Spravil som presne ako si poradil a tu je log:
ComboFix 08-06-20.4 - Cháron 2008-06-26 10:29:10.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.257 [GMT 2:00]
Running from: E:\Download\Software\Čistenie z pchelp\ComboFix.exe
Command switches used :: E:\Download\Software\Čistenie z pchelp\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\MicroSoft.bat
C:\MicroSoft.vbs
C:\WINDOWS\system32\chK1IWMg.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\MicroSoft.bat
C:\MicroSoft.vbs
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-25 21:07 . 2008-06-26 10:27 <DIR> dr-h----- C:\Documents and Settings\Cháron\Recent
2008-06-25 21:07 . 2008-06-26 10:27 <DIR> dr-h----- C:\Documents and Settings\Cháron\Recent
2008-06-23 19:25 . 2008-06-23 19:25 <DIR> d-------- C:\Documents and Settings\Chßron
2008-06-23 10:18 . 2008-06-23 10:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-22 17:54 . 2008-06-22 17:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-22 17:49 . 2008-06-22 18:05 <DIR> d-------- C:\SDFix
2008-06-22 10:34 . 2008-06-22 10:34 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-22 10:34 . 2008-06-22 10:34 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-22 10:34 . 2008-06-22 10:34 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-22 10:34 . 2008-06-22 10:34 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-22 10:34 . 2008-06-22 10:34 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-22 10:26 . 2008-06-22 10:26 0 --a------ C:\23990098.$$$
2008-06-22 10:15 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM
2008-06-22 10:15 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-06-22 10:15 . 2008-06-22 11:08 50 --a------ C:\WINDOWS\Lic.xxx
2008-06-21 10:09 . 2008-06-21 10:09 <DIR> d-------- C:\Program Files\MSBuild
2008-06-21 10:06 . 2008-06-21 10:06 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-21 10:05 . 2008-06-21 10:05 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-21 10:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-19 18:50 . 2008-06-19 18:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-19 18:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-19 10:04 . 2008-06-19 10:04 <DIR> d-------- C:\Program Files\Marsu-Fix
2008-06-19 10:04 . 2008-06-19 10:04 159,845 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-06-19 10:01 . 2008-06-19 10:01 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 10:01 . 2008-06-19 10:01 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 10:01 . 2008-06-19 10:01 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 10:00 . 2008-06-19 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-10 19:12 . 2008-06-10 19:13 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-10 19:12 . 2008-06-10 19:12 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-06-10 19:12 . 2008-06-10 19:12 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-06-10 19:12 . 2008-06-10 19:12 <DIR> d-------- C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-06-10 19:12 . 2008-06-10 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-10 19:12 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-10 19:12 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-10 19:12 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-10 19:12 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-01 11:46 . 2008-06-26 00:26 7,077,888 --a------ C:\Documents and Settings\Cháron\ntuser.dat
2008-06-01 11:46 . 2008-06-26 00:26 7,077,888 --a------ C:\Documents and Settings\Cháron\ntuser.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 22:26 7,077,888 ----a-w C:\Documents and Settings\Cháron\ntuser.dat
2008-06-25 22:26 7,077,888 ----a-w C:\Documents and Settings\Cháron\ntuser.dat
2008-06-25 09:55 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Vso
2008-06-25 09:55 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Vso
2008-06-25 09:55 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Vso
2008-06-25 08:06 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Skype
2008-06-25 08:06 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Skype
2008-06-25 08:06 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Skype
2008-06-23 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 08:31 --------- d-s---w C:\Documents and Settings\Cháron\Application Data\Microsoft
2008-06-21 08:31 --------- d-s---w C:\Documents and Settings\Cháron\Application Data\Microsoft
2008-06-21 08:31 --------- d-s---w C:\Documents and Settings\Cháron\Application Data\Microsoft
2008-06-19 16:50 --------- d-----w C:\Program Files\Java
2008-06-19 08:01 --------- d-----w C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 08:01 --------- d-----w C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 08:01 --------- d-----w C:\Documents and Settings\Cháron\Application Data\ESET
2008-06-19 08:00 --------- d-----w C:\Program Files\ESET
2008-06-14 23:29 --------- d-----w C:\Program Files\Winamp
2008-06-10 17:12 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-06-10 17:12 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-06-10 17:12 --------- d-----w C:\Documents and Settings\Cháron\Application Data\Simply Super Software
2008-05-27 18:48 --------- d-----w C:\Program Files\Mp3tag
2008-05-26 20:46 --------- d-----w C:\Program Files\SpeedFan
2008-05-26 10:25 --------- d-----w C:\Program Files\DC++
2008-05-22 20:43 --------- d-----w C:\Program Files\SLOVNIK
2008-05-10 15:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-04 22:01 47,360 ----a-w C:\Documents and Settings\Cháron\Application Data\pcouffin.sys
2007-06-04 22:01 47,360 ----a-w C:\Documents and Settings\Cháron\Application Data\pcouffin.sys
2007-06-04 22:01 47,360 ----a-w C:\Documents and Settings\Cháron\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-23_19.25.19.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 17:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 08:24:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-10 19:13 878672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-28 19:00 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Intranet Chat v1.3b3\\iChat.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-07-11 09:31]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-26 10:32:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-06-26 10:34:04
ComboFix-quarantined-files.txt 2008-06-26 08:33:01
ComboFix2.txt 2008-06-23 17:25:46
Pre-Run: 27,557,539,840 bytes free
Post-Run: 27,629,395,968 bytes free
199 --- E O F --- 2008-06-23 08:18:55
