Prosim o kontrolu HJT

johnny114 · Příspěvekod **johnny114** » 18 pro 2007 18:46

prosim o kontrolu HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:06, on 18.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\StrongDC\StrongDC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Počítač\Léčba viru\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BDEX System - {821386B0-9AB4-484F-B543-D3AA1A1A5589} - C:\WINDOWS\ttvbonpwx.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: The leosrv - {F7C394C7-BFBD-4A20-AD14-2AA94424C09C} - C:\WINDOWS\leosrv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O21 - SSODL: hjoqor - {9D7EB1B0-8BFA-491A-A829-B406E724D0C7} - C:\WINDOWS\hjoqor.dll (file missing)
O21 - SSODL: xcvwer - {DA73FBF5-1B8A-4279-AC04-7928C714AE0E} - C:\WINDOWS\xcvwer.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8276 bytes

Reklama

Příspěvekod **fredik** » 18 pro 2007 18:54

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

johnny114 · Příspěvekod **johnny114** » 18 pro 2007 20:36

ComboFix 07-12-18.1 - Honza M 2007-12-18 20:28:09.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1405 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\vorbis.dll
C:\WINDOWS\system32\ogg.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Honza M\Oblíbené položky\Online Security Guide.lnk
C:\WINDOWS\system32\ptrlvajg.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-18 18:42 . 2007-12-18 12:57 266,240 --a------ C:\WINDOWS\ttvbonpwx.dll
2007-12-18 18:42 . 2007-12-18 12:57 245,760 --a------ C:\WINDOWS\xcvwer.dll
2007-12-18 18:42 . 2007-12-18 12:57 172,032 --a------ C:\WINDOWS\leosrv.dll
2007-12-18 18:42 . 2007-12-18 12:57 77,824 --a------ C:\WINDOWS\binret.exe
2007-12-18 18:15 . 2007-12-18 18:15 <DIR> d-------- C:\Program Files\SmartVideoCodec
2007-12-18 18:08 . 2007-12-18 18:19 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-17 14:50 . 2007-12-17 15:21 <DIR> d-------- C:\Program Files\StrongDC
2007-12-17 14:37 . 2007-12-17 14:38 <DIR> d-------- C:\Program Files\sdc205
2007-12-16 21:17 . 2007-12-16 21:17 <DIR> d-------- C:\WINDOWS\EffectResources
2007-12-16 21:17 . 2007-12-17 14:31 <DIR> d-------- C:\Program Files\Webkamera
2007-12-12 23:26 . 2007-12-12 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Software
2007-12-12 22:19 . 2007-12-17 14:37 <DIR> d-------- C:\StrongDC- unfinished
2007-12-12 20:02 . 2007-12-12 20:02 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Autodesk
2007-12-12 17:16 . 2007-12-12 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-12 17:13 . 2007-12-12 17:13 <DIR> d-------- C:\Program Files\Bonjour
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-11 00:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-11 00:14 . 2007-12-11 00:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-11 00:14 . 2007-12-11 00:14 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-11 00:12 . 2007-12-11 00:12 <DIR> dr-h----- C:\MSOCache
2007-12-09 21:26 . 2007-12-09 21:27 <DIR> dr------- C:\Programy
2007-12-09 21:21 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-12-09 21:20 . 2007-12-09 21:26 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-09 21:20 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.ocx
2007-12-09 21:20 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2007-12-09 21:20 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-09 21:20 . 2000-10-01 20:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-09 21:20 . 1999-03-25 20:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-09 21:20 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-12-09 21:20 . 1998-07-12 20:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-09 21:20 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-12-09 21:20 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-12-06 23:44 . 2007-12-06 23:44 <DIR> d-------- C:\Program Files\eRightSoft
2007-12-06 23:44 . 2007-12-06 23:44 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-05 14:54 . 2007-12-05 14:55 <DIR> d-------- C:\Program Files\QIP
2007-12-04 19:35 . 2007-12-05 07:48 <DIR> d-------- C:\Qip-st
