Kontrola logu

[johnny114]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:14, on 12.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast 4\aswUpdSv.exe
C:\Program Files\Avast 4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Avast 4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Microsoft Private Folder 1.0\ShellHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ihwtgpkl.exe
C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://85.12.43.74/go/?cmp=ntvrsrgks&ui ... 1&rid=wen5
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ac167a82] rundll32.exe "C:\WINDOWS\system32\hwvyjuaq.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON\daemon.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [aevrgvut] C:\WINDOWS\system32\ihwtgpkl.exe
O4 - HKLM\..\Policies\Explorer\Run: [7C43ngaZ6T] C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast 4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast 4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast 4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

--
End of file - 6482 bytes

[Reklama]

[Baron Prášil]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[johnny114]

ComboFix 08-04-11.8 - domaci 2008-04-13 9:38:00.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.260 [GMT 2:00]
Running from: C:\Documents and Settings\domaci\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbXNExYP.dll
C:\WINDOWS\system32\geBqNDUO.dll
C:\WINDOWS\system32\hwvyjuaq.dll
C:\WINDOWS\system32\PYxENXbc.ini
C:\WINDOWS\system32\PYxENXbc.ini2
C:\WINDOWS\system32\qaujyvwh.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 19:27 . 2008-04-12 19:28 <DIR> d-------- C:\Program Files\RAR password recovery
2008-04-12 19:10 . 2008-04-12 19:12 997 --a------ C:\WINDOWS\ARCHPR4.INI
2008-04-12 19:09 . 2008-04-12 19:09 <DIR> d-------- C:\Program Files\ElcomSoft
2008-04-12 19:05 . 2008-04-12 18:15 81,920 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-12 19:04 . 2008-04-12 19:04 94,208 --a------ C:\WINDOWS\system32\ihwtgpkl.exe
2008-04-12 12:31 . 2008-04-12 12:31 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-12 12:31 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini
2008-04-11 19:40 . 2008-04-11 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 19:40 . 2008-04-11 19:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 19:23 . 2008-04-11 19:25 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 19:22 . 2008-04-11 19:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-11 16:42 . 2008-04-11 16:42 <DIR> d-------- C:\Program Files\rajce
2008-04-04 13:27 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 13:27 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-04 11:47 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-04 11:47 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-04 11:47 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-04 11:47 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-04 11:47 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-04 11:47 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-04 11:47 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-04 11:47 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-04 11:46 . 2008-04-04 11:46 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-04 11:46 . 2008-04-04 11:46 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-04 11:45 . 2008-04-12 12:06 <DIR> d-------- C:\Program Files\King of the road 2
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 21:00 . 2002-12-30 11:16 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll
2008-03-28 21:00 . 2003-01-06 15:14 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL
2008-03-28 21:00 . 2001-08-15 17:54 9,366 --a------ C:\WINDOWS\DjVuDoc.ico
2008-03-27 13:05 . 2008-03-27 13:20 <DIR> d-------- C:\Program Files\Max Payne
2008-03-26 20:10 . 1997-07-19 18:00 155,920 --a------ C:\WINDOWS\system32\comct232.ocx
2008-03-26 20:10 . 1997-06-13 11:56 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-03-26 20:09 . 2008-03-26 20:09 <DIR> d-------- C:\Program Files\Motocross Madness
2008-03-26 15:28 . 2008-03-26 23:59 <DIR> d-------- C:\Program Files\Bridge Builder 3
2008-03-26 14:19 . 2008-03-26 15:08 <DIR> d-------- C:\Program Files\Bridge Builder
2008-03-26 11:50 . 2008-03-26 11:51 <DIR> d-------- C:\Program Files\Dave Mirra Freestyle BMX
2008-03-24 11:44 . 2008-03-24 11:44 <DIR> d-------- C:\Program Files\Microsoft Private Folder 1.0
2008-03-24 11:41 . 2008-04-12 14:10 <DIR> dr------- C:\Documents and Settings\domaci\My Private Folder
2008-03-24 10:18 . 2008-03-24 10:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 23:52 . 2008-03-23 23:52 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-23 23:49 . 2008-03-23 23:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-23 23:49 . 2008-04-08 21:49 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-22 21:44 . 2008-03-22 21:44 <DIR> d-------- C:\Program Files\Bonjour
2008-03-22 21:13 . 2008-03-22 21:13 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-16 13:03 . 2008-03-16 13:03 <DIR> d-------- C:\Program Files\MP3Recorder
2008-03-16 12:50 . 2008-03-16 12:50 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-16 12:44 . 2008-03-16 12:44 <DIR> d-------- C:\Program Files\EVEREST Home Edition
