Prosím o kontrolu logu z hjt a mwav. Vyřešeno

[MartinZX9R]

Zdravím a prosím o kontrolu logu.

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:53, on 11.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Odinka\Plocha\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bluetooth Tray Application] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1377338625
O17 - HKLM\System\CCS\Services\Tcpip\..\{A627F3D8-B833-4587-84D1-698BD0F83B60}: NameServer = 213.250.192.1,213.250.194.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8632 bytes


MWAV:

Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Parentis Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "RegSort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Winvestigator Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Entry "HKCR\soffice.StarCalcDocument.6" refers to invalid object "{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}". Action Taken: No Action Taken.
Entry "HKCR\soffice.StarDrawDocument.6" refers to invalid object "{41662FC2-0D57-4aff-AB27-AD2E12E7C273}". Action Taken: No Action Taken.
Entry "HKCR\soffice.StarImpressDocument.6" refers to invalid object "{E5A0B632-DFBA-4549-9346-E414DA06E6F8}". Action Taken: No Action Taken.
Entry "HKCR\soffice.StarMathDocument.6" refers to invalid object "{D0484DE6-AAEE-468a-991F-8D4B0737B57A}". Action Taken: No Action Taken.
Entry "HKCR\soffice.StarWriterDocument.6" refers to invalid object "{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP38\A0006460.exe infected by "Trojan.Generic.1416761 (DB)" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP38\A0006481.exe infected by "Dropped:Spyware.3169 (DB)" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP39\A0006561.exe infected by "Trojan.Generic.1641119 (DB)" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP5\A0002520.exe infected by "Trojan.Generic.1416761 (DB)" Virus! Action Taken: No Action Taken.
File D:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP39\A0006616.exe infected by "Virtool.23619 (DB)" Virus! Action Taken: No Action Taken.
File D:\System Volume Information\_restore{5B57810E-9840-456B-A186-7F12A0F1D744}\RP39\A0006619.exe infected by "Trojan.Generic.1625648 (DB)" Virus! Action Taken: No Action Taken.

Předem děkuji.

[Reklama]

[memphisto]

Oba logy jsou ok.Ty nálezy Mwav jsou pozůstatky po předchozích infekcích a ty poslední jsou v bodech obnovy.V logu HJT fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

možná mi příjde zbytečný ten Windows Defender, když už máš NOD

pro jistotu udělej tohle:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[MartinZX9R]

Jsem se do těch odpovědí nějak zamotal...

[MartinZX9R]

Tak tady je to:

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2112
Windows 5.1.2600 Service Pack 3

12.5.2009 5:25:22
mbam-log-2009-05-12 (05-25-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 70564
Uplynulý cas: 2 minute(s), 49 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[memphisto]

tak ještě tohle:

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[MartinZX9R]

Nějak se mi nedaří ukončit NOD. V systray ho ukončím jako aplikaci, ale ve správci nemůžu ukončit proces nod32krn.exe, pokaždé hned naskočí znovu, což se ComboFixu nelíbí. Zkusil jsem ho i zakázat po spuštění a restartovat, ale nepomohlo.

[CZechBoY]

Dej vypnout rezidní ochranu v nastavení to je

[memphisto]

Stačí ta rezidentní ochrana - pravým na ikonu v Tray a vyber vypnout antivirovou a antispyware kontrolu. ten nod32krn.exe tam bude pořádi po zavření NODa. Stačí vypnout ty ochrany

[MartinZX9R]

Už se podařilo:

ComboFix 09-05-11.08 - Odinka 12.05.2009 14:13.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2855 [GMT 2:00]
Spuštěný z: c:\documents and settings\Odinka\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\AVSredirect.dll
c:\windows\system32\taskmgr.com
D:\resycled

