Prosím o kontrolu logu HJT - Suspenzor PC

[memphisto]

serfuju si takhle na PC-HELPu a najednou na mě vyskočí Suspenzor PC. po kontrole ComboFixem se nic nestalo a vesele řádí dál. už nevím co s tím.navíc mi začaly vyskakovat chyby rundll32, regserver atd. přikládám log po ComboFixu a log z Combofixu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:12, on 17.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marián\Plocha\programy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
O4 - HKLM\..\Run: [641a4693] rundll32.exe "C:\WINDOWS\system32\grgycvxd.dll",b
O4 - HKLM\..\Run: [BM6729750f] Rundll32.exe "C:\WINDOWS\system32\wqfvbyqw.dll",s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3203139031
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8100 bytes


ComboFix 08-05-15.3 - Marián 2008-05-17 12:36:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.709 [GMT 2:00]
Running from: C:\Documents and Settings\Marián\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\BIOrrBeg.ini
C:\WINDOWS\system32\BIOrrBeg.ini2
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\mqoyfvvf.ini
C:\WINDOWS\system32\urrrjoic.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 12:08 . 2008-05-17 12:08 116,224 --a------ C:\WINDOWS\system32\ciojrrru.dll
2008-05-17 12:02 . 2008-05-17 12:02 125,952 --a------ C:\WINDOWS\system32\yxcahnsj.dll
2008-05-17 12:02 . 2008-05-17 12:48 109,807 --a------ C:\WINDOWS\BM6729750f.xml
2008-05-16 23:59 . 2008-05-16 23:59 370,688 --a------ C:\WINDOWS\system32\geBrrOIB.dll
2008-05-16 23:54 . 2008-05-17 00:07 <DIR> d-------- C:\Program Files\SoftwarePassport
2008-05-16 23:54 . 2008-05-16 23:54 57,344 --a------ C:\WINDOWS\system32\opnopQiJ.dll
2008-05-16 17:02 . 2008-05-16 17:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-15 22:31 . 2008-05-16 21:33 <DIR> d-------- C:\Program Files\BeClean
2008-05-15 22:11 . 2008-05-16 21:33 <DIR> d-------- C:\Program Files\HD Tune
2008-05-13 21:52 . 2008-05-13 21:52 <DIR> d-------- C:\Logs
2008-05-10 10:16 . 2008-05-10 10:16 <DIR> d-------- C:\Program Files\Acunetix
2008-05-08 09:21 . 2008-05-08 09:21 <DIR> d-------- C:\Program Files\TortoiseSVN
2008-05-05 06:59 . 2008-05-05 07:01 <DIR> d-------- C:\Program Files\Hamachi
2008-05-05 06:59 . 2008-05-05 06:59 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-04 17:19 . 2008-04-22 15:57 186,463 --a------ C:\wubildr
2008-05-04 17:19 . 2008-04-22 15:57 8,192 --a------ C:\wubildr.mbr
2008-05-04 16:51 . 2008-05-04 16:51 1,075,712 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-05-04 16:51 . 2008-05-04 16:53 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-05-04 16:40 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-05-04 16:40 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\Acronis
2008-05-04 16:40 . 2008-05-04 16:40 97,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-05-04 16:30 . 2008-05-04 16:30 <DIR> d-------- C:\Program Files\InfraRecorder
2008-05-03 23:10 . 2008-05-03 23:10 <DIR> d-------- C:\MEMORARY
2008-05-03 16:01 . 2008-05-03 16:01 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-03 15:57 . 2008-05-03 15:57 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-02 18:41 . 2008-05-02 18:42 <DIR> d-------- C:\Program Files\BearShare
2008-05-02 18:41 . 2008-05-16 23:19 <DIR> d-------- C:\My Downloads
2008-05-01 22:15 . 2008-05-01 22:24 <DIR> d-------- C:\tmp
2008-05-01 22:06 . 2008-05-12 01:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 22:06 . 2008-05-01 22:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 21:58 . 2008-05-01 21:58 <DIR> d-------- C:\Program Files\Blender Foundation
2008-05-01 21:42 . 2008-05-01 21:42 <DIR> d-------- C:\Program Files\ESET
2008-04-26 23:06 . 2008-04-26 23:06 <DIR> d-------- C:\Program Files\DiskInternals
2008-04-26 22:59 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-26 22:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-26 22:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-26 22:59 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-19 08:48 . 2008-05-13 21:54 <DIR> d-------- C:\Program Files\World of Warcraft
2008-04-18 16:38 . 2008-04-25 12:34 <DIR> d-------- C:\Program Files\Valve
2008-04-17 23:09 . 2008-04-17 23:09 <DIR> d-------- C:\Program Files\ShadowFlare
2008-04-17 12:53 . 2008-04-17 12:53 <DIR> d-------- C:\COUNTERSTRIKEDIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 10:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 21:58 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-05-16 21:21 --------- d-----w C:\Program Files\Bonjour
