PC-HELP.CZ

Zdravím. Prosím o kontrolu logu. Zřejmě vlastí chybou jsem si natáhl do pc trojana.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:43, on 2.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd7\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BMbfd97d52] Rundll32.exe "C:\WINDOWS\system32\etwpeior.dll",s
O4 - HKLM\..\Run: [bcea4ece] rundll32.exe "C:\WINDOWS\system32\erilojat.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AA4C1F-CB98-45CB-8460-28EA0FC91D3B}: NameServer = 193.179.148.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HTTP SSL HTTPFilterImapiService (HTTPFilterImapiService) - Unknown owner - C:\WINDOWS\system32\appmgmtsq.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5451 bytes


A zde je log z MWAV

Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\adsnww.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erdpnycj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\feyglsne.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\okjxymrw.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\uwtilawe.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DOCUME~1\Nebesky\LOCALS~1\TEMPOR~1\Content.IE5\71G8L3BV\kb456456[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DOCUME~1\Nebesky\LOCALS~1\TEMPOR~1\Content.IE5\XDZNL8JG\kb671231[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Nebesky\Local Settings\Temporary Internet Files\Content.IE5\71G8L3BV\kb456456[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Nebesky\Local Settings\Temporary Internet Files\Content.IE5\XDZNL8JG\kb671231[1]//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\rfby.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{DE12E1A9-30E3-42FA-A979-232A032B0678}\RP12\A0000552.dll indentifikován jako "not-a-virus:AdWare.Win32.NewDotNet.m". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{DE12E1A9-30E3-42FA-A979-232A032B0678}\RP13\A0000651.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\adsnww.exe je infikovaný virem Backdoor.Win32.IRCBot.drx !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erdpnycj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\erilojat.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\etwpeior.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\feyglsne.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\jkkjj.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\okjxymrw.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\ssqooml.dll je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\system32\uwtilawe.dll//PE_Patch je infikovaný virem Trojan.Win32.Monder.gen !! Provedené akce: Ponecháno, neodstraněno!.

Vítej na fóru

Nejdřív odstraň pozůstatky po NewDotNet

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zdravím provedl jsem postup podle návodu a zde je log z Cobofix

