PC-HELP.CZ

Logfile of HijackThis v1.99.1
Scan saved at 11:58:51, on 17.9.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\lofas\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\lofas\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Mozilla Firefox\firefox.exe
c:\hydroxid\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\3q6q5Bk7.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 10.1.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak nový log z HJT z nové verze.

ComboFix 07-09-17.2 - "lofas" 2007-09-17 14:45:19.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.0.1250.420.1029.18.208 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\alexa toolbar
C:\Program Files\Common Files\microsoft shared\web folders\ibm00003.exe
C:\WINDOWS\hosts
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\dn343afb59.dat
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\tmp5B.tmp.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\xhelper.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 18:36 <DIR> d-------- C:\Program Files\Raven
2007-09-08 12:14 184,320 --a------ C:\WINDOWS\system32\3q6q5Bk7.dll
2007-09-08 12:02 184,320 --a------ C:\WINDOWS\system32\bkckTB1k.dll
2007-09-07 11:50 184,320 --a------ C:\WINDOWS\system32\4iD1eaqa.dll
2007-09-06 11:16 184,320 --a------ C:\WINDOWS\system32\0o8rBILt.dll
2007-08-22 23:26 163,276 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-08-22 23:26 <DIR> d-------- C:\Program Files\River Past
2007-08-22 23:26 <DIR> d-------- C:\Program Files\Common Files\River Past
2007-08-18 20:15 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-18 20:15 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-18 20:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-18 20:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-17 15:07 <DIR> d-------- C:\Program Files\Call of Duty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 11:08 --------- d-------- C:\Program Files\uTorrent
2007-09-17 11:01 --------- d-------- C:\Program Files\eMule
2007-09-07 12:46 --------- d-------- C:\Program Files\ICQLite
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-25 11:43 --------- d-------- C:\Program Files\XoftSpySE
2007-08-24 11:50 --------- d-------- C:\Program Files\Google
2007-08-22 23:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\River Past G4
2007-08-17 15:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 22:49 --------- d-------- C:\Program Files\MegauploadToolbar
2007-08-16 18:18 --------- d-------- C:\Program Files\Sierra On-Line
2007-08-14 22:31 --------- d-------- C:\Program Files\DivX
2007-08-07 12:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-08-06 21:01 --------- d-------- C:\Program Files\RegCleaner
2007-07-27 20:00 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-07-27 01:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 01:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-23 22:03 --------- d-------- C:\Program Files\NCH Swift Sound
2007-07-23 18:07 --------- d-------- C:\Program Files\HLSW
2007-07-23 18:04 --------- d-------- C:\Program Files\vso
2007-07-23 18:04 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-23 18:04 --------- d-------- C:\Program Files\AutoCAD 2002 Cz
2007-07-23 17:56 --------- d-------- C:\Program Files\NCH Software
2007-07-17 17:06 --------- d-------- C:\Program Files\HyperSnap 6
2007-07-17 16:48 --------- d-------- C:\Program Files\HyperSnap-DX 5
2005-10-22 13:40:25 56 --sh--r C:\WINDOWS\system32\9A7F71F1A0.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-09-08 12:14 184320 --a------ C:\WINDOWS\System32\3q6q5Bk7.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-23 00:35]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 12:22]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 20:00]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]
"LFAgent"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2004-07-23 19:47]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:16:10]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-03-23 00:35:12]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-28 21:33:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-01 15:59:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 LF30FS;LF30FS;\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\System32\windrvNT.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudau.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
RpcxSs

.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56, on 2007-09-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
c:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\3q6q5Bk7.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 10.1.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7709 bytes

Používáš DAP (Download Accelerator Plus) doporučil bych ti ho odinstalovat.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\3q6q5Bk7.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

+ nový log z HJT

Otestuj tyto soubory na VirusTotall a dej sem výsledky:
C:\WINDOWS\system32\bkckTB1k.dll
C:\WINDOWS\system32\4iD1eaqa.dll
C:\WINDOWS\system32\0o8rBILt.dll
C:\WINDOWS\system32\9A7F71F1A0.sys

Co je špatnýho na DAP??