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-12 do 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 03:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 03:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 03:19 . 2009-05-12 03:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 12:50 . 2009-05-11 12:50 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-11 12:48 . 2009-05-11 12:48 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-11 12:48 . 2009-05-11 12:48 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-11 12:48 . 2009-05-11 12:48 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-11 12:48 . 2008-04-14 06:52 137216 ----a-w c:\windows\system32\T.COM
2009-05-11 12:48 . 2008-04-14 06:52 147968 ----a-w c:\windows\R.COM
2009-05-04 15:34 . 2009-05-04 15:47 -------- d-----w c:\program files\PC TRANSLATOR
2009-05-04 15:28 . 2009-05-04 15:28 44384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-05-04 15:28 . 2009-05-04 15:28 441760 ----a-w c:\windows\system32\drivers\timntr.sys
2009-05-04 15:28 . 2009-05-04 15:28 129248 ----a-w c:\windows\system32\drivers\snapman.sys
2009-05-04 15:28 . 2009-05-04 15:28 368736 ----a-w c:\windows\system32\drivers\tdrpman.sys
2009-05-04 15:28 . 2009-05-04 15:28 -------- d-----w c:\program files\Common Files\Acronis
2009-05-04 15:28 . 2009-05-04 15:28 -------- d-----w c:\program files\Acronis
2009-05-04 15:15 . 2006-02-20 16:59 85408 ----a-r c:\windows\system32\drivers\w810mgmt.sys
2009-05-04 15:14 . 2006-02-20 16:59 83344 ----a-r c:\windows\system32\drivers\w810obex.sys
2009-05-04 15:14 . 2006-02-20 16:59 8336 ----a-r c:\windows\system32\drivers\w810mdfl.sys
2009-05-04 15:14 . 2006-02-20 16:59 6176 ----a-r c:\windows\system32\drivers\w810cmnt.sys
2009-05-04 15:14 . 2006-02-20 16:59 6176 ----a-r c:\windows\system32\drivers\w810cm.sys
2009-05-04 15:14 . 2006-02-20 16:59 94064 ----a-r c:\windows\system32\drivers\w810mdm.sys
2009-05-04 15:13 . 2006-02-20 16:59 5808 ----a-r c:\windows\system32\drivers\w810whnt.sys
2009-05-04 15:13 . 2006-02-20 16:59 5808 ----a-r c:\windows\system32\drivers\w810wh.sys
2009-05-04 15:13 . 2006-02-20 16:59 58288 ----a-r c:\windows\system32\drivers\w810bus.sys
2009-05-04 15:09 . 2009-05-04 15:09 -------- d-----w c:\program files\MyPhoneExplorer
2009-05-04 14:51 . 2009-05-04 14:59 -------- d-----w c:\windows\SxsCaPendDel
2009-05-04 14:34 . 2009-05-04 14:34 -------- d-----w c:\program files\MSBuild
2009-05-04 14:34 . 2009-05-04 14:54 -------- d-----w c:\windows\system32\XPSViewer
2009-05-04 14:34 . 2009-05-04 14:34 -------- d-----w c:\program files\Reference Assemblies
2009-05-04 14:34 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-04 14:21 . 2009-05-04 14:21 -------- d-----w c:\program files\QuickTime Alternative
2009-05-04 14:12 . 2008-04-14 06:52 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-04 14:11 . 2009-05-04 16:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-04 14:10 . 2009-05-04 14:11 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-04 14:10 . 2009-05-04 14:10 -------- d-----w c:\windows\system32\LogFiles
2009-05-04 14:05 . 2009-05-04 14:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 14:05 . 2009-05-04 14:05 -------- d-----w c:\program files\Java
2009-05-04 14:01 . 2004-02-22 08:11 719872 ----a-w c:\windows\system32\devil.dll
2009-05-04 14:01 . 2007-05-17 15:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-05-04 14:01 . 2004-01-24 22:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-04 14:01 . 2004-01-24 22:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-05-04 14:01 . 2009-05-04 13:43 -------- d-----w c:\program files\AviSynth 2.5