ComboFix 08-07-02.5 - Nebesky 2008-07-03 21:03:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.687 [GMT 2:00]
Running from: C:\Documents and Settings\Nebesky\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\BMbfd97d52.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\deuvoqui.dll
C:\WINDOWS\system32\erdpnycj.dll
C:\WINDOWS\system32\etwpeior.dll
C:\WINDOWS\system32\feyglsne.dll
C:\WINDOWS\system32\iuqovued.ini
C:\WINDOWS\system32\jcynpdre.ini
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ssqooml.dll
C:\WINDOWS\system32\tajolire.ini
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\twadijmf.ini
C:\WINDOWS\system32\unsddcms.ini
C:\WINDOWS\system32\uwtilawe.dll
C:\WINDOWS\system32\wrmyxjko.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 21:08 . 2008-07-03 21:08 <DIR> d-------- C:\Temp\tn3
2008-07-02 23:15 . 2008-07-02 23:15 0 --a------ C:\23990098.$$$
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-07-02 21:05 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-07-02 21:05 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-07-02 21:05 . 2008-07-02 21:08 50 --a------ C:\WINDOWS\Lic.xxx
2008-07-02 21:02 . 2008-07-02 21:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-01 22:18 . 2008-07-01 22:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-01 16:05 . 2008-07-01 16:05 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-01 16:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-01 16:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-01 16:04 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-01 16:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-01 16:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-01 16:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-01 16:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-01 16:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-01 16:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\CyberLink
2008-06-29 18:39 . 2008-06-29 18:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 18:00 . 2008-06-29 18:00 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 17:29 . 2008-07-01 16:06 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-06-29 10:08 . 2008-06-14 20:00 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-29 10:08 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 09:38 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 12:06 . 2008-06-29 17:50 <DIR> d-------- C:\Program Files\Setup Files
2008-06-26 12:02 . 2008-06-26 12:02 <DIR> d-------- C:\Program Files\MSI
2008-06-26 11:16 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-26 11:02 . 2008-06-26 11:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-26 10:47 . 2008-07-01 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 10:47 . 2008-06-26 10:47 <DIR> d--hs---- C:\Documents and Settings\Nebesky\UserData
2008-06-26 10:31 . 2008-06-26 10:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-06-26 10:30 . 2008-07-03 20:57 110,340 --a------ C:\WINDOWS\BMbfd97d52.xml
2008-06-25 23:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 22:58 . 2008-07-03 21:08 <DIR> d-------- C:\Temp
2008-06-25 22:56 . 2008-06-25 22:56 167,976 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-25 22:36 . 2008-06-25 22:36 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-25 22:31 . 2008-06-25 22:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 22:28 . 2008-06-25 22:28 <DIR> d-------- C:\lj1000hb
2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 22:20 . 2008-06-25 22:20 390 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 22:19 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 22:12 . 2008-06-25 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 22:11 . 2008-06-25 22:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 22:08 . 2008-06-25 22:08 <DIR> dr-h----- C:\MSOCache
2008-06-25 21:51 . 2008-06-29 23:18 <DIR> d-------- C:\Program Files\Dealio
2008-06-25 21:50 . 2008-06-25 21:50 86,144 --a------ C:\WINDOWS\system32\drivers\amdk77.sys
2008-06-25 21:50 . 2008-06-25 21:50 37,888 -rahs---- C:\WINDOWS\system32\adsnww.exe
2008-06-25 21:50 . 2008-06-25 21:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-25 21:50 . 2008-06-25 22:57 32 --a-s---- C:\WINDOWS\system32\1510756794.dat
2008-06-25 21:49 . 2008-06-25 21:49 37,888 -rahs---- C:\WINDOWS\system32\appmgmtsq.exe.17811071