ComboFix 07-09-17.2 - "lofas" 2007-09-17 18:14:48.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.0.1250.1.1029.18.284 [GMT 2:00]
Command switches used :: C:\Documents and Settings\lofas\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\3q6q5Bk7.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\3q6q5Bk7.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 14:55 401,720 --a------ C:\HiJackThis.exe
2007-09-17 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 18:36 <DIR> d-------- C:\Program Files\Raven
2007-09-08 12:02 184,320 --a------ C:\WINDOWS\system32\bkckTB1k.dll
2007-09-07 11:50 184,320 --a------ C:\WINDOWS\system32\4iD1eaqa.dll
2007-09-06 11:16 184,320 --a------ C:\WINDOWS\system32\0o8rBILt.dll
2007-08-22 23:26 163,276 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-08-22 23:26 <DIR> d-------- C:\Program Files\River Past
2007-08-22 23:26 <DIR> d-------- C:\Program Files\Common Files\River Past
2007-08-18 20:15 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-18 20:15 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-18 20:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-18 20:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-17 15:07 <DIR> d-------- C:\Program Files\Call of Duty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 11:08 --------- d-------- C:\Program Files\uTorrent
2007-09-17 11:01 --------- d-------- C:\Program Files\eMule
2007-09-07 12:46 --------- d-------- C:\Program Files\ICQLite
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-25 11:43 --------- d-------- C:\Program Files\XoftSpySE
2007-08-24 11:50 --------- d-------- C:\Program Files\Google
2007-08-22 23:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\River Past G4
2007-08-17 15:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 22:49 --------- d-------- C:\Program Files\MegauploadToolbar
2007-08-16 18:18 --------- d-------- C:\Program Files\Sierra On-Line
2007-08-14 22:31 --------- d-------- C:\Program Files\DivX
2007-08-07 12:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-08-06 21:01 --------- d-------- C:\Program Files\RegCleaner
2007-07-27 20:00 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-07-27 01:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 01:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-23 22:03 --------- d-------- C:\Program Files\NCH Swift Sound
2007-07-23 18:07 --------- d-------- C:\Program Files\HLSW
2007-07-23 18:04 --------- d-------- C:\Program Files\vso
2007-07-23 18:04 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-23 18:04 --------- d-------- C:\Program Files\AutoCAD 2002 Cz
2007-07-23 17:56 --------- d-------- C:\Program Files\NCH Software
2007-07-17 17:06 --------- d-------- C:\Program Files\HyperSnap 6
2007-07-17 16:48 --------- d-------- C:\Program Files\HyperSnap-DX 5
2005-10-22 13:40:25 56 --sh--r C:\WINDOWS\system32\9A7F71F1A0.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-17_145304.93 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-17 16:21:47 C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-23 00:35]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 12:22]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 20:00]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]
"LFAgent"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2004-07-23 19:47]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:16:10]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-03-23 00:35:12]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-28 21:33:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-01 15:59:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 LF30FS;LF30FS;\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\System32\windrvNT.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudau.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
RpcxSs

.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2007-09-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\internet explorer\iexplore.exe
c:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 10.1.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7567 bytes

VirusTotall:

Soubor bkckTB1k.dll přijatý 2007.09.17 18:09:35 (CET)

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.17 TR/BHO.Agent.mio
Authentium 4.93.8 2007.09.16 -
Avast 4.7.1043.0 2007.09.16 -
AVG 7.5.0.485 2007.09.17 Adware Generic2.PDI
BitDefender 7.2 2007.09.17 Trojan.Downloader.BHO.NXO
CAT-QuickHeal 9.00 2007.09.17 -
ClamAV 0.91.2 2007.09.17 -
DrWeb 4.33 2007.09.17 Trojan.Virtumod.210
eSafe 7.0.15.0 2007.09.17 -
eTrust-Vet 31.1.5141 2007.09.17 -
Ewido 4.0 2007.09.17 -
FileAdvisor 1 2007.09.17 -
Fortinet 3.11.0.0 2007.09.17 Adware/BHO
F-Prot 4.3.2.48 2007.09.16 W32/Adware.XAC
F-Secure 6.70.13030.0 2007.09.17 -
Ikarus T3.1.1.12 2007.09.17 not-a-virus:AdWare.Win32.BHO.fd
Kaspersky 4.0.2.24 2007.09.17 not-a-virus:AdWare.Win32.BHO.fd
McAfee 5121 2007.09.17 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.17 -
NOD32v2 2534 2007.09.17 -
Norman 5.80.02 2007.09.17 -
Panda 9.0.0.4 2007.09.17 Adware/BaiduBar
Prevx1 V2 2007.09.17 -
Rising 19.41.02.00 2007.09.17 -
Sophos 4.21.0 2007.09.17 -
Sunbelt 2.2.907.0 2007.09.15 -
Symantec 10 2007.09.17 Trojan.Adclicker
TheHacker 6.2.5.061 2007.09.17 -
VBA32 3.12.2.4 2007.09.17 Trojan.Virtumod.210
VirusBuster 4.3.26:9 2007.09.17 -
Webwasher-Gateway 6.0.1 2007.09.17 Trojan.BHO.Agent.mio