2008-05-16 15:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 23:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-13 19:03 --------- d-----w C:\Program Files\Steam
2008-05-02 17:03 --------- d-----w C:\Program Files\Ashampoo
2008-04-29 10:38 --------- d-----w C:\Program Files\AIMP2
2008-04-26 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 06:57 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-14 17:14 --------- d-----w C:\Program Files\ASUS
2008-04-12 14:35 --------- d-----w C:\Program Files\Realize Software
2008-04-07 19:49 --------- d-----w C:\Program Files\PLANstudio
2008-04-06 16:25 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-06 16:25 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 13:20 --------- d-----w C:\Program Files\APDFR
2008-03-30 12:38 --------- d-----w C:\Program Files\PDFRecovery
2008-03-29 20:56 --------- d-----w C:\Program Files\sXe Injected
2008-03-28 07:38 --------- d-----w C:\Program Files\Polda 5
2008-03-27 22:45 8,192 ----a-w C:\WINDOWS\system32\vxdblock.exe
2008-03-27 21:29 --------- d-----w C:\Program Files\Samorost2
2008-03-23 17:45 --------- d-----w C:\Program Files\FM Modifier 2.2
2008-03-23 17:01 --------- d-----w C:\Program Files\Third Wave Games
2008-03-23 16:59 --------- d-----w C:\Program Files\7-Zip
2008-03-23 11:59 --------- d-----w C:\Program Files\Activision Value
2008-03-22 10:53 --------- d-----w C:\Program Files\Stardock
2008-03-22 01:09 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-22 01:08 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-22 01:06 --------- d-----w C:\Program Files\Sports Interactive
2008-03-21 13:13 --------- d-----w C:\Program Files\RapidSpool
2008-03-21 01:10 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-21 01:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-21 00:57 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-21 00:54 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-21 00:52 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-21 00:52 --------- d-----w C:\Program Files\MSBuild
2008-03-21 00:47 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 21:16 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FFF69F0-63B5-4C83-9D3C-9560D446FA41}]
2008-05-16 23:59 370688 --a------ C:\WINDOWS\system32\geBrrOIB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FAE8741-53A9-4475-B4BA-CF68DF7FF4EC}]
2008-05-17 12:51 371712 --a------ C:\WINDOWS\system32\hgGwVMCt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]
2008-05-16 23:54 57344 --a------ C:\WINDOWS\system32\opnopQiJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2008-02-12 15:35 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-12 15:37 761945]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 18:09 987136]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 22:05 344064]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-12 22:36 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2008-02-12 22:36 2879488 C:\WINDOWS\SkyTel.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe" [2005-11-09 21:59 1557560]
"BM6729750f"="C:\WINDOWS\system32\sedoundx.dll" [2008-05-17 12:52 125952]
"641a4693"="C:\WINDOWS\system32\grgycvxd.dll" [2008-05-17 12:54 116224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}"= C:\WINDOWS\system32\opnopQiJ.dll [2008-05-16 23:54 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopQiJ]
opnopQiJ.dll 2008-05-16 23:54 57344 C:\WINDOWS\system32\opnopQiJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\hgGwVMCt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Steam"="C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SMSERIAL"=sm56hlpr.exe
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"bgsmsnd.exe"=C:\WINDOWS\system32\bgsmsnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2007-06-21 16:31]
R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2008-02-17 01:39]
R2 NiProbeMem;NiProbeMem;C:\WINDOWS\system32\drivers\NiProbeMem.SYS [2004-02-27 16:04]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R2 VMONI;VMONI Protocol Analyzer;C:\WINDOWS\system32\DRIVERS\VMONI.sys [2004-02-27 16:04]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2008-02-12 15:31]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2008-02-12 15:31]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-06 18:25]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-12-04 17:44]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\IcqSnif\usft_sn4.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ea37d8-db30-11dc-8a16-0018f39f40fd}]
\Shell\AutoRun\command - F:\load.exe /CDROM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6736ac6-f904-11dc-b5d8-0018f38ca48c}]
\Shell\AutoRun\command - F:\load.exe /CDROM