2008-06-25 21:49 . 2008-06-25 21:50 37,888 --a------ C:\rfby.exe
2008-06-25 20:43 . 2008-06-25 20:48 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 20:41 . 2008-06-25 23:09 <DIR> d-------- C:\Program Files\Java
2008-06-25 20:41 . 2008-06-25 20:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-25 20:39 . 2008-06-25 20:39 <DIR> d-------- C:\Program Files\QIP
2008-06-25 20:34 . 2008-06-25 23:52 <DIR> d-------- C:\Program Files\ICQLite
2008-06-25 20:21 . 2008-06-25 20:21 <DIR> d-------- C:\Program Files\Crystal Player
2008-06-25 20:20 . 2008-06-25 20:20 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-25 20:20 . 2008-06-25 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-25 20:18 . 2008-06-25 20:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 19:57 . 2007-10-12 17:27 179,048 --a------ C:\WINDOWS\system32\e1000msg.dll
2008-06-25 19:57 . 2007-10-12 17:27 171,416 --a------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-06-25 19:57 . 2007-10-12 17:27 154,496 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-25 19:57 . 2007-10-12 17:27 63,352 --a------ C:\WINDOWS\system32\NicEtCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-06-25 19:57 . 2007-10-12 17:27 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 2,844 --a------ C:\WINDOWS\system32\e1000325.din
2008-06-25 19:44 . 2008-06-25 19:44 <DIR> d-------- C:\Program Files\Intel
2008-06-25 19:36 . 2008-06-25 19:36 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-25 19:36 . 2004-04-23 14:30 2,494,464 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-06-25 19:34 . 2003-08-06 10:43 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2008-06-25 19:34 . 2003-06-20 15:06 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2008-06-25 19:08 . 2003-09-17 15:57 8,440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-25 15:04 . 2008-06-25 14:55 <DIR> d--h----- C:\Documents and Settings\Nebesky\ćablony
2008-06-25 15:04 . 2008-07-03 21:06 <DIR> d-------- C:\Documents and Settings\Nebesky\Plocha
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ tisk rny
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ sˇś
2008-06-25 15:04 . 2008-06-29 17:38 <DIR> dr------- C:\Documents and Settings\Nebesky\Oblˇben‚ polo§ky
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> dr------- C:\Documents and Settings\Nebesky\Nabˇdka Start
2008-06-25 15:04 . 2008-07-02 21:05 <DIR> dr------- C:\Documents and Settings\Nebesky\Dokumenty
2008-06-25 15:04 . 2008-06-29 23:19 <DIR> dr-h----- C:\Documents and Settings\Nebesky\Data aplikacˇ
2008-06-25 15:04 . 2008-07-03 21:07 <DIR> d-------- C:\Documents and Settings\Nebesky
2008-06-25 15:04 . 2008-06-25 22:57 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikacˇ
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-25 15:04 . 2008-06-25 15:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-25 15:03 . 2008-06-25 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikacˇ
2008-06-25 15:03 . 2008-06-26 10:31 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-25 15:02 . 2008-06-25 14:55 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\ćablony
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Plocha
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ tisk rny
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ sˇś
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Oblˇben‚ polo§ky
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Nabˇdka Start
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dokumenty
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Data aplikacˇ
2008-06-25 15:01 . 2001-10-25 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:03 --------- d-----w C:\Program Files\ESET
2008-06-30 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:46 --------- d-----w C:\Program Files\totalcmd7
2008-06-25 16:26 --------- d-----w C:\Program Files\Kerio
2008-06-25 16:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-25 16:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-25 16:15 --------- d-----w C:\Program Files\ATI Technologies
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:17 917504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 amdk77;amdk77;C:\WINDOWS\system32\drivers\amdk77.sys [2008-06-25 21:50]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 HTTPFilterImapiService;HTTP SSL HTTPFilterImapiService;C:\WINDOWS\system32\appmgmtsq.exe []

