:50]
"windows auto update"="" []
"ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [2007-12-04 13:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-04 17:56]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49]

C:\Documents and Settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odtemdt2]
C:\WINDOWS\system32\odtemdt2.dll

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 12:35:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 12:37:58
.
--- E O F ---

migrid · Příspěvek od **migrid** » ned 9. pro 2007, 14:37

Toto mi vyjelo z analýzy pomocí HijackThis:

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min (Musí být opraven! WinFixer web installer. Winfixer is)

O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer_2006\uwfx6.exe /min (Fuzzy Algorithmcheck (1.25 / 5.00), Nasty)

O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll (file missing) (Nepotrebný (deaktivován) vstup, který muže být opravent.)

O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll (file missing) (Musí být opraven!
Nepotrebný (deaktivován) vstup, který muže být opravent. Goiehlp.dll GoZilla)

Jak to opravit? Díky moc předem.

BUBINO · Příspěvek od **BUBINO** » pon 10. pro 2007, 22:03

Zdravim vas !

Stiahnite si avenger :
http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracujte sa ku tomu okne a do neho vlozte cele toto dole :

Files to delete:
C:\WINDOWS\system32\drivers\fidbox.idx
C:\WINDOWS\system32\drivers\fidbox.dat
C:\Program Files\WinFixer_2006\uwfx6.exe
C:\Program Files\WinFixer_2006\uwfx6.exe
C:\WINDOWS\system32\odtemdt2.dll
C:\Documents and Settings\admin\ppk.exe

Folders to delete:
C:\Program Files\WinFixer_2006

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odtemdt2
HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}
HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}

Registry values to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | WinFixer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | W_MRPPRN

DONE --> SEMAFOR --> OK
Po restarte vam nabehne log (c:\avenger.txt) Ten skopirujte sem .

Zmazte cely obsach
C:\WINDOWS\Internet Logs\

Toto otestuje na virustotal.com :
C:\Program Files\score.dat

Potom tu vlozte novy log z COMBOFIX a HIJACKTHIS.

migrid · Příspěvek od **migrid** » stř 19. pro 2007, 11:29

Avenger hlásil chybu, nešly smazat některé soubory a vůbec příkaz provést, tak jsem je z ,,files to delete" vyloučila. Tady je log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tbinigmy

*******************

Script file located at: \??\C:\Documents and Settings\jinvwnga.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\fidbox.idx deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.

Could not open file C:\Program Files\WinFixer_2006\uwfx6.exe for deletion
Deletion of file C:\Program Files\WinFixer_2006\uwfx6.exe failed!

Could not process line:
C:\Program Files\WinFixer_2006\uwfx6.exe
Status: 0xc000003a

Could not open file C:\Program Files\WinFixer_2006\uwfx6.exe for deletion
Deletion of file C:\Program Files\WinFixer_2006\uwfx6.exe failed!

Could not process line:
C:\Program Files\WinFixer_2006\uwfx6.exe
Status: 0xc000003a

File C:\WINDOWS\system32\odtemdt2.dll not found!
Deletion of file C:\WINDOWS\system32\odtemdt2.dll failed!

Could not process line:
C:\WINDOWS\system32\odtemdt2.dll
Status: 0xc0000034

File C:\Documents and Settings\admin\ppk.exe deleted successfully.

Folder C:\Program Files\WinFixer_2006 not found!
Deletion of folder C:\Program Files\WinFixer_2006 failed!

Could not process line:
C:\Program Files\WinFixer_2006
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odtemdt2 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Obsah C:\WINDOWS\Internet Logs\ se nepodařil smazat celý, z 300 souborů zbylo 8 nesmazaných (PC1.ldb, BACKUP.RDB, IAMDB.RDB, ZALog2007.12.18, fwdbglog.txt, fwpktlog.txt, tvDebug.txt)

C:\Program Files\score.dat otestováno na virustotal.com, výsledek: 0/33.

Výsledek z HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:28, on 19.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\HijackThis. HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll (file missing)
O3 - Toolbar: &Tiscali - {724AF22E-B573-4B35-895D-D54264292776} - C:\PROGRA~1\Tiscali\TiscaliB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer_2006\uwfx6.exe /min
O4 - HKCU\..\Run: [W_MRPPRN] C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Hledat v českém Internetu - res://C:\Program Files\Tiscali\TiscaliB.dll//scz
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Hledat v mapě &Prahy - res://C:\Program Files\Tiscali\TiscaliB.dll//mpr
O8 - Extra context menu item: Hledat v mapě Č&R - res://C:\Program Files\Tiscali\TiscaliB.dll//mcr
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Tiscali\TiscaliB.dll//swr
O8 - Extra context menu item: Přeložit z &angličtiny - res://C:\Program Files\Tiscali\TiscaliB.dll//ten
O8 - Extra context menu item: Přeložit z &němčiny - res://C:\Program Files\Tiscali\TiscaliB.dll//tde
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4736990692
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Výsledek z Combofix:

