problém s nabíháním XP

[Damned]

Odinstaluj si:

Daemon Tools Toolbar
Ask Bar Dis (ten je pravděpodobně ve složce se ST)

Spusť si HJT a fixni(zatrhnout čtvereček před hodnotou a zmáčknout "Fix checked"):

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

Máš spuštěno:
Ad-Aware
Spyware Doctor
Spyware Terminátor

To je doopravdy zbytečné. Vyber si jeden a zbytek odinstaluj, nebo jim zakaž spouštění automaticky.

Předpokládám, že si restartoval.

Vypni rezidentní štít antiviru i antispyware.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[kanurek]

V jednom bodu 03 je teď namísto Deamontoolsu něco jiného protože jsem se snažil všechno vypnout ale stejně semi to nepodařilo a běžel Spybot. SNad to nevadí?

ComboFix 09-05-31.06 - TATA 02.06.2009 12:54.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3162 [GMT 2:00]
Spuštěný z: c:\documents and settings\TATA\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TATA\bootsect.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-02 do 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-05-31 20:07 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 20:07 . 2009-05-31 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-31 20:07 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 19:45 . 2009-05-31 19:45 -------- d---a-w- c:\windows\zts2.exe
2009-05-31 19:45 . 2009-05-31 19:45 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2009-05-31 19:45 . 2009-05-31 19:45 -------- d---a-w- c:\windows\rundl132.dll
2009-05-31 18:25 . 2009-05-31 18:25 -------- d---a-w- c:\windows\system32\runouce.exe
2009-05-31 18:20 . 2009-05-31 18:20 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-31 18:20 . 2009-05-31 18:20 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-31 18:20 . 2009-05-31 18:20 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-05-31 18:20 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-31 18:20 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-31 14:47 . 2006-09-29 09:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-31 14:47 . 2006-09-29 09:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-31 14:47 . 2006-09-29 09:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-31 14:47 . 2009-05-31 14:47 -------- d-----w- c:\program files\VSO
2009-05-30 18:13 . 2009-05-30 18:13 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-05-30 18:07 . 2009-05-30 18:07 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-30 18:07 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-30 18:07 . 2009-05-30 18:07 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-30 18:07 . 2009-05-30 18:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-29 22:57 . 2009-05-29 23:12 -------- d-----w- c:\program files\Anonymous Browsing
2009-05-29 22:48 . 2009-05-29 23:13 -------- d-----w- c:\program files\Invisible Browsing
2009-05-25 20:55 . 2009-05-29 22:17 -------- d-----w- C:\HAWX
2009-05-21 20:27 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-21 20:27 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-21 20:27 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-21 20:27 . 2009-05-21 20:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-21 20:27 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-21 20:27 . 2009-05-21 20:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-20 09:50 . 2009-05-20 09:50 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 10:39 . 2008-10-04 08:56 -------- d-----w- c:\program files\Spyware Terminator
2009-06-02 10:33 . 2009-04-29 06:10 -------- d-----w- c:\program files\Glary Utilities
2009-06-02 10:29 . 2008-10-04 17:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-02 10:18 . 2008-10-23 11:36 -------- d-----w- c:\program files\Spamihilator
2009-06-02 05:29 . 2008-10-25 07:15 -------- d-----w- c:\program files\WinClamAVShield
2009-06-01 12:45 . 2008-10-24 14:41 -------- d-----w- c:\program files\Spyware Doctor
2009-05-31 21:13 . 2008-12-30 18:39 -------- d-----w- c:\program files\PPSOFT.DK
2009-05-31 19:04 . 2008-10-23 22:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-31 14:47 . 2008-10-04 12:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-30 18:02 . 2008-10-03 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-30 15:17 . 2008-10-04 10:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 20:23 . 2008-10-04 11:43 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-29 20:23 . 2008-10-04 11:43 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-28 08:03 . 2008-10-06 14:14 680 ----a-w- c:\windows\AUTOLNCH.REG
2009-05-25 20:56 . 2008-10-03 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 10:00 . 2009-02-14 07:46 -------- d-----w- c:\program files\Ashampoo
2009-05-14 14:19 . 2009-03-11 17:48 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-14 14:19 . 2009-03-11 17:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-29 09:06 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-04-29 09:06 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-04-29 06:10 . 2009-04-29 06:10 -------- d-----w- c:\program files\AskSearch
2009-04-28 20:42 . 2008-11-24 16:17 -------- d-----w- c:\program files\Avidemux 2.4
2009-04-28 07:36 . 2008-10-03 19:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:36 . 2008-10-03 19:21 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-27 07:19 . 2009-04-27 07:19 -------- d-----w- c:\program files\PowerISO
2009-04-17 05:54 . 2009-03-21 12:09 -------- d-----w- c:\program files\Common Files\eSellerate
2009-03-16 16:23 . 2009-04-20 18:00 200192 ----a-w- C:\bd_rem_tool_gui.exe
2009-03-16 15:27 . 2009-04-20 18:00 137216 ----a-w- C:\bd_rem_tool_console.exe
2009-03-16 12:18 . 2009-04-29 21:54 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-29 21:54 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-09 13:27 . 2009-04-29 21:54 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 04:19 . 2008-11-26 11:10 410984 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-04 1783808]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-5-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-4 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-4 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-21 06:12 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\COD2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\winbox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\kav\\kav8.0\\english\\setup.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\HAWX\\HAWX.exe"=
"c:\\HAWX\\HAWX_dx10.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6.10.2008 20:59 40464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.5.2009 22:27 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 14:07 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 14:07 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.10.2008 10:56 141312]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [9.12.2008 23:57 14976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30.5.2009 20:07 603904]
S3 Asushwio;Asushwio;\??\c:\windows\system32\drivers\Asushwio.sys --> c:\windows\system32\drivers\Asushwio.sys [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 14:07 7408]
S3 scsiscan;Ovladač skeneru SCSI;c:\windows\system32\drivers\scsiscan.sys [6.10.2008 16:09 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24.10.2008 16:41 348752]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-06-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-29 07:38]