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMbfd97d52 - C:\WINDOWS\system32\etwpeior.dll
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 21:09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 19:10:10

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, pošli mi ho přes SZ jako přílohu, případně ho vlož jako přílohu ke svému dalšímu příspěvku. (Zvol spíš první variantu)

Projel jsem to podle návodu tady přihazuji poslední log.

ComboFix 08-07-02.5 - Nebesky 2008-07-05 13:24:19.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.733 [GMT 2:00]
Running from: C:\Documents and Settings\Nebesky\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nebesky\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMbfd97d52.xml
C:\WINDOWS\system32\1510756794.dat
C:\WINDOWS\system32\adsnww.exe
C:\WINDOWS\system32\drivers\amdk77.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nebesky\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\rfby.exe
C:\Temp
C:\temp\tn3
C:\WINDOWS\BMbfd97d52.xml
C:\WINDOWS\system32\1510756794.dat
C:\WINDOWS\system32\adsnww.exe
C:\WINDOWS\system32\appmgmtsq.exe.17811071
C:\WINDOWS\system32\drivers\amdk77.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMDK77
-------\Legacy_HTTPFILTERIMAPISERVICE
-------\Service_amdk77
-------\Service_HTTPFilterImapiService


((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-02 23:15 . 2008-07-02 23:15 0 --a------ C:\23990098.$$$
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-07-02 21:05 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-07-02 21:05 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-07-02 21:05 . 2008-07-02 21:08 50 --a------ C:\WINDOWS\Lic.xxx
2008-07-02 21:02 . 2008-07-02 21:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-01 22:18 . 2008-07-01 22:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-01 16:05 . 2008-07-01 16:05 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-01 16:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-01 16:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-01 16:04 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-01 16:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-01 16:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-01 16:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-01 16:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-01 16:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-01 16:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\CyberLink
2008-06-29 18:39 . 2008-06-29 18:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 18:00 . 2008-06-29 18:00 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 17:29 . 2008-07-01 16:06 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-06-29 10:08 . 2008-06-14 20:00 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-29 10:08 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 09:38 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 12:06 . 2008-06-29 17:50 <DIR> d-------- C:\Program Files\Setup Files
2008-06-26 12:02 . 2008-06-26 12:02 <DIR> d-------- C:\Program Files\MSI
2008-06-26 11:16 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-26 11:02 . 2008-06-26 11:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-26 10:47 . 2008-07-01 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 10:47 . 2008-06-26 10:47 <DIR> d--hs---- C:\Documents and Settings\Nebesky\UserData
2008-06-26 10:31 . 2008-06-26 10:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-06-25 23:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 22:36 . 2008-06-25 22:36 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-25 22:32 . 2008-06-25 22:32 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-25 22:31 . 2008-06-25 22:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 22:28 . 2008-06-25 22:28 <DIR> d-------- C:\lj1000hb
2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 22:20 . 2008-06-25 22:20 390 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 22:19 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 22:12 . 2008-06-25 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 22:11 . 2008-06-25 22:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 22:08 . 2008-06-25 22:08 <DIR> dr-h----- C:\MSOCache
2008-06-25 21:51 . 2008-06-29 23:18 <DIR> d-------- C:\Program Files\Dealio
2008-06-25 21:50 . 2008-06-25 21:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-25 20:43 . 2008-06-25 20:48 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 20:41 . 2008-06-25 23:09 <DIR> d-------- C:\Program Files\Java