2007-12-03 16:44 . 2007-12-03 16:47 <DIR> d-------- C:\Program Files\BSplayer
2007-12-03 16:35 . 2007-12-03 16:35 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Participatory Culture Foundation
2007-12-03 16:34 . 2007-12-03 16:34 <DIR> d-------- C:\Program Files\MultiMedia Toolbar
2007-12-03 16:34 . 2007-12-03 16:34 <DIR> d-------- C:\Program Files\Multi_Media
2007-12-03 16:33 . 2007-12-03 16:43 <DIR> d-------- C:\Program Files\Miro
2007-12-03 16:09 . 2007-12-03 16:09 <DIR> d-------- C:\Obrazy- Daemon
2007-12-02 22:57 . 2007-12-02 22:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-29 09:17 . 2007-12-17 18:50 <DIR> d-------- C:\Program Files\Acoustica MP3 CD Burner
2007-11-29 09:17 . 2007-11-29 09:17 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Acoustica
2007-11-29 09:17 . 2002-11-05 15:16 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-11-28 16:56 . 2007-11-28 16:56 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2007-11-28 16:56 . 2007-11-28 17:03 <DIR> d-------- C:\Program Files\Burn4Free
2007-11-28 16:56 . 2007-11-28 16:56 229,727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_9968.exe
2007-11-28 13:25 . 2007-11-28 13:25 <DIR> d-------- C:\Program Files\Ahead
2007-11-28 13:13 . 2007-11-28 13:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-28 13:13 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-28 13:13 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-28 12:53 . 2007-12-10 21:19 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-26 16:14 . 2001-10-25 13:00 114,688 --a--c--- C:\WINDOWS\system32\dllcache\calc.exe
2007-11-26 16:14 . 2001-10-25 13:00 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-11-25 21:51 . 2007-11-26 20:27 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-25 21:51 . 2007-11-26 20:27 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-22 13:21 . 2007-12-10 18:36 <DIR> d-------- C:\Documents and Settings\Honza M\.gimp-2.2
2007-11-22 13:19 . 2007-11-22 13:19 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-11-22 13:18 . 2007-11-22 13:18 <DIR> d-------- C:\Program Files\GTK
2007-11-22 13:17 . 2007-11-22 13:17 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Zoner
2007-11-22 13:16 . 2007-11-22 13:16 <DIR> d-------- C:\Program Files\Zoner
2007-11-22 13:15 . 2007-11-22 13:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 20:35 . 2007-11-25 21:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 20:35 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-21 20:34 . 2007-11-21 20:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 20:34 . 2007-11-25 21:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-21 20:27 . 2007-11-21 20:27 40,960 --a------ C:\WINDOWS\_dsCA80.tmp
2007-11-21 20:27 . 2007-11-21 20:27 40,960 --a------ C:\WINDOWS\_dsCA7E.tmp
2007-11-21 15:35 . 2007-11-21 15:35 40,960 --a------ C:\WINDOWS\_ds19.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds17.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds15.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds13.tmp
2007-11-21 15:12 . 2007-11-21 15:12 <DIR> d-------- C:\Program Files\Empire Interactive
2007-11-21 15:11 . 2007-11-21 15:11 40,960 --a------ C:\WINDOWS\_ds8.tmp
2007-11-21 15:04 . 2007-11-21 15:04 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-21 15:01 . 2007-11-21 15:01 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 00:30 . 2007-11-21 00:30 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-21 00:29 . 2007-12-18 18:49 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-21 00:24 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-21 00:24 . 2007-12-12 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-20 22:14 . 2007-11-20 22:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Data aplikací\ATI
2007-11-20 22:14 . 2007-11-20 22:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Data aplikací\ATI
2007-11-20 22:14 . 2007-11-20 22:14 4,096 --a------ C:\WINDOWS\system32\crash
2007-11-20 18:44 . 2007-11-20 18:44 <DIR> d-------- C:\Program Files\WildGames
2007-11-20 18:44 . 2007-11-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WildTangent