2008-03-15 14:50 . 2008-03-15 14:50 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-03-15 14:50 . 2007-09-15 17:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-03-14 22:59 . 2008-03-15 15:08 <DIR> d-------- C:\Program Files\Intel Thermal Analysis Tool
2008-03-14 20:01 . 1996-04-03 21:33 5,248 --a------ C:\WINDOWS\system32\drivers\giveio.sys
2008-03-14 18:04 . 2008-04-12 21:33 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-14 11:15 . 2008-03-14 11:16 <DIR> d-------- C:\Program Files\Rhinoceros 3.0
2008-03-14 11:15 . 2008-03-14 11:15 <DIR> d-------- C:\Program Files\Common Files\McNeel Shared
2008-03-14 11:15 . 2002-12-20 12:42 643,072 --a------ C:\WINDOWS\system32\RhinoShExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 10:31 --------- d-----w C:\Program Files\AvRack
2008-04-04 11:36 --------- d-----w C:\Program Files\Avast 4
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 19:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 18:45 --------- d-----w C:\Program Files\sisagp
2008-03-10 19:33 --------- d-----w C:\Program Files\PowerStrip
2008-03-09 12:09 --------- d-----w C:\Program Files\CCleaner
2008-03-02 11:38 --------- d-----w C:\Program Files\ICQ6
2008-02-29 18:41 --------- d-----w C:\Program Files\Colin McRae Rally 2
2008-02-29 17:30 --------- d-----w C:\Program Files\Winamp
2008-02-29 17:17 --------- d-----w C:\Program Files\BitLord
2008-02-24 20:14 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-24 19:37 --------- d-----w C:\Program Files\DVDFab Decrypter 3
2008-02-24 19:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-22 23:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-22 23:46 --------- d-----w C:\Program Files\Autodesk
2008-02-22 23:30 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-02-22 22:58 --------- d-----w C:\Program Files\CDBurnerXP
2008-02-22 22:51 --------- d-----w C:\Program Files\MSBuild
2008-02-22 22:50 --------- d-----w C:\Program Files\BSplayer
2008-02-22 22:36 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-22 22:11 --------- d-----w C:\Program Files\QIP
2008-02-22 22:10 --------- d-----w C:\Program Files\DAEMON
2008-02-22 22:07 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-22 21:15 --------- d-----w C:\Program Files\Nero 6
2008-02-22 21:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-18 06:45 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-02-18 06:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 19:54 --------- d-----w C:\Program Files\Skype
2008-02-17 19:53 --------- d-----w C:\Program Files\BearShare
2008-02-17 19:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 18:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-17 16:46 --------- d-----w C:\Program Files\Java
2008-02-17 16:43 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 16:06 --------- d-----w C:\Program Files\Comodo Firewall
2008-02-17 16:04 --------- d-----w C:\Program Files\Verdict Free
2008-02-17 15:39 --------- d-----w C:\Program Files\VLC
2008-02-17 15:35 --------- d-----w C:\Program Files\Codec
2008-02-17 15:25 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-17 11:08 --------- d-----w C:\Program Files\EPSON
2008-02-16 16:45 --------- d-----w C:\Program Files\Bluetooth
2008-02-16 16:20 --------- d-----w C:\Program Files\microsoft frontpage
2003-03-12 04:16 307,200 ----a-w C:\Program Files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 311,296 ----a-w C:\Program Files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 299,008 ----a-w C:\Program Files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 290,816 ----a-w C:\Program Files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 122,880 ----a-w C:\Program Files\internet explorer\plugins\DjVuCntl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON\daemon.exe" [2007-12-29 14:05 486856]
"aevrgvut"="C:\WINDOWS\system32\ihwtgpkl.exe" [2008-04-12 19:04 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe" [2008-02-17 18:06 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2005-04-04 01:05 643072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7C43ngaZ6T"= C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bluetooth\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 09:22]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2004-11-09 23:32]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2d71f2-e1eb-11dc-9ecc-0011679c9c5b}]
\Shell\AutoRun\command - F:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5fc3bc-022b-11dd-95dd-0011679c9c5b}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 14:23:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 09:49:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast 4\aswUpdSv.exe
C:\Program Files\Avast 4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Avast 4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avast 4\Setup\avast.setup
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-13 9:55:42 - machine was rebooted [domaci]
ComboFix-quarantined-files.txt 2008-04-13 07:55:26
Adresářů: 8, Volných bajtů: 31,607,373,824
Adres ý…: 11, Volněch bajt…: 37,001,424,896
.
2008-04-11 12:09:41 --- E O F ---