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 15:20:04 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 12:47:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MARIN~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnopQiJ.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\system32\sedoundx.dll
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1250.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-17 12:56:30 - machine was rebooted [Mari n]
ComboFix-quarantined-files.txt 2008-05-17 10:55:51

Adresářů: 15, Volných bajtů: 13,620,371,456
Adres ý…: 18, Volněch bajt…: 13,770,313,728

284 --- E O F --- 2008-05-16 08:14:11

[Reklama]

[paul27]

To bych chtěl vidět to: "jen tak si surfuju po netu"

Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\ciojrrru.dll
C:\WINDOWS\system32\yxcahnsj.dll
C:\WINDOWS\BM6729750f.xml
C:\WINDOWS\system32\geBrrOIB.dll
C:\WINDOWS\system32\opnopQiJ.dll

Folder::
C:\Program Files\BearShare
C:\tmp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FFF69F0-63B5-4C83-9D3C-9560D446FA41}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FAE8741-53A9-4475-B4BA-CF68DF7FF4EC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM6729750f"=-
"641a4693"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopQiJ]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ea37d8-db30-11dc-8a16-0018f39f40fd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6736ac6-f904-11dc-b5d8-0018f38ca48c}]


Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte...



...spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)

[memphisto]

zdravím z Ubuntu po provedení akcí s ComboFixem už Windows nenajel. při načítání obrazovky s profily naskočí systémová chyba lsass.exe chybí.po kliku na OK jde PC do restartu a to se pořád opakuje. do okna ComboFixu při práci jsem neklikal

jen tak sefruju: byl jsem tady na fóru a zničeho nic na mě vybafl Suspenzor PC.prošel i přes Eset Smart Security.na porno stránky nechodím a cracky atd. jak by smet. potom se mi na netu začaly měnit bannery firem za porno bannery

snad to PC půjde rozchodit bez ztráty dat.potřebuju na něm dělat a mám tu věci, co potřebuju na pondělí do školy

[fredik]

Nediv se problém vznikl odstraněním tohoto klíče:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
čili chyba v zápise CFScript.

Zkus si přes Recovery konzoli obnovit registry do původní hodnoty, zálohu odstraněných hodnot z registru najdeš v této složce:
C:\Qoobox\Quarantine\Datum\Registry_Backups

Případně zkus použít obnovu systému.