2007-11-20 15:11 . 2007-11-20 15:11 31 --a------ C:\WINDOWS\MCDB.ini
2007-11-20 15:10 . 2001-09-05 21:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-11-18 21:16 . 2007-11-18 21:44 677,980 --ahs---- C:\WINDOWS\system32\fgnkapcj.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 21:56 --------- d-----w C:\Program Files\Autodesk
2007-12-16 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 20:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 23:09 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-10 22:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\OpenOffice.org2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:15 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\dvdcss
2007-11-18 22:09 --------- d-----w C:\Program Files\ShrinkTo5
2007-11-15 20:22 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-14 17:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-11-14 17:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-14 04:57 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 13:47 --------- d-----w C:\Program Files\Java
2007-11-12 13:47 --------- d-----w C:\Program Files\Common Files\Java
2007-11-10 20:37 --------- d-----w C:\Program Files\YouTube Video Downloader
2007-11-10 13:53 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\atitray
2007-11-10 13:52 --------- d-----w C:\Program Files\Teplota
2007-11-10 12:26 --------- d-----w C:\Program Files\Alarm
2007-11-07 15:22 --------- d-----w C:\Program Files\Electronic Arts
2007-11-06 19:01 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\O2
2007-11-06 18:03 --------- d-----w C:\Program Files\MSECache
2007-11-06 14:56 --------- d-----w C:\Program Files\Acclaim Entertainment
2007-11-05 20:01 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\BSplayer
2007-11-05 19:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\BSplayer Pro
2007-11-05 19:34 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-05 17:53 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\ATI
2007-11-05 17:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2007-11-05 17:50 --------- d-----w C:\Program Files\ATI Technologies
2007-11-05 17:16 --------- d-----w C:\Program Files\Nero
2007-11-05 17:16 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-05 17:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-11-05 16:59 --------- d-----w C:\Program Files\Verdict Free
2007-11-05 16:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-11-05 15:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Nero
2007-11-04 22:51 --------- d-----w C:\Program Files\Alwil Software
2007-11-04 22:11 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Winamp
2007-11-04 22:08 --------- d-----w C:\Program Files\Winamp
2007-11-04 21:10 --------- d-----w C:\Program Files\Encyklopedie
2007-11-04 20:56 --------- d-----w C:\Program Files\AutoCAD 2002 Cz
2007-11-04 20:48 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2007-11-02 23:55 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-11-02 23:21 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Jpeg Resampler
2007-11-02 23:15 --------- d-----w C:\Program Files\Audiograbber
2007-11-02 23:12 --------- d-----w C:\Program Files\Kodek CZ
2007-11-02 23:10 --------- d-----w C:\Program Files\CDex_170b2
2007-11-02 17:03 --------- d-----w C:\Program Files\RadLight Company
2007-11-02 17:03 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\RadLight Company
2007-11-02 15:10 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\vlc
2007-11-02 15:08 --------- d-----w C:\Program Files\VideoLAN
2007-11-02 15:07 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-11-02 13:42 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-11-02 13:29 --------- d-----w C:\Program Files\Marvell
2007-11-02 13:28 --------- d-----w C:\Program Files\Analog Devices
2007-11-02 13:16 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{821386B0-9AB4-484F-B543-D3AA1A1A5589}]
2007-12-18 12:57 266240 --a------ C:\WINDOWS\ttvbonpwx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
{F7C394C7-BFBD-4A20-AD14-2AA94424C09C}