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\ihwtgpkl.exe
C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe
F:\install.exe
G:\autorun.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aevrgvut"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7C43ngaZ6T"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2d71f2-e1eb-11dc-9ecc-0011679c9c5b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5fc3bc-022b-11dd-95dd-0011679c9c5b}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+info o chování kompu

[johnny114]

ComboFix 08-04-12.7 - domaci 2008-04-13 12:15:30.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.148 [GMT 2:00]
Running from: C:\Documents and Settings\domaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\domaci\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\ihwtgpkl.exe
F:\install.exe
G:\autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\shwjqtcz\cpcpinoj.exe
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\ihwtgpkl.exe
F:\install.exe
G:\autorun.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 19:27 . 2008-04-12 19:28 <DIR> d-------- C:\Program Files\RAR password recovery
2008-04-12 19:10 . 2008-04-12 19:12 997 --a------ C:\WINDOWS\ARCHPR4.INI
2008-04-12 19:09 . 2008-04-12 19:09 <DIR> d-------- C:\Program Files\ElcomSoft
2008-04-12 12:31 . 2008-04-12 12:31 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-12 12:31 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini
2008-04-11 19:40 . 2008-04-11 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 19:40 . 2008-04-11 19:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 19:23 . 2008-04-11 19:25 <DIR> d-------- C:\Program Files\QuickTime
2008-04-11 19:22 . 2008-04-11 19:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-11 16:42 . 2008-04-11 16:42 <DIR> d-------- C:\Program Files\rajce
2008-04-04 13:27 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 13:27 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-04 11:47 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-04 11:47 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-04 11:47 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-04 11:47 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-04 11:47 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-04 11:47 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-04 11:47 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-04 11:47 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-04 11:46 . 2008-04-04 11:46 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-04 11:46 . 2008-04-04 11:46 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-04 11:45 . 2008-04-12 12:06 <DIR> d-------- C:\Program Files\King of the road 2
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 21:00 . 2002-12-30 11:16 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll
2008-03-28 21:00 . 2003-01-06 15:14 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll
2008-03-28 21:00 . 2002-12-30 11:16 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL
2008-03-28 21:00 . 2001-08-15 17:54 9,366 --a------ C:\WINDOWS\DjVuDoc.ico
2008-03-27 13:05 . 2008-03-27 13:20 <DIR> d-------- C:\Program Files\Max Payne
2008-03-26 20:10 . 1997-07-19 18:00 155,920 --a------ C:\WINDOWS\system32\comct232.ocx
2008-03-26 20:10 . 1997-06-13 11:56 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-03-26 20:09 . 2008-03-26 20:09 <DIR> d-------- C:\Program Files\Motocross Madness
2008-03-26 15:28 . 2008-03-26 23:59 <DIR> d-------- C:\Program Files\Bridge Builder 3
2008-03-26 14:19 . 2008-03-26 15:08 <DIR> d-------- C:\Program Files\Bridge Builder
2008-03-26 11:50 . 2008-03-26 11:51 <DIR> d-------- C:\Program Files\Dave Mirra Freestyle BMX
2008-03-24 11:44 . 2008-03-24 11:44 <DIR> d-------- C:\Program Files\Microsoft Private Folder 1.0
2008-03-24 11:41 . 2008-04-12 14:10 <DIR> dr------- C:\Documents and Settings\domaci\My Private Folder
2008-03-24 10:18 . 2008-03-24 10:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 23:52 . 2008-03-23 23:52 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-23 23:49 . 2008-03-23 23:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-23 23:49 . 2008-04-08 21:49 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-22 21:44 . 2008-03-22 21:44 <DIR> d-------- C:\Program Files\Bonjour
2008-03-22 21:13 . 2008-03-22 21:13 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-16 13:03 . 2008-03-16 13:03 <DIR> d-------- C:\Program Files\MP3Recorder
2008-03-16 12:50 . 2008-03-16 12:50 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-16 12:44 . 2008-03-16 12:44 <DIR> d-------- C:\Program Files\EVEREST Home Edition
2008-03-15 14:50 . 2008-03-15 14:50 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-03-15 14:50 . 2007-09-15 17:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-03-14 22:59 . 2008-03-15 15:08 <DIR> d-------- C:\Program Files\Intel Thermal Analysis Tool
2008-03-14 20:01 . 1996-04-03 21:33 5,248 --a------ C:\WINDOWS\system32\drivers\giveio.sys
2008-03-14 18:04 . 2008-04-13 10:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-14 18:04 . 2008-03-14 18:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-14 11:15 . 2008-03-14 11:16 <DIR> d-------- C:\Program Files\Rhinoceros 3.0
2008-03-14 11:15 . 2008-03-14 11:15 <DIR> d-------- C:\Program Files\Common Files\McNeel Shared
2008-03-14 11:15 . 2002-12-20 12:42 643,072 --a------ C:\WINDOWS\system32\RhinoShExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 10:31 --------- d-----w C:\Program Files\AvRack
2008-04-04 11:36 --------- d-----w C:\Program Files\Avast 4
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-28 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 19:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 18:45 --------- d-----w C:\Program Files\sisagp
2008-03-10 19:33 --------- d-----w C:\Program Files\PowerStrip
2008-03-09 12:09 --------- d-----w C:\Program Files\CCleaner
2008-03-02 11:38 --------- d-----w C:\Program Files\ICQ6
2008-02-29 18:41 --------- d-----w C:\Program Files\Colin McRae Rally 2
2008-02-29 17:30 --------- d-----w C:\Program Files\Winamp
2008-02-29 17:17 --------- d-----w C:\Program Files\BitLord