[memphisto]

díky.vyzkouším. já tomu ComboFixu zas tak moc nerozumím, tak jsem to zpětně, ten script, nekontroloval. ta obnova by mohla pomoct, protože ComboFix si před akcí vytváří bod obnovy. dám vědět, jak jsem dopadl

[memphisto]

omlouvám se, že píšu hned dva příspěvky za sebou, ale chtěl jsem jen upozornit, že jsem doplnil informace

tak bod obnovy pomohl, Windows najely, ale najely těsně před tím, než začal ComboFix opět čistit podle předloženého scriptu, takže jsem ho ukončil, protože by zase odstranil ten lsass.exe a nešlo by to. PC vypadá, že se chová normálně. bannery už se nemění na porno a další prasárničky. přikládám log z HJT + pokud bude potřeba, tak znovu udělám ten script bez toho, co mi to shodilo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24, on 2008-05-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\oodag.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marián\Plocha\programy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3203139031
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8271 bytes

[memphisto]

tak tady je ten log frediku

ComboFix 08-05-19.4 - Marián 2008-05-20 11:05:26.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.836 [GMT 2:00]
Running from: C:\Documents and Settings\Marián\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-17 14:47 . 2008-05-17 14:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 14:19 . 2008-05-17 14:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-17 13:46 . 2008-05-17 13:47 8,767,119 --a------ C:\WINDOWS\REGBK00.ZIP
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-05-17 13:44 . 2008-05-17 13:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-05-17 13:35 . 2004-08-17 16:49 147,968 --a------ C:\WINDOWS\R.COM
2008-05-17 13:35 . 2004-08-17 16:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-05-17 13:35 . 2008-05-17 14:26 50 --a------ C:\WINDOWS\Lic.xxx
2008-05-17 13:10 . 2008-05-17 13:10 116,224 --a------ C:\WINDOWS\system32\owtngcdd.dll
2008-05-17 13:05 . 2008-05-17 13:05 125,952 --a------ C:\WINDOWS\system32\wqfvbyqw.dll
2008-05-17 12:54 . 2008-05-17 12:54 116,224 --a------ C:\WINDOWS\system32\grgycvxd.dll
2008-05-17 12:52 . 2008-05-17 12:52 125,952 --a------ C:\WINDOWS\system32\sedoundx.dll
2008-05-16 23:54 . 2008-05-17 00:07 <DIR> d-------- C:\Program Files\SoftwarePassport
2008-05-16 17:02 . 2008-05-16 17:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-15 22:31 . 2008-05-16 21:33 <DIR> d-------- C:\Program Files\BeClean
2008-05-15 22:11 . 2008-05-16 21:33 <DIR> d-------- C:\Program Files\HD Tune
2008-05-13 21:52 . 2008-05-13 21:52 <DIR> d-------- C:\Logs
2008-05-10 10:16 . 2008-05-10 10:16 <DIR> d-------- C:\Program Files\Acunetix
2008-05-08 09:21 . 2008-05-08 09:21 <DIR> d-------- C:\Program Files\TortoiseSVN
2008-05-05 06:59 . 2008-05-05 07:01 <DIR> d-------- C:\Program Files\Hamachi
2008-05-05 06:59 . 2008-05-05 06:59 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-04 17:19 . 2008-04-22 15:57 186,463 --a------ C:\wubildr
2008-05-04 17:19 . 2008-04-22 15:57 8,192 --a------ C:\wubildr.mbr
2008-05-04 16:51 . 2008-05-04 16:51 1,075,712 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-05-04 16:51 . 2008-05-04 16:53 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-05-04 16:40 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-05-04 16:40 . 2008-05-04 16:40 <DIR> d-------- C:\Program Files\Acronis
2008-05-04 16:40 . 2008-05-04 16:40 97,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-05-04 16:30 . 2008-05-04 16:30 <DIR> d-------- C:\Program Files\InfraRecorder
2008-05-03 23:10 . 2008-05-03 23:10 <DIR> d-------- C:\MEMORARY
2008-05-03 16:01 . 2008-05-03 16:01 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-03 15:57 . 2008-05-03 15:57 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-02 18:41 . 2008-05-16 23:19 <DIR> d-------- C:\My Downloads
2008-05-01 22:06 . 2008-05-12 01:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 22:06 . 2008-05-01 22:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 21:58 . 2008-05-01 21:58 <DIR> d-------- C:\Program Files\Blender Foundation
2008-05-01 21:42 . 2008-05-01 21:42 <DIR> d-------- C:\Program Files\ESET
2008-04-26 23:06 . 2008-04-26 23:06 <DIR> d-------- C:\Program Files\DiskInternals