[HKEY_CLASSES_ROOT\clsid\{f7c394c7-bfbd-4a20-ad14-2aa94424c09c}]
[HKEY_CLASSES_ROOT\leosrv.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{78533045-7A38-48B8-8AA7-A39D261C6803}]
[HKEY_CLASSES_ROOT\leosrv.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-11-16 14:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-21 00:28]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hjoqor"= {9D7EB1B0-8BFA-491A-A829-B406E724D0C7} - C:\WINDOWS\hjoqor.dll [ ]
"xcvwer"= {DA73FBF5-1B8A-4279-AC04-7928C714AE0E} - C:\WINDOWS\xcvwer.dll [2007-12-18 12:57 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-09-20 10:35 1077032 --a------ C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

R1 atitray;atitray;C:\Program Files\Teplota\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-11-21 00:30]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 14:14]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-09 01:12]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 20:29:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
Completion time: 2007-12-18 20:29:40
.
2007-12-12 12:27:00 --- E O F ---

Příspěvekod **fredik** » 18 pro 2007 22:03

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\ttvbonpwx.dll
C:\WINDOWS\xcvwer.dll
C:\WINDOWS\leosrv.dll
C:\WINDOWS\binret.exe
C:\WINDOWS\system32\fgnkapcj.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{821386B0-9AB4-484F-B543-D3AA1A1A5589}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hjoqor"=-
"xcvwer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F7C394C7-BFBD-4A20-AD14-2AA94424C09C}"=-
[-HKEY_CLASSES_ROOT\clsid\{f7c394c7-bfbd-4a20-ad14-2aa94424c09c}]
[-HKEY_CLASSES_ROOT\leosrv.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{78533045-7A38-48B8-8AA7-A39D261C6803}]
[-HKEY_CLASSES_ROOT\leosrv.ToolBar]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Dej sem pak taky nový log z HJT.