Soubor 4iD1eaqa.dll přijatý 2007.09.17 20:04:17 (CET)

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.17 TR/BHO.Agent.mio
Authentium 4.93.8 2007.09.16 -
Avast 4.7.1043.0 2007.09.16 -
AVG 7.5.0.485 2007.09.17 Adware Generic2.PAF
BitDefender 7.2 2007.09.17 -
CAT-QuickHeal 9.00 2007.09.17 AdWare.BHO.fb (Not a Virus)
ClamAV 0.91.2 2007.09.17 -
DrWeb 4.33 2007.09.17 -
eSafe 7.0.15.0 2007.09.17 -
eTrust-Vet 31.1.5141 2007.09.17 -
Ewido 4.0 2007.09.17 -
FileAdvisor 1 2007.09.17 -
Fortinet 3.11.0.0 2007.09.17 Adware/BHO
F-Prot 4.3.2.48 2007.09.16 W32/Adware.XAB
F-Secure 6.70.13030.0 2007.09.17 -
Ikarus T3.1.1.12 2007.09.17 not-a-virus:AdWare.Win32.BHO.fb
Kaspersky 4.0.2.24 2007.09.17 not-a-virus:AdWare.Win32.BHO.fb
McAfee 5121 2007.09.17 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.17 -
NOD32v2 2535 2007.09.17 -
Norman 5.80.02 2007.09.17 -
Panda 9.0.0.4 2007.09.17 Adware/BHO
Prevx1 V2 2007.09.17 -
Rising 19.41.02.00 2007.09.17 -
Sophos 4.21.0 2007.09.17 -
Sunbelt 2.2.907.0 2007.09.15 AdWare.Win32.BHO.fb
Symantec 10 2007.09.17 Trojan.Adclicker
TheHacker 6.2.5.061 2007.09.17 -
VBA32 3.12.2.4 2007.09.17 AdWare.Win32.BHO.fb
VirusBuster 4.3.26:9 2007.09.17 -
Webwasher-Gateway 6.0.1 2007.09.17 Trojan.BHO.Agent.mio

Soubor 0o8rBILt.dll přijatý 2007.09.17 20:13:14 (CET)

AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.17 TR/BHO.Agent.mio
Authentium 4.93.8 2007.09.16 -
Avast 4.7.1043.0 2007.09.16 -
AVG 7.5.0.485 2007.09.17 Adware Generic2.PAF
BitDefender 7.2 2007.09.17 -
CAT-QuickHeal 9.00 2007.09.17 AdWare.BHO.fb (Not a Virus)
ClamAV 0.91.2 2007.09.17 -
DrWeb 4.33 2007.09.17 -
eSafe 7.0.15.0 2007.09.17 -
eTrust-Vet 31.1.5141 2007.09.17 -
Ewido 4.0 2007.09.17 -
FileAdvisor 1 2007.09.17 -
Fortinet 3.11.0.0 2007.09.17 Adware/BHO
F-Prot 4.3.2.48 2007.09.16 W32/Adware.XAB
F-Secure 6.70.13030.0 2007.09.17 -
Ikarus T3.1.1.12 2007.09.17 not-a-virus:AdWare.Win32.BHO.fb
Kaspersky 4.0.2.24 2007.09.17 not-a-virus:AdWare.Win32.BHO.fb
McAfee 5121 2007.09.17 potentially unwanted program Adware-BHO
Microsoft 1.2803 2007.09.17 -
NOD32v2 2535 2007.09.17 -
Norman 5.80.02 2007.09.17 -
Panda 9.0.0.4 2007.09.17 Adware/BHO
Prevx1 V2 2007.09.17 -
Rising 19.41.02.00 2007.09.17 -
Sophos 4.21.0 2007.09.17 -
Sunbelt 2.2.907.0 2007.09.15 AdWare.Win32.BHO.fb
Symantec 10 2007.09.17 Trojan.Adclicker
TheHacker 6.2.5.061 2007.09.17 -
VBA32 3.12.2.4 2007.09.17 AdWare.Win32.BHO.fb
VirusBuster 4.3.26:9 2007.09.17 -
Webwasher-Gateway 6.0.1 2007.09.17 Trojan.BHO.Agent.mio

C:\WINDOWS\system32\9A7F71F1A0.sys

nikde ho tu nevidim

- DAP nepatri medzi doporucovany soft (obsahuje spyware)

- vytvor (a potom premiestni nad combofix) CFScript.txt podla navodu od fredik-a, pricom donho skopirujes toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\bkckTB1k.dll
C:\WINDOWS\system32\4iD1eaqa.dll
C:\WINDOWS\system32\0o8rBILt.dll

- potom vloz log z combofixu (log z hjt vyzera ok, chyba tam len SP2 - ten doinstalujes nakoniec)

- este otazka: mas spomaleny explorer alebo internet explorer?