2008-04-26 22:59 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-26 22:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-26 22:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-26 22:59 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 22:19 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-05-17 10:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 21:21 --------- d-----w C:\Program Files\Bonjour
2008-05-16 15:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 23:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-13 19:54 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 19:03 --------- d-----w C:\Program Files\Steam
2008-05-02 17:03 --------- d-----w C:\Program Files\Ashampoo
2008-04-29 10:38 --------- d-----w C:\Program Files\AIMP2
2008-04-26 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 10:34 --------- d-----w C:\Program Files\Valve
2008-04-19 06:57 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-17 21:09 --------- d-----w C:\Program Files\ShadowFlare
2008-04-14 17:14 --------- d-----w C:\Program Files\ASUS
2008-04-12 14:35 --------- d-----w C:\Program Files\Realize Software
2008-04-07 19:49 --------- d-----w C:\Program Files\PLANstudio
2008-04-06 16:25 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-04-03 23:01 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-30 13:20 --------- d-----w C:\Program Files\APDFR
2008-03-30 12:38 --------- d-----w C:\Program Files\PDFRecovery
2008-03-29 20:56 --------- d-----w C:\Program Files\sXe Injected
2008-03-28 07:38 --------- d-----w C:\Program Files\Polda 5
2008-03-27 21:29 --------- d-----w C:\Program Files\Samorost2
2008-03-23 17:45 --------- d-----w C:\Program Files\FM Modifier 2.2
2008-03-23 17:01 --------- d-----w C:\Program Files\Third Wave Games
2008-03-23 16:59 --------- d-----w C:\Program Files\7-Zip
2008-03-23 11:59 --------- d-----w C:\Program Files\Activision Value
2008-03-22 10:53 --------- d-----w C:\Program Files\Stardock
2008-03-22 01:08 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-22 01:06 --------- d-----w C:\Program Files\Sports Interactive
2008-03-21 13:13 --------- d-----w C:\Program Files\RapidSpool
2008-03-21 01:10 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-21 01:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-21 00:57 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-21 00:54 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-21 00:52 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-21 00:52 --------- d-----w C:\Program Files\MSBuild
2008-03-21 00:47 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-10 21:16 737,280 ----a-w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2008-02-12 15:35 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-12 15:37 761945]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 18:09 987136]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 22:05 344064]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-12 22:36 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2008-02-12 22:36 2879488 C:\WINDOWS\SkyTel.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe" [2005-11-09 21:59 1557560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Steam"="C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SMSERIAL"=sm56hlpr.exe
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"bgsmsnd.exe"=C:\WINDOWS\system32\bgsmsnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2007-06-21 16:31]
R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2008-02-17 01:39]
R2 NiProbeMem;NiProbeMem;C:\WINDOWS\system32\drivers\NiProbeMem.SYS [2004-02-27 16:04]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R2 VMONI;VMONI Protocol Analyzer;C:\WINDOWS\system32\DRIVERS\VMONI.sys [2004-02-27 16:04]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2008-02-12 15:31]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2008-02-12 15:31]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-06 18:25]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-12-04 17:44]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 15:20:04 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:12:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1250.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-05-20 11:19:22 - machine was rebooted [Mari n]
ComboFix-quarantined-files.txt 2008-05-20 09:19:15

Adresářů: 15, Volných bajtů: 15,763,951,616
Adres ý…: 17, Volněch bajt…: 15,745,835,008

244 --- E O F --- 2008-05-16 08:14:11