2009-05-31 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-04 12:15]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: imon.dll
TCP: {1F31D217-2FDD-43B9-ABBD-A01095B9E152} = 193.86.244.3,193.86.244.4
FF - ProfilePath - c:\documents and settings\TATA\Data aplikací\Mozilla\Firefox\Profiles\bx9mvrtk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 12:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\docume~1\TATA\LOCALS~1\Temp\RGI3.tmp 7102 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-06-02 13:00
ComboFix-quarantined-files.txt 2009-06-02 10:59

Před spuštěním: 9 038 135 296
Po spuštění: 9 416 048 640

227

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\Asushwio.sys
c:\docume~1\TATA\LOCALS~1\Temp\RGI3.tmp 7102 bytes

Folder::
c:\windows\zts2.exe
c:\windows\system32\iifgfgf.dll
c:\windows\rundl132.dll
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe
c:\program files\DAEMON Tools Toolbar
c:\program files\AskSearch

DirLook::
c:\windows\system32\NtmsData

Driver::
Asushwio

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[kanurek]

ComboFix 09-05-31.06 - TATA 02.06.2009 18:21.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3041 [GMT 2:00]
Spuštěný z: c:\documents and settings\TATA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TATA\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\docume~1\TATA\LOCALS~1\Temp\RGI3.tmp 7102 bytes"
"c:\windows\system32\drivers\Asushwio.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\windows\rundl132.dll
c:\windows\system32\iifgfgf.dll
c:\windows\system32\runouce.exe
c:\windows\zts2.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASUSHWIO
-------\Service_Asushwio