2008-02-24 20:14 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-24 19:37 --------- d-----w C:\Program Files\DVDFab Decrypter 3
2008-02-24 19:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-22 23:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-22 23:46 --------- d-----w C:\Program Files\Autodesk
2008-02-22 23:30 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-02-22 22:58 --------- d-----w C:\Program Files\CDBurnerXP
2008-02-22 22:51 --------- d-----w C:\Program Files\MSBuild
2008-02-22 22:50 --------- d-----w C:\Program Files\BSplayer
2008-02-22 22:36 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-22 22:11 --------- d-----w C:\Program Files\QIP
2008-02-22 22:10 --------- d-----w C:\Program Files\DAEMON
2008-02-22 22:07 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-22 21:15 --------- d-----w C:\Program Files\Nero 6
2008-02-22 21:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 06:45 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-02-18 06:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 19:54 --------- d-----w C:\Program Files\Skype
2008-02-17 19:53 --------- d-----w C:\Program Files\BearShare
2008-02-17 19:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 18:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-17 16:46 --------- d-----w C:\Program Files\Java
2008-02-17 16:43 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 16:06 --------- d-----w C:\Program Files\Comodo Firewall
2008-02-17 16:04 --------- d-----w C:\Program Files\Verdict Free
2008-02-17 15:39 --------- d-----w C:\Program Files\VLC
2008-02-17 15:35 --------- d-----w C:\Program Files\Codec
2008-02-17 15:25 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-17 11:08 --------- d-----w C:\Program Files\EPSON
2008-02-16 16:45 --------- d-----w C:\Program Files\Bluetooth
2008-02-16 16:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2003-03-12 04:16 307,200 ----a-w C:\Program Files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 311,296 ----a-w C:\Program Files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 299,008 ----a-w C:\Program Files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 290,816 ----a-w C:\Program Files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 122,880 ----a-w C:\Program Files\internet explorer\plugins\DjVuCntl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_ 9.54.53.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 10:24:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-30 02:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-02-18 18:17:09 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2001-10-25 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-10-25 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-10-25 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-10-25 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-17 14:58:58 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2001-10-25 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-10-25 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-10-25 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-10-25 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-10-25 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-10-25 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-10-25 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-10-25 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-10-25 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2001-10-25 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2008-04-13 07:20:54 1,483,616 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-13 10:25:03 1,483,640 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2001-10-25 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-10-25 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-10-25 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-10-25 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2001-10-25 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2001-10-25 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2001-10-25 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-10-25 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-10-25 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-13 10:25:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_618.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON\daemon.exe" [2007-12-29 14:05 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe" [2008-02-17 18:06 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2005-04-04 01:05 643072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bluetooth\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 09:22]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2004-11-09 23:32]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2d71f2-e1eb-11dc-9ecc-0011679c9c5b}]
\Shell\AutoRun\command - F:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5fc3bc-022b-11dd-95dd-0011679c9c5b}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 14:23:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 12:28:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast 4\aswUpdSv.exe
C:\Program Files\Avast 4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Avast 4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2008-04-13 12:32:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 10:32:24
ComboFix2.txt 2008-04-13 07:55:44
Adresářů: 8, Volných bajtů: 37,572,014,080
Adres ý…: 11, Volněch bajt…: 37,564,575,744
.
2008-04-11 12:09:41 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:55, on 13.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast 4\aswUpdSv.exe
C:\Program Files\Avast 4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Avast 4\ashMaiSv.exe
C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://85.12.43.74/go/?cmp=ntvrsrgks&ui ... 1&rid=wen5
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo Firewall\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast 4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast 4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast 4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

--
End of file - 6348 bytes

[Baron Prášil]

takže znovu a tentokrát tedy hezky poprosím- info o chování kompu. děkuji