2009-05-04 13:59 . 2009-05-04 13:59 -------- d-----w c:\windows\system32\Adobe
2009-05-04 13:43 . 2009-05-04 13:43 -------- d-----w c:\program files\Common Files\COWON
2009-05-04 13:43 . 2009-05-04 13:43 -------- d-----w c:\program files\JetAudio
2009-05-04 13:43 . 2009-05-04 13:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 13:34 . 2008-03-16 13:30 216064 --sh--r c:\windows\system32\nbDX.dll
2009-05-04 13:34 . 2007-02-21 11:47 31232 --sh--r c:\windows\system32\msfDX.dll
2009-05-04 13:34 . 2006-05-03 10:06 163328 --sh--r c:\windows\system32\flvDX.dll
2009-05-04 13:31 . 2009-05-04 13:31 -------- d-----w c:\program files\eRightSoft
2009-05-04 13:26 . 2009-05-04 13:26 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-04 13:21 . 2009-05-04 13:21 -------- d-----w c:\program files\SlySoft
2009-05-04 13:17 . 2009-05-04 13:17 -------- d-----w c:\program files\PowerPoint Viewer
2009-05-04 13:16 . 2009-05-04 13:16 -------- d-----w c:\program files\Shrink Pic
2009-05-04 13:10 . 2009-05-04 13:10 -------- d-----w c:\program files\Common Files\Adobe
2009-05-04 12:41 . 2009-05-04 12:41 -------- d-----w c:\documents and settings\Odinka\Bluetooth Software
2009-05-04 12:41 . 2008-04-15 09:14 990632 ----a-w c:\windows\system32\drivers\btkrnl.sys
2009-05-04 12:41 . 2008-04-15 09:13 534440 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-05-04 12:41 . 2009-05-04 12:41 -------- d-----w c:\program files\WIDCOMM
2009-05-03 21:46 . 2009-05-03 21:46 -------- d-----w c:\program files\Windows Defender
2009-05-03 21:32 . 2008-06-14 17:35 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-03 21:32 . 2008-06-14 17:35 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-03 21:30 . 2009-02-09 11:26 2191232 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-03 21:30 . 2009-02-09 11:26 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-03 21:30 . 2009-02-09 11:26 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-03 21:30 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-03 21:27 . 2007-07-27 07:41 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-03 21:27 . 2009-05-03 21:37 -------- d--h--w c:\windows\$hf_mig$
2009-05-03 21:19 . 2009-05-03 21:19 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-03 21:19 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-03 21:18 . 2009-05-03 21:18 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-03 21:18 . 2009-05-03 21:19 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-03 20:49 . 2009-05-03 20:54 -------- d-----w c:\program files\PhotoFiltre Studio X
2009-05-03 20:46 . 2009-05-04 16:45 -------- d-----w c:\windows\system32\oodag
2009-05-03 20:42 . 2009-05-03 20:42 -------- d-----w c:\program files\OO Software
2009-05-03 20:30 . 2009-05-03 20:30 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-03 20:26 . 2009-05-03 20:26 -------- d-----w c:\program files\Common Files\Skype
2009-05-03 20:26 . 2009-05-03 20:26 -------- d-----r c:\program files\Skype
2009-05-03 19:03 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-03 18:52 . 2009-05-03 18:52 -------- d-----w c:\program files\Alcohol Soft
2009-05-03 18:51 . 2009-05-03 18:51 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-03 18:39 . 2009-05-03 18:39 -------- d-----w c:\program files\IObit
2009-05-03 18:33 . 2009-01-09 10:46 39776 ----a-w c:\windows\system32\DfSdkBt64.exe
2009-05-03 18:33 . 2009-01-09 10:46 33632 ----a-w c:\windows\system32\DfSdkBt.exe
