PC-HELP.CZ

Dobrý den, mám stejný problém jako kolega Vlcek z 8.7.2008 s hláškou critical error ve windows. pokaždě když otvírám soubor na C, D atd objeví se hláška "Attention, some dangerous virus detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Dále je skutečně na výběr ano a ne, když poté kliknu na ano, chce stáhnout instalátor IE antiviru a když na ne, chce zobrazit stránku:http://free-viruscan.com, tento přístup však blokuji já nebo moje AVG 8.0 jako phishingovou stránku.(Při tom AVG při scanu nic nedetekuje). Problém mám v tom, že mi nopomohla rada jako u kolegy Vlčka, tedy SDFix a následný postup léčby PC. Po aplikaci SDFix a čištění hláška nezmizela a počítač reguje pořád stejně. Příkládám tedy výpis z logu HijackThis. Vím, že si za to můžu sám, že mám v PC tento balast, ale nevím si rady. Prosím o moc o pomoc. Už jsem chtěl přeinstalovat i windows. Předem moc děkuji.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:38, on 20.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\DOKUMENTY\Delgado\Čas 2.1\Cas 2.1.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\tbs.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cas 2] C:\DOKUMENTY\Delgado\Čas 2.1\Cas 2.1.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1902534656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9670F94D-9ED0-48BC-ACD3-A51A0D025E04}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7714 bytes

Vítej na fóru

Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\tbs.dll
po zaškrtnutí klikni na tlačítko Fix Checked

Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

Po jeho proběhnutí si ho zapni zpět.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Díky za tak rychlou odpověď. Zasílám výpis Combo fix.txt Díky