ComboFix 07-12-19.2 - admin 2007-12-19 10:58:38.2 - FAT32x86
Running from: C:\Documents and Settings\admin\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-19 09:58 . 2007-12-19 09:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 09:58 . 2007-12-19 09:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-22 08:18 . 2007-10-11 00:50 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:18 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:18 . 2007-03-08 06:09 1,024,000 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:18 . 2007-10-11 00:50 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:18 . 2007-10-11 00:50 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:18 . 2007-10-11 00:50 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:18 . 2007-10-11 00:50 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:18 . 2007-10-11 00:50 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:18 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-22 08:14 . 2007-11-22 08:14 <DIR> d-------- C:\WINDOWS\system32\cs-cz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 08:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-19 08:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 18:58 --------- d-----w C:\Program Files\Java
2007-11-08 18:58 --------- d-----w C:\Program Files\Common Files\Java
2007-10-30 23:27 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:08 --------- d-----w C:\Documents and Settings\admin\Data aplikací\BitTorrent
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:50 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 10:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2003-02-19 14:06 168 ----a-w C:\Program Files\score.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-09_12.36.15,07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-08-20 10:02:04 124,928 ------w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:02:04 214,528 ------w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:02:04 132,608 ------w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:02:04 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:19:12 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:02:04 153,088 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:02:04 230,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:26 161,792 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:02:04 383,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:02:04 384,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:02:04 6,058,496 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:02:04 44,544 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:02:04 267,776 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:19:26 625,152 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:02:04 27,648 ------w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:02:04 459,264 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:02:04 52,224 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 14:32:06 3,584,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:02:06 477,696 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:02:06 193,024 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:02:06 671,232 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:02:06 102,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:07:42 215,776 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:08:50 379,616 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:02:06 105,984 ------w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:02:06 1,152,000 ------w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:02:06 232,960 ------w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:02:06 824,832 ------w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2007-08-20 10:02:04 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:50:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-20 10:02:04 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:50:42 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-20 10:02:04 132,608 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:50:42 132,608 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 10:02:04 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:50:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:19:12 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:58:22 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:02:04 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:50:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:02:04 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:50:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:26 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:56 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:02:04 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:50:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:02:04 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:50:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:02:04 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:50:42 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:02:04 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:50:42 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:02:04 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:50:42 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-20 10:02:04 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:50:42 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-20 10:02:04 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:50:42 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:02:04 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:50:42 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 14:32:06 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:27:02 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:02:06 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:50:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 10:02:06 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:50:44 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:02:06 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:50:44 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-08-20 10:02:06 102,400 ------w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:50:44 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-07-22 17:39:28 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:52 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 13:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:02:06 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:50:44 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:02:06 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:50:44 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-20 10:02:06 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:50:44 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 10:02:06 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:50:44 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-19 08:54:30 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}]
C:\Program Files\Go!Zilla\GoIEHlp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724AF22E-B573-4B35-895D-D54264292776}

[HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724AF22E-B573-4B35-895D-D54264292776}"= C:\PROGRA~1\Tiscali\TiscaliB.dll [2002-07-04 09:58 303104]

[HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49]
"WinFixer2006"="C:\Program Files\WinFixer_2006\uwfx6.exe" []
"WinFixer"="C:\Program Files\WinFixer_2006\uwfx6.exe" []
"W_MRPPRN"="C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe" [2005-03-18 15:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 00:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-09-27 15:38 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 12:44 C:\WINDOWS\AGRSMMSG.exe]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 02:50]
"windows auto update"="" []
"ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [2007-12-04 13:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-04 17:56]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49]

C:\Documents and Settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 11:06:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 11:11:13
C:\ComboFix2.txt ... 2007-12-09 12:38
.
2007-12-16 23:25:16 --- E O F ---

BUBINO · Příspěvek od **BUBINO** » stř 19. pro 2007, 14:59

Toto v programe hijackthis pofixujte :
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... ://www.yah oo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll (file missing)
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer_2006\uwfx6.exe /min
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

Do poznamkovweho bloku skopirujte toto :

File::
C:\Program Files\WinFixer_2006\uwfx6.exe
C:\WINDOWS\system32\odtemdt2.dll

Folder::
C:\Program Files\WinFixer_2006

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{724af22e-b573-4b35-895d-d54264292776}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFixer2006"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFixer"=-

Ulozte na plochu ako CFScript.txt . chytte mysou , presunte nad ikonu combofixu a program sa spusti , ako na obrazku dole.Tym zacne skenovanie .Po nom log , ktory vam nabehne vlozte sem .