johnny114 · Příspěvekod **johnny114** » 19 pro 2007 15:24

ComboFix 07-12-19.2 - Honza M 2007-12-19 14:28:00.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1451 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Honza M\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\binret.exe
C:\WINDOWS\leosrv.dll
C:\WINDOWS\system32\fgnkapcj.ini
C:\WINDOWS\ttvbonpwx.dll
C:\WINDOWS\xcvwer.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\vorbis.dll
C:\WINDOWS\system32\ogg.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\binret.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\leosrv.dll
C:\WINDOWS\system32\fgnkapcj.ini
C:\WINDOWS\ttvbonpwx.dll
C:\WINDOWS\xcvwer.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 18:15 . 2007-12-18 22:56 <DIR> d-------- C:\Program Files\SmartVideoCodec
2007-12-18 18:08 . 2007-12-18 18:19 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-17 14:50 . 2007-12-17 15:21 <DIR> d-------- C:\Program Files\StrongDC
2007-12-17 14:37 . 2007-12-17 14:38 <DIR> d-------- C:\Program Files\sdc205
2007-12-16 21:17 . 2007-12-16 21:17 <DIR> d-------- C:\WINDOWS\EffectResources
2007-12-16 21:17 . 2007-12-17 14:31 <DIR> d-------- C:\Program Files\Webkamera
2007-12-12 23:26 . 2007-12-12 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\NCH Software
2007-12-12 22:19 . 2007-12-17 14:37 <DIR> d-------- C:\StrongDC- unfinished
2007-12-12 20:02 . 2007-12-12 20:02 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Autodesk
2007-12-12 17:16 . 2007-12-12 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-12 17:13 . 2007-12-12 17:13 <DIR> d-------- C:\Program Files\Bonjour
2007-12-12 17:06 . 2007-12-12 17:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-11 00:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-11 00:14 . 2007-12-11 00:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-11 00:14 . 2007-12-11 00:14 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-11 00:12 . 2007-12-11 00:12 <DIR> dr-h----- C:\MSOCache
2007-12-09 21:26 . 2007-12-09 21:27 <DIR> dr------- C:\Programy
2007-12-09 21:21 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-12-09 21:20 . 2007-12-09 21:26 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-09 21:20 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.ocx
2007-12-09 21:20 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2007-12-09 21:20 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-09 21:20 . 2000-10-01 20:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-09 21:20 . 1999-03-25 20:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-09 21:20 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-12-09 21:20 . 1998-07-12 20:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-09 21:20 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-12-09 21:20 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-12-06 23:44 . 2007-12-06 23:44 <DIR> d-------- C:\Program Files\eRightSoft
2007-12-06 23:44 . 2007-12-06 23:44 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-05 14:54 . 2007-12-05 14:55 <DIR> d-------- C:\Program Files\QIP
2007-12-04 19:35 . 2007-12-05 07:48 <DIR> d-------- C:\Qip-st
2007-12-03 16:44 . 2007-12-03 16:47 <DIR> d-------- C:\Program Files\BSplayer
2007-12-03 16:35 . 2007-12-03 16:35 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Participatory Culture Foundation
2007-12-03 16:34 . 2007-12-03 16:34 <DIR> d-------- C:\Program Files\MultiMedia Toolbar
2007-12-03 16:34 . 2007-12-03 16:34 <DIR> d-------- C:\Program Files\Multi_Media
2007-12-03 16:33 . 2007-12-03 16:43 <DIR> d-------- C:\Program Files\Miro
2007-12-03 16:09 . 2007-12-03 16:09 <DIR> d-------- C:\Obrazy- Daemon
2007-12-02 22:57 . 2007-12-02 22:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-29 09:17 . 2007-12-17 18:50 <DIR> d-------- C:\Program Files\Acoustica MP3 CD Burner
2007-11-29 09:17 . 2007-11-29 09:17 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Acoustica
2007-11-29 09:17 . 2002-11-05 15:16 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-11-28 16:56 . 2007-11-28 16:56 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2007-11-28 16:56 . 2007-11-28 17:03 <DIR> d-------- C:\Program Files\Burn4Free
2007-11-28 16:56 . 2007-11-28 16:56 229,727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_9968.exe
2007-11-28 13:25 . 2007-11-28 13:25 <DIR> d-------- C:\Program Files\Ahead
2007-11-28 13:13 . 2007-11-28 13:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-28 13:13 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-28 13:13 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-28 12:53 . 2007-12-10 21:19 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-26 16:14 . 2001-10-25 13:00 114,688 --a--c--- C:\WINDOWS\system32\dllcache\calc.exe
2007-11-26 16:14 . 2001-10-25 13:00 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-11-25 21:51 . 2007-11-26 20:27 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-25 21:51 . 2007-11-26 20:27 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-22 13:21 . 2007-12-10 18:36 <DIR> d-------- C:\Documents and Settings\Honza M\.gimp-2.2
2007-11-22 13:19 . 2007-11-22 13:19 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-11-22 13:18 . 2007-11-22 13:18 <DIR> d-------- C:\Program Files\GTK
2007-11-22 13:17 . 2007-11-22 13:17 <DIR> d-------- C:\Documents and Settings\Honza M\Data aplikací\Zoner
2007-11-22 13:16 . 2007-11-22 13:16 <DIR> d-------- C:\Program Files\Zoner
2007-11-22 13:15 . 2007-11-22 13:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 20:35 . 2007-11-25 21:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 20:35 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-21 20:34 . 2007-11-21 20:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 20:34 . 2007-11-25 21:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-21 20:27 . 2007-11-21 20:27 40,960 --a------ C:\WINDOWS\_dsCA80.tmp