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-02 do 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-05-31 20:07 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 20:07 . 2009-05-31 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-31 20:07 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 18:20 . 2009-05-31 18:20 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-31 18:20 . 2009-05-31 18:20 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-31 18:20 . 2009-05-31 18:20 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-05-31 18:20 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-31 18:20 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-31 14:47 . 2006-09-29 09:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-31 14:47 . 2006-09-29 09:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-31 14:47 . 2006-09-29 09:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-31 14:47 . 2009-05-31 14:47 -------- d-----w- c:\program files\VSO
2009-05-30 18:13 . 2009-05-30 18:13 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-05-30 18:07 . 2009-05-30 18:07 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-30 18:07 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-30 18:07 . 2009-05-30 18:07 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-30 18:07 . 2009-05-30 18:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-29 22:57 . 2009-05-29 23:12 -------- d-----w- c:\program files\Anonymous Browsing
2009-05-29 22:48 . 2009-05-29 23:13 -------- d-----w- c:\program files\Invisible Browsing
2009-05-25 20:55 . 2009-05-29 22:17 -------- d-----w- C:\HAWX
2009-05-21 20:27 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-21 20:27 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-21 20:27 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-21 20:27 . 2009-05-21 20:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-21 20:27 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-21 20:27 . 2009-05-21 20:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-20 09:50 . 2009-05-20 09:50 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 16:06 . 2008-10-23 11:36 -------- d-----w- c:\program files\Spamihilator
2009-06-02 10:39 . 2008-10-04 08:56 -------- d-----w- c:\program files\Spyware Terminator
2009-06-02 10:33 . 2009-04-29 06:10 -------- d-----w- c:\program files\Glary Utilities
2009-06-02 05:29 . 2008-10-25 07:15 -------- d-----w- c:\program files\WinClamAVShield
2009-06-01 12:45 . 2008-10-24 14:41 -------- d-----w- c:\program files\Spyware Doctor
2009-05-31 21:13 . 2008-12-30 18:39 -------- d-----w- c:\program files\PPSOFT.DK
2009-05-31 19:04 . 2008-10-23 22:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-31 14:47 . 2008-10-04 12:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-30 18:02 . 2008-10-03 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-30 15:17 . 2008-10-04 10:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 20:23 . 2008-10-04 11:43 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-29 20:23 . 2008-10-04 11:43 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-28 08:03 . 2008-10-06 14:14 680 ----a-w- c:\windows\AUTOLNCH.REG
2009-05-25 20:56 . 2008-10-03 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 10:00 . 2009-02-14 07:46 -------- d-----w- c:\program files\Ashampoo
2009-05-14 14:19 . 2009-03-11 17:48 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-14 14:19 . 2009-03-11 17:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-29 09:06 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-04-29 09:06 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-04-28 20:42 . 2008-11-24 16:17 -------- d-----w- c:\program files\Avidemux 2.4
2009-04-28 07:36 . 2008-10-03 19:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:36 . 2008-10-03 19:21 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-27 07:19 . 2009-04-27 07:19 -------- d-----w- c:\program files\PowerISO
2009-04-17 05:54 . 2009-03-21 12:09 -------- d-----w- c:\program files\Common Files\eSellerate
2009-03-16 16:23 . 2009-04-20 18:00 200192 ----a-w- C:\bd_rem_tool_gui.exe
2009-03-16 15:27 . 2009-04-20 18:00 137216 ----a-w- C:\bd_rem_tool_console.exe
2009-03-16 12:18 . 2009-04-29 21:54 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-29 21:54 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-09 13:27 . 2009-04-29 21:54 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 04:19 . 2008-11-26 11:10 410984 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\NtmsData ----

2009-05-20 09:50 . 2009-05-20 09:50 816 ----a-w- c:\windows\system32\NtmsData\NTMSREG
2009-05-20 09:50 . 2009-05-20 09:51 99896 ----a-w- c:\windows\system32\NtmsData\NTMSIDX
2009-05-20 09:50 . 2009-05-20 09:51 143360 ----a-w- c:\windows\system32\NtmsData\NTMSDATA
2009-05-20 09:50 . 2009-05-20 09:51 143360 ----a-w- c:\windows\system32\NtmsData\NTMSDATA.BAK