ComboFix 08-07-19.1 - Zdeněk 2008-07-20 13:17:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1602 [GMT 2:00]
Running from: C:\Documents and Settings\Zdeněk\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Zdeněk\Data aplikací\inst.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 13:21 . 2008-07-20 13:21 39,795 --a------ C:\Documents and Settings\Zdencatchme.zip
2008-07-20 10:56 . 2008-07-20 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 09:55 . 2008-07-20 09:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-20 09:53 . 2007-10-13 10:56 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-07-20 09:53 . 2008-07-20 09:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-20 09:24 . 2008-07-20 10:10 <DIR> d-------- C:\SDFix
2008-07-19 16:16 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000003_.tmp
2008-07-19 12:58 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000002_.tmp
2008-07-19 09:32 . 2008-07-19 09:32 17,920 --a------ C:\WINDOWS\system32\toolbars.dll
2008-07-19 09:32 . 2008-07-19 09:32 17,920 --a------ C:\WINDOWS\system32\tbsrch.dll
2008-07-19 09:32 . 2008-07-19 09:32 17,920 --a------ C:\WINDOWS\system32\tbrsrch.dll
2008-07-19 09:32 . 2008-07-19 09:32 17,920 --a------ C:\WINDOWS\system32\tbrs.dll
2008-07-19 09:31 . 2008-07-19 09:31 17,920 --a------ C:\WINDOWS\system32\toolbarsrch.dll
2008-07-18 16:53 . 2008-07-18 18:46 <DIR> d-------- C:\Pari
2008-07-18 16:05 . 2008-07-18 16:04 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-17 15:55 . 2008-07-17 16:18 <DIR> d-------- C:\Apacer
2008-07-06 19:28 . 2008-07-06 19:28 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-07-06 19:28 . 2008-07-06 19:29 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-07-06 18:41 . 2008-07-06 18:41 <DIR> d-------- C:\Program Files\BIAS
2008-07-06 18:41 . 2008-07-06 18:41 <DIR> d-------- C:\Binaries
2008-07-06 18:39 . 2008-07-06 19:45 <DIR> d-------- C:\Program Files\proDAD
2008-07-06 18:30 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-07-06 18:30 . 2006-04-11 15:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll
2008-07-06 18:30 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
2008-07-06 18:30 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
2008-07-06 18:30 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2008-07-06 18:30 . 2007-03-06 18:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
2008-07-06 18:30 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2008-07-06 18:25 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-07-06 18:25 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-07-06 18:25 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-07-06 18:25 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-07-06 18:25 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-07-06 18:21 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-07-06 18:08 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-07-06 17:44 . 2008-07-06 18:36 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-06 17:25 . 2008-07-19 08:20 <DIR> d-------- C:\Paris1
2008-07-05 20:27 . 2008-07-19 07:09 <DIR> d-------- C:\Paris
2008-07-03 19:25 . 2008-07-06 20:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikac
2008-07-03 17:41 . 2008-07-03 17:41 <DIR> d-------- C:\Program Files\IDT
2008-07-02 18:12 . 2008-07-06 17:44 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-02 15:59 . 2008-04-10 20:05 7,925,760 --a------ C:\WINDOWS\system32\idtsg.cpl
2008-06-27 17:44 . 2008-07-17 16:21 <DIR> d-------- C:\auto
2008-06-25 17:27 . 2008-06-25 17:27 <DIR> d-------- C:\WINDOWS\system32\AsBackup
2008-06-25 17:11 . 2008-06-25 17:11 41,734 --a------ C:\WINDOWS\system32\PUXPPLAT.UND
2008-06-25 16:29 . 2008-07-19 13:15 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-25 16:29 . 2008-06-25 16:29 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 18:16 . 2008-06-24 18:16 <DIR> d-------- C:\WINDOWS\system32\cs
2008-06-24 18:16 . 2008-06-24 18:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-24 18:08 . 2008-07-19 16:16 <DIR> d-------- C:\WINDOWS\EHome
2008-06-24 17:11 . 2008-06-24 17:46 <DIR> d-------- C:\Program Files\Atari
2008-06-22 10:02 . 2008-07-05 15:27 <DIR> d-------- C:\Pfrance
2008-06-21 16:44 . 2008-06-21 16:44 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-21 16:44 . 2008-06-21 16:44 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5140.exe
2008-06-21 16:44 . 2008-06-21 16:44 14,290 --a------ C:\Program Files\settings.dat
2008-06-21 16:43 . 2008-06-21 16:44 <DIR> d-------- C:\Program Files\PDFCreator
2008-06-21 16:43 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-21 16:43 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-21 16:43 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-06-20 19:49 . 2008-06-20 19:49 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:49 . 2008-06-20 19:49 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 09:59 --------- d-----w C:\Program Files\CyberLink
2008-07-06 08:31 --------- d-----w C:\Program Files\DivX
2008-06-25 15:10 --------- d-----w C:\Program Files\Ashampoo
2008-06-21 04:33 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-21 04:33 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-21 04:33 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-21 04:33 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 15:31 --------- d-----w C:\Program Files\DIFX
2008-06-18 14:02 --------- d-----w C:\Program Files\Fotolab
2008-06-18 14:01 --------- d-----w C:\Program Files\Registry Repair
2008-06-14 17:35 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 14:59 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-02-17 17:57 16 ----a-w C:\Documents and Settings\Zdeněk\p2TU62.dll
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 16:09 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-09 18:14 1232152]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 16:29 1817600]
"mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 11:05 110592]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-10 20:07 413696]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlatOut\\flatout.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 06:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 06:33]
R1 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 17:05]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-25 16:29]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-09 18:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-09 18:14]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-09 18:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 06:33]
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 06:33]
R3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 10:21]
R3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 10:21]
R3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 10:21]
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-05-23 20:59]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 06:33]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-07-20 07:00:00 C:\WINDOWS\Tasks\2003 - Rarities Double CD Depeche Mode.job"
- C:\music\2003 - Rarities Double CD Depeche Mode
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Svátky a výročí - C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
HKLM-Run-Cas 2 - C:\DOKUMENTY\Delgado\Čas 2.1\Cas 2.1.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 13:23:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOKUMENTY\Delgado\C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\OKsoftware\Svátky a výroC:\ScanPanel\ScnPanel.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
.
**************************************************************************
.
Completion time: 2008-07-20 13:31:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 11:31:12

Pre-Run: Volných bajtů: 69,775,096,832
Post-Run: Volněch bajt…: 69,849,082,880

222 --- E O F --- 2008-07-20 07:10:17

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Dobře vše jsem udělal a posílám nejprve log Combofix