2007-11-21 20:27 . 2007-11-21 20:27 40,960 --a------ C:\WINDOWS\_dsCA7E.tmp
2007-11-21 15:35 . 2007-11-21 15:35 40,960 --a------ C:\WINDOWS\_ds19.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds17.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds15.tmp
2007-11-21 15:34 . 2007-11-21 15:34 40,960 --a------ C:\WINDOWS\_ds13.tmp
2007-11-21 15:12 . 2007-11-21 15:12 <DIR> d-------- C:\Program Files\Empire Interactive
2007-11-21 15:11 . 2007-11-21 15:11 40,960 --a------ C:\WINDOWS\_ds8.tmp
2007-11-21 15:04 . 2007-11-21 15:04 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-21 15:01 . 2007-11-21 15:01 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 00:30 . 2007-11-21 00:30 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-21 00:29 . 2007-12-19 11:15 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-21 00:24 . 2007-12-18 22:56 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-21 00:24 . 2007-12-18 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-20 22:14 . 2007-11-20 22:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Data aplikací\ATI
2007-11-20 22:14 . 2007-11-20 22:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Data aplikací\ATI
2007-11-20 22:14 . 2007-11-20 22:14 4,096 --a------ C:\WINDOWS\system32\crash
2007-11-20 18:44 . 2007-11-20 18:44 <DIR> d-------- C:\Program Files\WildGames
2007-11-20 18:44 . 2007-11-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WildTangent
2007-11-20 15:11 . 2007-11-20 15:11 31 --a------ C:\WINDOWS\MCDB.ini
2007-11-20 15:10 . 2001-09-05 21:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 21:56 --------- d-----w C:\Program Files\Autodesk
2007-12-16 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 20:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 23:09 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-10 22:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\OpenOffice.org2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:15 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\dvdcss
2007-11-18 22:09 --------- d-----w C:\Program Files\ShrinkTo5
2007-11-15 20:22 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-14 17:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-11-14 17:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-14 04:57 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 13:47 --------- d-----w C:\Program Files\Java
2007-11-12 13:47 --------- d-----w C:\Program Files\Common Files\Java
2007-11-10 20:37 --------- d-----w C:\Program Files\YouTube Video Downloader
2007-11-10 13:53 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\atitray
2007-11-10 13:52 --------- d-----w C:\Program Files\Teplota
2007-11-10 12:26 --------- d-----w C:\Program Files\Alarm
2007-11-07 15:22 --------- d-----w C:\Program Files\Electronic Arts
2007-11-06 19:01 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\O2
2007-11-06 18:03 --------- d-----w C:\Program Files\MSECache
2007-11-06 14:56 --------- d-----w C:\Program Files\Acclaim Entertainment
2007-11-05 20:01 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\BSplayer
2007-11-05 19:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\BSplayer Pro
2007-11-05 19:34 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-05 17:53 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\ATI
2007-11-05 17:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2007-11-05 17:50 --------- d-----w C:\Program Files\ATI Technologies
2007-11-05 17:16 --------- d-----w C:\Program Files\Nero
2007-11-05 17:16 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-05 17:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-11-05 16:59 --------- d-----w C:\Program Files\Verdict Free
2007-11-05 16:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-11-05 15:59 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Nero
2007-11-04 22:51 --------- d-----w C:\Program Files\Alwil Software
2007-11-04 22:11 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Winamp
2007-11-04 22:08 --------- d-----w C:\Program Files\Winamp
2007-11-04 21:10 --------- d-----w C:\Program Files\Encyklopedie
2007-11-04 20:56 --------- d-----w C:\Program Files\AutoCAD 2002 Cz
2007-11-04 20:48 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2007-11-02 23:55 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-11-02 23:21 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\Jpeg Resampler
2007-11-02 23:15 --------- d-----w C:\Program Files\Audiograbber
2007-11-02 23:12 --------- d-----w C:\Program Files\Kodek CZ
2007-11-02 23:10 --------- d-----w C:\Program Files\CDex_170b2
2007-11-02 17:03 --------- d-----w C:\Program Files\RadLight Company
2007-11-02 17:03 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\RadLight Company
2007-11-02 15:10 --------- d-----w C:\Documents and Settings\Honza M\Data aplikací\vlc
2007-11-02 15:08 --------- d-----w C:\Program Files\VideoLAN
2007-11-02 15:07 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-11-02 13:42 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-11-02 13:29 --------- d-----w C:\Program Files\Marvell
2007-11-02 13:28 --------- d-----w C:\Program Files\Analog Devices
2007-11-02 13:16 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-18_20.29.18,98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-19 10:14:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-11-16 14:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-21 00:28]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-09-20 10:35 1077032 --a------ C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