((((((((((((((((((((((((((((( SnapShot@2009-06-02_10.59.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-02 16:27 . 2009-06-02 16:27 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-04 1783808]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-5-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-4 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-4 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-21 06:12 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\COD2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\winbox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\kav\\kav8.0\\english\\setup.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\HAWX\\HAWX.exe"=
"c:\\HAWX\\HAWX_dx10.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6.10.2008 20:59 40464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.5.2009 22:27 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 14:07 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 14:07 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.10.2008 10:56 141312]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [9.12.2008 23:57 14976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30.5.2009 20:07 603904]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 14:07 7408]
S3 scsiscan;Ovladač skeneru SCSI;c:\windows\system32\drivers\scsiscan.sys [6.10.2008 16:09 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24.10.2008 16:41 348752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-06-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-29 07:38]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: imon.dll
TCP: {1F31D217-2FDD-43B9-ABBD-A01095B9E152} = 193.86.244.3,193.86.244.4
FF - ProfilePath - c:\documents and settings\TATA\Data aplikací\Mozilla\Firefox\Profiles\bx9mvrtk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 18:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(556)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Celkový čas: 2009-06-02 18:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-02 16:28
ComboFix2.txt 2009-06-02 11:00

Před spuštěním: 9 417 482 240
Po spuštění: 9 333 903 360

259

[kanurek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:27, on 2.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9037 bytes

[kanurek]

Teda nevím co se stalo ale už je to pryč ta tabulka otravná. mám jakousi představu o tom co se v těch registrech píše ale nijak bych nebyl schopen rozpoznat co to bylo. Co to bylo?

[Damned]

Máš tam ještě Clam AntiVirus? Odinstaluj ho, nebo smaž složku c:\program files\WinClamAVShield . To dělají všelijaký ty Toolbary (Daemon tools toolbar, ICQ6 toolbar, AskBArDis atd.)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
Potom sem dej znovu log z ComboFixu a z HJT.

[kanurek]