ComboFix 08-07-19.1 - Zdeněk 2008-07-20 17:34:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1455 [GMT 2:00]
Running from: C:\Documents and Settings\Zdeněk\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zdeněk\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\000001_.tmp
C:\WINDOWS\000002_.tmp
C:\WINDOWS\000003_.tmp
C:\WINDOWS\system32\tbrs.dll
C:\WINDOWS\system32\tbrsrch.dll
C:\WINDOWS\system32\tbsrch.dll
C:\WINDOWS\system32\toolbars.dll
C:\WINDOWS\system32\toolbarsrch.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\000001_.tmp
C:\WINDOWS\000002_.tmp
C:\WINDOWS\000003_.tmp
C:\WINDOWS\system32\tbrs.dll
C:\WINDOWS\system32\tbrsrch.dll
C:\WINDOWS\system32\tbsrch.dll
C:\WINDOWS\system32\toolbars.dll
C:\WINDOWS\system32\toolbarsrch.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Documents and Settings\Zdenýk
2008-07-20 13:31 . 2008-07-20 13:31 <DIR> d-------- C:\Documents and Settings\HavlÝŔek Zdenýk
2008-07-20 13:21 . 2008-07-20 13:21 39,795 --a------ C:\Documents and Settings\Zdencatchme.zip
2008-07-20 10:56 . 2008-07-20 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 09:55 . 2008-07-20 09:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-07-20 09:53 . 2007-10-13 10:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-07-20 09:53 . 2007-10-13 12:48 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-07-20 09:53 . 2008-07-20 09:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-20 09:24 . 2008-07-20 10:10 <DIR> d-------- C:\SDFix
2008-07-18 16:53 . 2008-07-18 18:46 <DIR> d-------- C:\Pari
2008-07-18 16:05 . 2008-07-18 16:04 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-17 15:55 . 2008-07-17 16:18 <DIR> d-------- C:\Apacer
2008-07-06 19:28 . 2008-07-06 19:28 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-07-06 19:28 . 2008-07-06 19:29 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-07-06 18:41 . 2008-07-06 18:41 <DIR> d-------- C:\Program Files\BIAS
2008-07-06 18:41 . 2008-07-06 18:41 <DIR> d-------- C:\Binaries
2008-07-06 18:39 . 2008-07-06 19:45 <DIR> d-------- C:\Program Files\proDAD
2008-07-06 18:39 . 2008-07-06 19:45 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\proDAD
2008-07-06 18:30 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2008-07-06 18:30 . 2006-04-11 15:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll
2008-07-06 18:30 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
2008-07-06 18:30 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
2008-07-06 18:30 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2008-07-06 18:30 . 2007-03-06 18:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
2008-07-06 18:30 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2008-07-06 18:25 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-07-06 18:25 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-07-06 18:25 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-07-06 18:25 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-07-06 18:25 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-07-06 18:21 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-07-06 18:18 . 2008-07-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Pinnacle Studio
2008-07-06 18:17 . 2008-07-06 18:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Pinnacle
2008-07-06 17:44 . 2008-07-06 18:36 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-06 17:25 . 2008-07-19 08:20 <DIR> d-------- C:\Paris1
2008-07-05 20:27 . 2008-07-19 07:09 <DIR> d-------- C:\Paris
2008-07-03 19:25 . 2008-07-06 20:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikac
2008-07-03 17:41 . 2008-07-03 17:41 <DIR> d-------- C:\Program Files\IDT
2008-07-02 18:12 . 2008-07-06 17:44 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-02 15:59 . 2008-04-10 20:05 7,925,760 --a------ C:\WINDOWS\system32\idtsg.cpl
2008-06-27 17:44 . 2008-07-17 16:21 <DIR> d-------- C:\auto
2008-06-25 17:27 . 2008-06-25 17:27 <DIR> d-------- C:\WINDOWS\system32\AsBackup
2008-06-25 17:11 . 2008-06-25 17:11 41,734 --a------ C:\WINDOWS\system32\PUXPPLAT.UND
2008-06-25 17:10 . 2008-06-25 17:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\flash
2008-06-25 16:29 . 2008-07-20 15:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-25 16:29 . 2008-07-20 14:43 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\Spyware Terminator
2008-06-25 16:29 . 2008-07-20 15:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2008-06-25 16:29 . 2008-06-25 16:29 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 18:16 . 2008-06-24 18:16 <DIR> d-------- C:\WINDOWS\system32\cs
2008-06-24 18:16 . 2008-06-24 18:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-24 18:08 . 2008-07-19 16:16 <DIR> d-------- C:\WINDOWS\EHome
2008-06-24 17:11 . 2008-06-24 17:46 <DIR> d-------- C:\Program Files\Atari
2008-06-22 10:02 . 2008-07-05 15:27 <DIR> d-------- C:\Pfrance
2008-06-21 16:44 . 2008-06-21 16:44 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-21 16:44 . 2008-06-21 16:44 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5140.exe
2008-06-21 16:44 . 2008-06-21 16:44 14,290 --a------ C:\Program Files\settings.dat
2008-06-21 16:43 . 2008-06-21 16:44 <DIR> d-------- C:\Program Files\PDFCreator
2008-06-21 16:43 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-21 16:43 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-21 16:43 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-06-20 19:49 . 2008-06-20 19:49 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:49 . 2008-06-20 19:49 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 09:59 --------- d-----w C:\Program Files\CyberLink
2008-07-19 07:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
2008-07-18 14:17 --------- d-----w C:\Documents and Settings\Zdeněk\Data aplikací\CyberLink
2008-07-18 14:04 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-18 14:04 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-10 17:50 91,760 ----a-w C:\Documents and Settings\Zdeněk\Data aplikací\GDIPFONTCACHEV1.DAT
2008-07-09 16:14 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-06 08:31 --------- d-----w C:\Program Files\DivX
2008-06-25 15:10 --------- d-----w C:\Program Files\Ashampoo
2008-06-21 04:33 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-21 04:33 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-21 04:33 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll
2008-06-21 04:33 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-21 04:33 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 15:31 --------- d-----w C:\Program Files\DIFX
2008-06-18 14:02 --------- d-----w C:\Program Files\Fotolab
2008-06-18 14:01 --------- d-----w C:\Program Files\Registry Repair
2008-06-17 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\hps
2008-06-16 16:55 2,684 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-06-14 17:35 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 11:39 --------- d-----w C:\Documents and Settings\Zdeněk\Data aplikací\Vso
2008-06-14 11:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DVD Shrink
2008-06-08 14:59 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 17:17 47,360 ----a-w C:\Documents and Settings\Zdeněk\Data aplikací\pcouffin.sys
2008-02-17 17:57 16 ----a-w C:\Documents and Settings\Zdeněk\p2TU62.dll
2008-02-17 17:57 16 ----a-w C:\Documents and Settings\Zdeněk\p2TU62.dll
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_13.31.02.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-20 11:10:27 62,138 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-07-20 12:47:12 62,138 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-07-20 11:10:27 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-20 12:47:12 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-20 11:10:27 379,568 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-07-20 12:47:12 379,568 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-07-20 11:10:27 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-20 12:47:12 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 16:09 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-09 18:14 1232152]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 16:29 1817600]
"mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 11:05 110592]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-10 20:07 413696]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