R1 atitray;atitray;C:\Program Files\Teplota\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-11-21 00:30]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-09 01:12]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 14:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9d92295-983a-11dc-ae87-001bfcf7ab9a}]
\Shell\AutoRun\command - E:\Launch.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 14:31:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
Completion time: 2007-12-19 14:32:15
C:\ComboFix2.txt ... 2007-12-18 20:29
.
2007-12-12 12:27:00 --- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2007 at 03:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3363
Trace Rules Database Version: 1362

Scan type : Complete Scan
Total Scan Time : 00:31:04

Memory items scanned : 564
Memory threats detected : 0
Registry items scanned : 6958
Registry threats detected : 6
File items scanned : 32810
File threats detected : 26

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}
HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}
HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32
HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32#ThreadingModel
HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}\InprocServer32#t
C:\PROGRAM FILES\GHUXAUMC\UUBTUCJE.DLL
HKCR\CLSID\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}

Adware.Tracking Cookie
C:\Documents and Settings\Honza M\Cookies\honza m@atdmt[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@4-digital-media[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@toplist[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@revsci[2].txt
C:\Documents and Settings\Honza M\Cookies\honza m@statcounter[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@2o7[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@please[2].txt
C:\Documents and Settings\Honza M\Cookies\honza m@bs.serving-sys[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@1-electronic-media[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@keygenguru[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@serving-sys[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@msnportal.112.2o7[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@ads.bridgetrack[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@avsmedia[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@list[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@windowsmedia[2].txt
C:\Documents and Settings\Honza M\Cookies\honza m@rambler[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@bestsellerantivirus[2].txt
C:\Documents and Settings\Honza M\Cookies\honza m@ads.pointroll[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@yadro[1].txt
C:\Documents and Settings\Honza M\Cookies\honza m@ad.yieldmanager[2].txt
C:\Documents and Settings\Honza M\Cookies\honza m@doubleclick[1].txt

Adware.E404 Helper/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7C85DF0-D298-4D80-87A6-67C3C45B0E17}\RP1\A0001046.DLL

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F7C85DF0-D298-4D80-87A6-67C3C45B0E17}\RP35\A0009008.DLL

Příspěvekod **fredik** » 19 pro 2007 17:34

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Dej sem nový log z HJT a řekni jestli problémy přetrvávají.

johnny114 · Příspěvekod **johnny114** » 19 pro 2007 20:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:09, on 19.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Počítač\Léčba viru\HiJack This\HiJackThis.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8194 bytes

chci se zeptat jestli si mam ten SUPERAntispyware nechat v pocitaci nebo ho mam odinstalovat

Příspěvekod **fredik** » 19 pro 2007 21:13

Ohledně SUPERAntispyware, pokud chceš můžeš si ho tam nechat na občasnou kontrolu, ale vypni si jeho spouštění při startu Win. Pokud ne tak ho můžeš klidně odinstalovat.

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině,
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Log jinak vypadá dobře, máš ještě nějaké problémy?

johnny114 · Příspěvekod **johnny114** » 20 pro 2007 18:00

chtel bych se jeste zeptat jestli existuje nejaky podobny program s rezidentnim stitem jako je Spyware Terminator. zda se mi dobry ale stve me neustale cist ty okna co vyskakuji a povolovat nebo zakazovat ruzne aplikace. kolikrat stejne ani nevim co ktera je... nebo kdyz si tam nainstaluju Kerio tak to bude v poho?

Příspěvekod **fredik** » 21 pro 2007 14:18

Z free programů má ještě omezenou rez. ochranu i Spybot - Search & Destroy. Jinak pak jsou až v placených verzích anti-spyware programů.

Přesně neznám jak má nastavení rez. ochrany ST a jak to tam máš nastavené, ale zkus si to tam případně nastavit na nižší úroveň zabezpečení než máš teď?
Tady případně najdeš popis jednotlivých částí rez. ochrany: http://viry.cz/forum/viewtopic.php?t=44730 případně si zkus upravit část - Monitor aplikací

Kerio jakožto firewall, má jinou činnost než Spyware Terminátor.

Prosim o kontrolu HJT

Prosim o kontrolu HJT

Kdo je online