2009-05-03 18:32 . 2009-05-03 18:58 -------- d-----w c:\program files\Ashampoo
2009-05-03 18:02 . 2008-04-13 22:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-03 17:50 . 2009-05-03 17:49 298104 ----a-w c:\windows\system32\imon.dll
2009-05-03 17:50 . 2009-05-03 17:49 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-05-03 17:50 . 2009-05-03 17:49 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-05-03 17:49 . 2009-05-11 18:03 -------- d-----w c:\program files\ESET
2009-05-03 17:39 . 2009-05-11 18:03 -------- d-----w c:\program files\Internet Download Manager
2009-05-03 17:28 . 2009-05-03 17:28 -------- d-s---w c:\documents and settings\Odinka\UserData
2009-05-03 17:09 . 2009-05-03 17:09 -------- d-----w c:\program files\CCleaner
2009-05-03 17:04 . 2008-04-14 00:09 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-03 17:04 . 2009-05-03 17:04 -------- d-----w c:\program files\Opera
2009-05-03 17:03 . 2008-04-14 00:16 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-03 17:03 . 2008-04-14 00:16 85248 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-03 17:03 . 2008-04-14 00:16 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-03 17:03 . 2008-04-14 00:16 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-03 17:03 . 2008-04-14 00:16 19200 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-03 17:03 . 2008-04-14 00:09 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-03 17:03 . 2008-04-14 00:09 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-03 17:03 . 2008-04-14 00:16 15232 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-03 17:03 . 2008-04-14 00:09 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-03 17:03 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-03 17:02 . 2008-04-14 08:52 54272 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-03 17:02 . 2008-04-14 00:16 121984 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-05-03 17:02 . 2008-04-14 06:51 4096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
2009-05-03 17:02 . 2008-04-14 06:51 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-03 17:02 . 2008-04-14 07:44 58496 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-03 17:01 . 2008-04-14 08:52 75264 ----a-w c:\windows\system32\usbui.dll
2009-05-03 17:01 . 2008-04-14 00:06 10240 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-05-03 17:01 . 2008-04-14 00:06 14208 ----a-w c:\windows\system32\drivers\battc.sys
2009-05-03 17:01 . 2008-04-14 00:06 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 18:08 . 2009-05-03 15:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-04 14:50 . 2001-10-25 12:00 78048 ----a-w c:\windows\system32\perfc005.dat
2009-05-04 14:50 . 2001-10-25 12:00 428982 ----a-w c:\windows\system32\perfh005.dat
2009-05-03 16:35 . 2009-05-03 16:35 0 ----a-w c:\windows\nsreg.dat
2009-05-03 15:44 . 2009-05-03 15:44 -------- d-----w c:\program files\Motorola
2009-05-03 15:33 . 2009-05-03 15:33 0 ----a-w c:\windows\ativpsrm.bin
2009-05-03 15:17 . 2009-05-03 15:17 -------- d-----w c:\program files\microsoft frontpage
2009-05-03 15:16 . 2001-10-25 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-03 15:13 . 2009-05-03 15:13 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w c:\windows\system32\OODAGMG.DLL
2009-04-07 13:00 . 2009-04-07 13:00 37896 ----a-w c:\windows\system32\drivers\oobctm.sys
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w c:\windows\system32\ootmapi.dll