2008-06-25 20:41 . 2008-06-25 20:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-25 20:39 . 2008-06-25 20:39 <DIR> d-------- C:\Program Files\QIP
2008-06-25 20:34 . 2008-06-25 23:52 <DIR> d-------- C:\Program Files\ICQLite
2008-06-25 20:21 . 2008-06-25 20:21 <DIR> d-------- C:\Program Files\Crystal Player
2008-06-25 20:20 . 2008-06-25 20:20 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-06-25 20:20 . 2008-06-25 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-25 20:18 . 2008-06-25 20:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 19:57 . 2007-10-12 17:27 179,048 --a------ C:\WINDOWS\system32\e1000msg.dll
2008-06-25 19:57 . 2007-10-12 17:27 171,416 --a------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-06-25 19:57 . 2007-10-12 17:27 154,496 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-25 19:57 . 2007-10-12 17:27 63,352 --a------ C:\WINDOWS\system32\NicEtCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-06-25 19:57 . 2007-10-12 17:27 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-06-25 19:57 . 2007-10-12 17:27 2,844 --a------ C:\WINDOWS\system32\e1000325.din
2008-06-25 19:44 . 2008-06-25 19:44 <DIR> d-------- C:\Program Files\Intel
2008-06-25 19:36 . 2008-06-25 19:36 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-25 19:36 . 2004-04-23 14:30 2,494,464 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-06-25 19:34 . 2003-08-06 10:43 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2008-06-25 19:34 . 2003-06-20 15:06 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2008-06-25 19:08 . 2003-09-17 15:57 8,440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-25 15:04 . 2008-06-25 14:55 <DIR> d--h----- C:\Documents and Settings\Nebesky\ćablony
2008-06-25 15:04 . 2008-07-05 13:26 <DIR> d-------- C:\Documents and Settings\Nebesky\Plocha
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ tisk rny
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> d--h----- C:\Documents and Settings\Nebesky\Okolnˇ sˇś
2008-06-25 15:04 . 2008-06-29 17:38 <DIR> dr------- C:\Documents and Settings\Nebesky\Oblˇben‚ polo§ky
2008-06-25 15:04 . 2008-06-25 18:45 <DIR> dr------- C:\Documents and Settings\Nebesky\Nabˇdka Start
2008-06-25 15:04 . 2008-07-02 21:05 <DIR> dr------- C:\Documents and Settings\Nebesky\Dokumenty
2008-06-25 15:04 . 2008-06-29 23:19 <DIR> dr-h----- C:\Documents and Settings\Nebesky\Data aplikacˇ
2008-06-25 15:04 . 2008-07-03 21:07 <DIR> d-------- C:\Documents and Settings\Nebesky
2008-06-25 15:04 . 2008-06-25 22:57 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikacˇ
2008-06-25 15:04 . 2008-06-25 15:04 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-25 15:04 . 2008-06-25 15:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-25 15:03 . 2008-06-25 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikacˇ
2008-06-25 15:03 . 2008-06-26 10:31 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-25 15:02 . 2008-06-25 14:55 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\ćablony
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Plocha
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ tisk rny
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Okolnˇ sˇś
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Oblˇben‚ polo§ky
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Nabˇdka Start
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dokumenty
2008-06-25 15:02 . 2008-06-25 18:45 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Data aplikacˇ
2008-06-25 15:01 . 2001-10-25 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-25 15:00 . 2008-06-25 15:00 <DIR> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:03 --------- d-----w C:\Program Files\ESET
2008-06-30 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:46 --------- d-----w C:\Program Files\totalcmd7
2008-06-25 16:26 --------- d-----w C:\Program Files\Kerio
2008-06-25 16:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-25 16:17 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-25 16:15 --------- d-----w C:\Program Files\ATI Technologies
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- C:\WINDOWS\system32\sporder.dll ----
Company: Microsoft Corporation
File Description: WinSock2 reorder service providers
File Version: 5.00.2095.1
Product Name: Microsoft(R) Windows (R) 2000 Operating System
Copyright: Copyright (C) Microsoft Corp. 1981-1999
Original file name: sporder.dll
MD5: f12e514aea35cd28ba6c080e707550f9