- otvor v prehliadaci stranku http://www.virustotal.com/cs/ - do ramceka skopiruj (nehladaj subor na disku):

Kód: Vybrat vše

C:\WINDOWS\system32\9A7F71F1A0.sys

a skus ho dat otestovat (vysledky potom hod sem)

ComboFix 07-09-17.2 - "lofas" 2007-09-18 12:19:13.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.0.1250.1.1029.18.212 [GMT 2:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\bkckTB1k.dll
C:\WINDOWS\system32\4iD1eaqa.dll
C:\WINDOWS\system32\0o8rBILt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\0o8rBILt.dll
C:\WINDOWS\system32\4iD1eaqa.dll
C:\WINDOWS\system32\bkckTB1k.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-17 14:55 401,720 --a------ C:\HiJackThis.exe
2007-09-17 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 18:36 <DIR> d-------- C:\Program Files\Raven
2007-08-22 23:26 163,276 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2007-08-22 23:26 <DIR> d-------- C:\Program Files\River Past
2007-08-22 23:26 <DIR> d-------- C:\Program Files\Common Files\River Past
2007-08-18 20:15 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-18 20:15 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-18 20:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-18 20:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 11:08 --------- d-------- C:\Program Files\uTorrent
2007-09-17 11:01 --------- d-------- C:\Program Files\eMule
2007-09-14 18:55 --------- d-------- C:\Program Files\Call of Duty
2007-09-07 12:46 --------- d-------- C:\Program Files\ICQLite
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-25 11:43 --------- d-------- C:\Program Files\XoftSpySE
2007-08-24 11:50 --------- d-------- C:\Program Files\Google
2007-08-22 23:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\River Past G4
2007-08-17 15:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 22:49 --------- d-------- C:\Program Files\MegauploadToolbar
2007-08-16 18:18 --------- d-------- C:\Program Files\Sierra On-Line
2007-08-14 22:31 --------- d-------- C:\Program Files\DivX
2007-08-07 12:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-08-06 21:01 --------- d-------- C:\Program Files\RegCleaner
2007-07-27 20:00 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-07-27 01:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 01:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-23 22:03 --------- d-------- C:\Program Files\NCH Swift Sound
2007-07-23 18:07 --------- d-------- C:\Program Files\HLSW
2007-07-23 18:04 --------- d-------- C:\Program Files\vso
2007-07-23 18:04 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-23 18:04 --------- d-------- C:\Program Files\AutoCAD 2002 Cz
2007-07-23 17:56 --------- d-------- C:\Program Files\NCH Software
2005-10-22 13:40:25 56 --sh--r C:\WINDOWS\system32\9A7F71F1A0.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-17_145304.93 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 262,144 2007-09-18 10:18:55 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
----atw 16,384 2007-09-18 10:23:39 C:\WINDOWS\Temp\Perflib_Perfdata_604.dat
.
----a-w 262,144 2007-09-17 12:45:01 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-23 00:35]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 12:22]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 20:00]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]
"LFAgent"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2004-07-23 19:47]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:16:10]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-03-23 00:35:12]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-28 21:33:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-01 15:59:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 LF30FS;LF30FS;\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\System32\windrvNT.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudau.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
RpcxSs

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 12:25:09
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s?????>?wH ?w???????w*??w4???U??w4???????D8?s4????????&7?????\???\????????H?s????-A?w?????_?wc_?w\???\???????@?a??????C@?\???\??????s????\??????s\????&7?d??s?&7??C@?x??????sx????:?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?0?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A? ?????B???@?????P?????@?? ???????E?w??????????@???????????????????B?????,????????????????????PC?????r?B

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan
**************************************************************************
.
Completion time: 2007-09-18 12:26:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 12:26
.
--- E O F ---

C:\WINDOWS\system32\9A7F71F1A0.sys

je podle VirusTotall naprosto v pořádku

Jo abych odpověděl na tvoji otázku - myslel jsem internet explorer, občas se prohlížeč sekne když kliknu na odkaz a vyskakujou reklamní okna, ale teď už to vypadá v pořádku

Jen dodám, že jestli dobře vidím, tak nemáš žádný SP-radil bych okamžitě doinstalovat SP1+SP2!

PC-HELP.CZ

pomalý explorer, čekujte log prosím

pomalý explorer, čekujte log prosím