2009-03-26 15:35 . 2009-04-27 13:42 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-06 14:23 . 2008-04-14 06:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:12 . 2008-04-14 06:52 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-14 06:51 81920 ----a-w c:\windows\system32\ieencode.dll
2006-05-03 10:06 . 2009-05-04 13:34 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-04 13:34 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-04 13:34 216064 --sh--r c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Bluetooth Tray Application"="c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe" [2008-04-14 596584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-03 949376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-29 16805888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3.5.2009 19:50 15424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [3.5.2009 23:19 603904]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [14.4.2008 0:26 69120]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [3.5.2009 20:33 410976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-05-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {A627F3D8-B833-4587-84D1-698BD0F83B60} = 213.250.192.1,213.250.194.1
FF - ProfilePath - c:\documents and settings\Odinka\Data aplikací\Mozilla\Firefox\Profiles\62wquxg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 14:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="BA6091FBE02F5ABD1AFA1677C3A8846663270DF1B818E181C50B555D3D03DF5D8C1742DF8269C1D72EBEE374876FB221F68BE260C9D1EB563BF1ECEB82A365682585AA7576EB96D58470D05553044AB3B6C1B20C1FCD020521FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452BA7FD869164D6794480A7E15CC76930D832AC2A5BD1074EACDFE0C410937313614A1708D134524B225DB04005B10C01CF8400C4EB44CF41A53D6FD6D467A4A462C56D09BDFF465C9ED731C062075467780B38A736A41E78EA7DB197F25D5A6F72E6DA7F0D5AEF52264AAD9908097ECE66836461CDF8B9C8045BB7A44642C388F64AAC6B810410EB4BD7FE1CA14CCD1B3F220D9974A2AB2AA1FC551497646C4DB0A7713E4DDDDB8FD2693F028A64F66AA58EB74781402A2CB956E62E20352E8A951E185284299567F3A2D535C3A3E6E1DC3B7DA15DAD733A5834C86A8E2DD124F6098AB7B766D1A3C0D36EB61821C026153C662066FD9047FB39B29F3255F04A2CD71A71AE4B78C3DA23D3073E8CE0F529A0177AB579485A3E5BCCBE48DAD55FEA866AD862E3988907772AC94872257CB217019A54DFD7F614FB401DF1107EFC57114878123983EC577AC7D09B1426C30E0C2D95C3CEC0A8B17A8F109DA0B14D99B399115CE5DB1710666D5DA6B42BAE5494D6178C99B93F7D8E5DA4FC8BD532292BD3E0EE97539AC783CFBD76C98FCD4BC85EC694729DD8026DD0DDDEE08948B33A892FAE5B2829498F14A0F2121446B140749E0411B7E0702A26BAB92B49284CBA7A7B1E44B0EC826EA2FD72A18F49B998ED9D373D7DFE9646BED6D2F76DC81248B2B48BE56AC6DCFB3AB495DA1C8DB0B82977ED02ABE93B916A21E72605579F3C85D9C00D387AC4078D64241C2CCA39C670CDC7D422D6BE122287FBEEC33E869F715CEE6249BB20D0CDBE29367DFF2F4E958B2D3B3916330B2B391AA7581CFA357B942678BB6AF4763F71144DCB84930D62E8560F4A56B6E8F8D9D023B1FB039C64A9F2935FE59EE19FDF578D55F2EDAA1559F6661F67BD5A5902DC1E3BE14B34B575208ADE9E6FBEA537D896730AA7AE1A88E5A39668E1A832F919D7765040F8E050B9366441657BAF35A818EDCCB855298A56520ABA1DB5E6C5C7A61EF92BB5C0FBD0EB4ACA6DE8EEB80A228E8236552277AE51CCE3A358D60E3F4730D519FA5C0A2F0D1995E64105FA961762F48FA636CE66D9A2E5B318C3845DADFBED814017C36E5DB50852F0D82D266A05AD1992E130A4068FA1350FBB25F2D425CC56525B6384ED36D68F778A23D0DB06C6006FB5B44D93BBCED8620A6D3A4938FB554F078AD3B9EE0D7EC669BEDE616B9927DBC97BDE5A94B7EBBDFF98BAA3759"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\idmmbc.dll
.
Celkový čas: 2009-05-12 14:15
ComboFix-quarantined-files.txt 2009-05-12 12:15