---- Directory of C:\lj1000hb ----

2003-05-27 13:37 99616 --a------ C:\lj1000hb\IMF16.drv
2003-05-27 13:37 98304 --a------ C:\lj1000hb\vsetup.dll
2003-05-27 13:37 949 --a------ C:\lj1000hb\zUsb.inf
2003-05-27 13:37 9216 --a------ C:\lj1000hb\Zlang.dll
2003-05-27 13:37 90112 --a------ C:\lj1000hb\apptune.exe
2003-05-27 13:37 900388 --a------ C:\lj1000hb\hpflash1.exe
2003-05-27 13:37 8911 --a------ C:\lj1000hb\zUsb.cat
2003-05-27 13:37 88504 --a------ C:\lj1000hb\dour65w.ttf
2003-05-27 13:37 88408 --a------ C:\lj1000hb\dour45w.ttf
2003-05-27 13:37 8704 --a------ C:\lj1000hb\ZPRINT32.EXE
2003-05-27 13:37 86016 --a------ C:\lj1000hb\ZSPOOL.DLL
2003-05-27 13:37 80712 --a------ C:\lj1000hb\dour66w.ttf
2003-05-27 13:37 80676 --a------ C:\lj1000hb\dour46w.ttf
2003-05-27 13:37 79002 --a------ C:\lj1000hb\SDhp1000.hlp
2003-05-27 13:37 77824 --a------ C:\lj1000hb\zlmhp1.dll
2003-05-27 13:37 7381 --a------ C:\lj1000hb\ZShp1000.hlp
2003-05-27 13:37 73728 --a------ C:\lj1000hb\ZSHP1000.dll
2003-05-27 13:37 71168 --a------ C:\lj1000hb\Sd32.dll
2003-05-27 13:37 65536 --a------ C:\lj1000hb\SDDM32.DLL
2003-05-27 13:37 5632 --a------ C:\lj1000hb\SDNTUM4.DLL
2003-05-27 13:37 54784 --a------ C:\lj1000hb\zPJL.dll
2003-05-27 13:37 52325 --a------ C:\lj1000hb\readme.wri
2003-05-27 13:37 49152 --a------ C:\lj1000hb\IMFPRINT.DLL
2003-05-27 13:37 47120 --a------ C:\lj1000hb\SD4.DLL
2003-05-27 13:37 45056 --a------ C:\lj1000hb\zpp.dll
2003-05-27 13:37 36864 --a------ C:\lj1000hb\zstatus.exe
2003-05-27 13:37 36864 --a------ C:\lj1000hb\zpppcl.dll
2003-05-27 13:37 36864 --a------ C:\lj1000hb\fwdl.exe
2003-05-27 13:37 3608 --a------ C:\lj1000hb\HPLJ1000.INF
2003-05-27 13:37 32351 --a------ C:\lj1000hb\hp1KW9x.cat
2003-05-27 13:37 32256 --a------ C:\lj1000hb\imfnt5.dll
2003-05-27 13:37 3005 --a------ C:\lj1000hb\SDhp1000.sdd
2003-05-27 13:37 29184 --a------ C:\lj1000hb\ZSPOOL32.EXE
2003-05-27 13:37 28672 --a------ C:\lj1000hb\zlm.dll
2003-05-27 13:37 28672 --a------ C:\lj1000hb\SDNT5UI.dll
2003-05-27 13:37 271 --a------ C:\lj1000hb\apptune.ini
2003-05-27 13:37 26624 --a------ C:\lj1000hb\QDPRINT.DLL
2003-05-27 13:37 23552 --a------ C:\lj1000hb\ZGDI32.DLL
2003-05-27 13:37 22608 --a------ C:\lj1000hb\USBPRINT.SYS
2003-05-27 13:37 2130206 --a------ C:\lj1000hb\guide.pdf
2003-05-27 13:37 20489 --a------ C:\lj1000hb\hp1KW2K.cat
2003-05-27 13:37 1953792 --a------ C:\lj1000hb\pcldll6l.dll
2003-05-27 13:37 19456 --a------ C:\lj1000hb\ZTAG32.DLL
2003-05-27 13:37 18944 --a------ C:\lj1000hb\SDIMF32.DLL
2003-05-27 13:37 16384 --a------ C:\lj1000hb\ZJBIG.dll
2003-05-27 13:37 1598 --a------ C:\lj1000hb\sd4.ini
2003-05-27 13:37 151552 --a------ C:\lj1000hb\SDhp1000.DLL
2003-05-27 13:37 147456 --a------ C:\lj1000hb\ZUNINST.EXE
2003-05-27 13:37 147456 --a------ C:\lj1000hb\Sr32.dll
2003-05-27 13:37 135168 --a------ C:\lj1000hb\SUhp1000.DLL
2003-05-27 13:37 122880 --a------ C:\lj1000hb\SDDMUI.DLL
2003-05-27 13:37 12288 --a------ C:\lj1000hb\USBMON.DLL
2003-05-27 13:37 12288 --a------ C:\lj1000hb\IMF32.DLL
2003-05-27 13:37 1145 --a------ C:\lj1000hb\SDhp1000.UNZ
2003-05-27 13:37 114233 --a------ C:\lj1000hb\sihp1000.img
2003-05-27 13:37 10751 --a------ C:\lj1000hb\read1st.txt
2001-11-15 09:17 54 --a------ C:\lj1000hb\HPLJ1000.DOI
1996-10-07 15:53 6020 --a------ C:\lj1000hb\HPLiccz.txt


------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-03_21.09.47.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 19:08:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 11:27:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:17 917504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 21:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 21:43]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 13:27:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-07-05 13:29:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 11:28:55
ComboFix2.txt 2008-07-03 19:10:18

Adresářů: 8, Volných bajtů: 8,405,000,192
Adres ý…: 9, Volněch bajt…: 8,394,993,664

286 --- E O F --- 2008-07-01 14:07:01

Dej sem ještě nový log z HJT + postni mi ten soubor (nedošel) dík.

Zdravím... Tady je poslední log z HJT a ten soubor jsem snad už poslal správně :-) Díky za čas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:10, on 6.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AA4C1F-CB98-45CB-8460-28EA0FC91D3B}: NameServer = 193.179.148.42
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5143 bytes

Všechno O.K. Poděkuj Fredíkovi.

Dík za nahrání souboru.

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

Máš ještě nějaké problémy?

Vše je úplně v pořádku moc děkuji za pomoc. Určitě jak se mi něco znovu vyskytne v pc napíšu. Moc jsi mi pomohl...

Nemáš za co kdyby byl nějaký problém tak dej vědět.