Obrázek

Urobte aj novy log z HijackThis.

migrid · Příspěvek od **migrid** » stř 19. pro 2007, 16:21

Dobrý den, děkuju moc. Bohužel log z Combofixu jsem omylem smazala a než mě napadlo, kde ho najít, tak jsem ho nechala udělat znovu. Snad to nevadí. Počítač je pořád pomalý, spouští se možná o něco rychlej, ale trvá to kolem deseti minut.

ComboFix 07-12-19.2 - admin 2007-12-19 15:39:09.4 - FAT32x86
Running from: C:\Documents and Settings\admin\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-19 09:58 . 2007-12-19 14:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 09:58 . 2007-12-19 09:58 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-22 08:18 . 2007-10-11 00:50 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-22 08:18 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-22 08:18 . 2007-03-08 06:09 1,024,000 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-22 08:18 . 2007-10-11 00:50 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-22 08:18 . 2007-10-11 00:50 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-22 08:18 . 2007-10-11 00:50 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-22 08:18 . 2007-10-11 00:50 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-22 08:18 . 2007-10-11 00:50 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 08:18 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-22 08:14 . 2007-11-22 08:14 <DIR> d-------- C:\WINDOWS\system32\cs-cz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 12:51 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-19 12:51 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 18:58 --------- d-----w C:\Program Files\Java
2007-11-08 18:58 --------- d-----w C:\Program Files\Common Files\Java
2007-10-30 23:27 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:08 --------- d-----w C:\Documents and Settings\admin\Data aplikací\BitTorrent
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:50 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 10:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2003-02-19 14:06 168 ----a-w C:\Program Files\score.dat
.

((((((((((((((((((((((((((((( snapshot_2007-12-19_11.09.18,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-19 13:40:54 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_414.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49]
"W_MRPPRN"="C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe" [2005-03-18 15:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 00:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-09-27 15:38 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 12:44 C:\WINDOWS\AGRSMMSG.exe]
"windows auto update"="" []
"ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [2007-12-04 13:59]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 00:49]

C:\Documents and Settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 15:50:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 15:54:38
C:\ComboFix3.txt ... 2007-12-19 11:11
C:\ComboFix2.txt ... 2007-12-19 15:34
.
2007-12-16 23:25:16 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 16:20:45, on 19.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis. HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [W_MRPPRN] C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Hledat v českém Internetu - res://C:\Program Files\Tiscali\TiscaliB.dll//scz
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Hledat v mapě &Prahy - res://C:\Program Files\Tiscali\TiscaliB.dll//mpr
O8 - Extra context menu item: Hledat v mapě Č&R - res://C:\Program Files\Tiscali\TiscaliB.dll//mcr
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Tiscali\TiscaliB.dll//swr
O8 - Extra context menu item: Přeložit z &angličtiny - res://C:\Program Files\Tiscali\TiscaliB.dll//ten
O8 - Extra context menu item: Přeložit z &němčiny - res://C:\Program Files\Tiscali\TiscaliB.dll//tde
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4736990692
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

BUBINO · Příspěvek od **BUBINO** » stř 19. pro 2007, 20:20

V HJT fixnite :
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Stiahnite si avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Dopracujte sa ku tomu okne a do neho napiste toto:

Files to delete:
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\drivers\fidbox.idx
C:\WINDOWS\system32\drivers\fidbox.dat

DONE --> SEMAFOR --> OK
Po restarte sem dajte log , ktory vam naskoci z avengera (c:\avenger.txt)

Toto otestujte na virustotal.com :
C:\Program Files\score.dat

Použite ccleaner:
http://www.viry.cz/forum/viewtopic.php?t=7478

Ak budete mat stale problemy so spomalenim , tak pocitac preskenujte s mwavom: http://www.viry.cz/forum/viewtopic.php?t=4097

Predpokladam , ze tento tiskovy manazer poznate a ze ho pouzivate:
C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe

migrid · Příspěvek od **migrid** » stř 19. pro 2007, 22:47

Po ccleaneru už to jede o hodně rychlej, snad to chvíli vydrží. Děkuju moc:)

C:\Program Files\score.dat otestován na virustotal - Results:0/32

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hhgrhnia

*******************

Script file located at: \??\C:\Documents and Settings\eydalhdy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\QTFont.qfn deleted successfully.
File C:\WINDOWS\QTFont.for deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.idx deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

migrid · Příspěvek od **migrid** » stř 19. pro 2007, 22:54

Tiskový manažer znám:)
Ještě bych se chtěla zeptat, jestli se logy tady zveřejněné nedají snadno zneužít.

Ještě jednou děkuju a přeju pěkné svátky

BUBINO · Příspěvek od **BUBINO** » čtv 20. pro 2007, 10:37

Tak to ma tesi

Logy , ktore su tu , sa nedaju ako zneuzit. Denne ich aplikuje a posle na analyzu stovka ludi.

Aj ja vam prajem pekne sviatky !