C:\Documents and Settings\ZdenŘk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 09:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2007-10-23 16:59:06 1933312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlatOut\\flatout.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 06:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 06:33]
R1 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 17:05]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-25 16:29]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-09 18:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-09 18:14]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-09 18:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 06:33]
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 06:33]
R3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 10:21]
R3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 10:21]
R3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 10:21]
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-05-23 20:59]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 06:33]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\FileObjInfo.sys [2008-06-25 16:29]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-20 07:00:00 C:\WINDOWS\Tasks\2003 - Rarities Double CD Depeche Mode.job"
- C:\music\2003 - Rarities Double CD Depeche Mode
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 17:38:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-07-20 17:41:46
ComboFix-quarantined-files.txt 2008-07-20 15:40:44
ComboFix2.txt 2008-07-20 11:31:20

Pre-Run: Volných bajtů: 70,122,158,080
Post-Run: Volných bajtů: 70,109,924,864

246 --- E O F --- 2008-07-20 07:10:17

a teď log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:59, on 20.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1902534656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6923 bytes

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Otestuj tento soubor na VirusTotal
C:\Documents and Settings\Zdeněk\p2TU62.dll
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek (pokud bude v pořádku tak nemusíš)

Můžeš fixnout položky, které se ti spouštějí při startu Win. a nejsou potřeba:
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background => pokud nepoužívá Messenger od MS, případně ho rovnou odinstalovat
po zaškrtnutí klikni na tlačítko Fix Checked

Avg má už v sobě antispyware, tak můžeš vypnout rezidentní ochranu u Spyware Terminatora.

Máš ještě nějaké problémy?

Nevím, kdo si frediku, ale krásná práce, moc děkuji. VirusTotal ukázal (0/33) a 0%, takže předpokládám, že je to O.K., ComboFix se odinstaloval. Mám poslední otázečku v adresáři windows/erunt je SDFix, mám s tím něco dělat? A HijackThis bych si raději nechal nainstalovaný. Jinak moc díky. Zdeněk

Je.

Stáhni si a spusť T-cleaner a postupuj podle instrukcí. Tím ji odstraníš už nebude potřeba. Pak můžeš T-cleaner smazat.

Nemáš za co , kdyby byl nějaký problém tak dej vědět.