ComboFix 09-05-31.06 - TATA 02.06.2009 21:51.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3146 [GMT 2:00]
Spuštěný z: c:\documents and settings\TATA\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-02 do 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-05-31 20:07 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 20:07 . 2009-05-31 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-31 20:07 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 18:20 . 2009-05-31 18:20 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-31 18:20 . 2009-05-31 18:20 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-31 18:20 . 2009-05-31 18:20 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-05-31 18:20 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-31 18:20 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-31 14:47 . 2006-09-29 09:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-31 14:47 . 2006-09-29 09:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-31 14:47 . 2006-09-29 09:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-31 14:47 . 2009-05-31 14:47 -------- d-----w- c:\program files\VSO
2009-05-30 18:13 . 2009-05-30 18:13 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-05-30 18:07 . 2009-05-30 18:07 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-30 18:07 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-30 18:07 . 2009-05-30 18:07 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-30 18:07 . 2009-05-30 18:08 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-29 22:57 . 2009-05-29 23:12 -------- d-----w- c:\program files\Anonymous Browsing
2009-05-29 22:48 . 2009-05-29 23:13 -------- d-----w- c:\program files\Invisible Browsing
2009-05-25 20:55 . 2009-05-29 22:17 -------- d-----w- C:\HAWX
2009-05-21 20:27 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-21 20:27 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-21 20:27 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-21 20:27 . 2009-05-21 20:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-21 20:27 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-21 20:27 . 2009-05-21 20:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-05-20 09:50 . 2009-05-20 09:50 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 19:47 . 2008-10-23 11:36 -------- d-----w- c:\program files\Spamihilator
2009-06-02 18:42 . 2008-10-04 11:43 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-02 18:42 . 2008-10-04 11:43 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-02 10:39 . 2008-10-04 08:56 -------- d-----w- c:\program files\Spyware Terminator
2009-06-02 10:33 . 2009-04-29 06:10 -------- d-----w- c:\program files\Glary Utilities
2009-06-01 12:45 . 2008-10-24 14:41 -------- d-----w- c:\program files\Spyware Doctor
2009-05-31 21:13 . 2008-12-30 18:39 -------- d-----w- c:\program files\PPSOFT.DK
2009-05-31 19:04 . 2008-10-23 22:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-31 14:47 . 2008-10-04 12:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-30 18:02 . 2008-10-03 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-30 15:17 . 2008-10-04 10:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 08:03 . 2008-10-06 14:14 680 ----a-w- c:\windows\AUTOLNCH.REG
2009-05-25 20:56 . 2008-10-03 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 10:00 . 2009-02-14 07:46 -------- d-----w- c:\program files\Ashampoo
2009-05-14 14:19 . 2009-03-11 17:48 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-14 14:19 . 2009-03-11 17:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-29 09:06 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-04-29 09:06 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-04-28 20:42 . 2008-11-24 16:17 -------- d-----w- c:\program files\Avidemux 2.4
2009-04-28 07:36 . 2008-10-03 19:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:36 . 2008-10-03 19:21 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-27 07:19 . 2009-04-27 07:19 -------- d-----w- c:\program files\PowerISO
2009-04-17 05:54 . 2009-03-21 12:09 -------- d-----w- c:\program files\Common Files\eSellerate
2009-03-16 16:23 . 2009-04-20 18:00 200192 ----a-w- C:\bd_rem_tool_gui.exe
2009-03-16 15:27 . 2009-04-20 18:00 137216 ----a-w- C:\bd_rem_tool_console.exe
2009-03-16 12:18 . 2009-04-29 21:54 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-29 21:54 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-29 21:54 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-09 13:27 . 2009-04-29 21:54 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-04-29 21:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 04:19 . 2008-11-26 11:10 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-02_10.59.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-02 19:47 . 2009-06-02 19:47 16384 c:\windows\Temp\Perflib_Perfdata_354.dat
- 2009-06-02 10:46 . 2009-06-02 10:46 16384 c:\windows\Temp\Perflib_Perfdata_354.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-04 1783808]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-5-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-4 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-4 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-21 06:12 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\COD2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\winbox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\kav\\kav8.0\\english\\setup.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\HAWX\\HAWX.exe"=
"c:\\HAWX\\HAWX_dx10.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6.10.2008 20:59 40464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.5.2009 22:27 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 14:07 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 14:07 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.10.2008 10:56 141312]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [9.12.2008 23:57 14976]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30.5.2009 20:07 603904]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 14:07 7408]
S3 scsiscan;Ovladač skeneru SCSI;c:\windows\system32\drivers\scsiscan.sys [6.10.2008 16:09 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24.10.2008 16:41 348752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-06-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-29 07:38]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: imon.dll
TCP: {1F31D217-2FDD-43B9-ABBD-A01095B9E152} = 193.86.244.3,193.86.244.4
FF - ProfilePath - c:\documents and settings\TATA\Data aplikací\Mozilla\Firefox\Profiles\bx9mvrtk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 21:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(1864)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-02 21:57
ComboFix-quarantined-files.txt 2009-06-02 19:57
ComboFix2.txt 2009-06-02 16:28
ComboFix3.txt 2009-06-02 11:00

Před spuštěním: 9 361 473 536
Po spuštění: 9 347 174 400

212

[kanurek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:08, on 2.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F31D217-2FDD-43B9-ABBD-A01095B9E152}: NameServer = 193.86.244.3,193.86.244.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8937 bytes

[kanurek]

Smazal jsem tusložku c:\program files\WinClamAVShield protože ten program vůbec neznám, nikdy jsem ho neinstaloval a ani není mezi instalovanými programy a vůbec nechápu, kde jsem k němu přišel.

[Damned]

Možná to byl doplněk nějakého programu.

Máš rezidentně spuštěný štít Spyware Terminátoru a Spybotu. Jeden zakaž.

V logu už nevidím nic špatného. Mělo by ti vše fungovat.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Takže jestli nejsou problémy,tak vyčisti systém FCleanerem nebo CCleanerem a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

[kanurek]

Moc děkuju. Sice to nebyla žádná životně důležitá záležitost ale mě osobně děsně sere, když si ta Wokna začnou dělat něco, co já nemám pod kontrolou.,... Škoda, že nevím, který SW tuhle záležitost vyvolal. V tom adresáří, který jsem smazal se to tvářilo, jakoby to bylo něco od Spyware Terminatoru. I stejnou ikonu to mělo. Až budeš potřebovat poradit s Corelem Draw, tak mi klidně napiš. Dělám v něm už od verze 3.0 ...