Před spuštěním: Volných bajtů: 134 321 778 688
Po spuštění: Volných bajtů: 134 339 145 728

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

262 --- E O F --- 2009-05-08 13:11

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\system32\runouce.exe
c:\windows\SxsCaPendDel

File::
c:\windows\ativpsrm.bin

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[MartinZX9R]

Tady je ComboFix:

ComboFix 09-05-11.08 - Odinka 12.05.2009 18:03.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2851 [GMT 2:00]
Spuštěný z: c:\documents and settings\Odinka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Odinka\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated)

FILE ::
c:\windows\ativpsrm.bin
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ativpsrm.bin
c:\windows\SxsCaPendDel
c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-12 do 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 03:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 03:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 03:19 . 2009-05-12 03:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 12:48 . 2009-05-11 12:48 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-11 12:48 . 2009-05-11 12:48 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-11 12:48 . 2009-05-11 12:48 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-11 12:48 . 2008-04-14 06:52 137216 ----a-w c:\windows\system32\T.COM
2009-05-11 12:48 . 2008-04-14 06:52 147968 ----a-w c:\windows\R.COM
2009-05-04 15:34 . 2009-05-04 15:47 -------- d-----w c:\program files\PC TRANSLATOR
2009-05-04 15:28 . 2009-05-04 15:28 44384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-05-04 15:28 . 2009-05-04 15:28 441760 ----a-w c:\windows\system32\drivers\timntr.sys
2009-05-04 15:28 . 2009-05-04 15:28 129248 ----a-w c:\windows\system32\drivers\snapman.sys
2009-05-04 15:28 . 2009-05-04 15:28 368736 ----a-w c:\windows\system32\drivers\tdrpman.sys
2009-05-04 15:28 . 2009-05-04 15:28 -------- d-----w c:\program files\Common Files\Acronis
2009-05-04 15:28 . 2009-05-04 15:28 -------- d-----w c:\program files\Acronis
2009-05-04 15:15 . 2006-02-20 16:59 85408 ----a-r c:\windows\system32\drivers\w810mgmt.sys
2009-05-04 15:14 . 2006-02-20 16:59 83344 ----a-r c:\windows\system32\drivers\w810obex.sys
2009-05-04 15:14 . 2006-02-20 16:59 8336 ----a-r c:\windows\system32\drivers\w810mdfl.sys
2009-05-04 15:14 . 2006-02-20 16:59 6176 ----a-r c:\windows\system32\drivers\w810cmnt.sys
2009-05-04 15:14 . 2006-02-20 16:59 6176 ----a-r c:\windows\system32\drivers\w810cm.sys
2009-05-04 15:14 . 2006-02-20 16:59 94064 ----a-r c:\windows\system32\drivers\w810mdm.sys
2009-05-04 15:13 . 2006-02-20 16:59 5808 ----a-r c:\windows\system32\drivers\w810whnt.sys
2009-05-04 15:13 . 2006-02-20 16:59 5808 ----a-r c:\windows\system32\drivers\w810wh.sys
2009-05-04 15:13 . 2006-02-20 16:59 58288 ----a-r c:\windows\system32\drivers\w810bus.sys
2009-05-04 15:09 . 2009-05-04 15:09 -------- d-----w c:\program files\MyPhoneExplorer
2009-05-04 14:34 . 2009-05-04 14:34 -------- d-----w c:\program files\MSBuild
2009-05-04 14:34 . 2009-05-04 14:54 -------- d-----w c:\windows\system32\XPSViewer
2009-05-04 14:34 . 2009-05-04 14:34 -------- d-----w c:\program files\Reference Assemblies
2009-05-04 14:34 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-04 14:21 . 2009-05-04 14:21 -------- d-----w c:\program files\QuickTime Alternative
2009-05-04 14:12 . 2008-04-14 06:52 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-04 14:11 . 2009-05-04 16:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-04 14:10 . 2009-05-04 14:11 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-04 14:10 . 2009-05-04 14:10 -------- d-----w c:\windows\system32\LogFiles
2009-05-04 14:05 . 2009-05-04 14:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 14:05 . 2009-05-04 14:05 -------- d-----w c:\program files\Java
2009-05-04 14:01 . 2004-02-22 08:11 719872 ----a-w c:\windows\system32\devil.dll
2009-05-04 14:01 . 2007-05-17 15:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-05-04 14:01 . 2004-01-24 22:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-04 14:01 . 2004-01-24 22:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-05-04 14:01 . 2009-05-04 13:43 -------- d-----w c:\program files\AviSynth 2.5
2009-05-04 13:59 . 2009-05-04 13:59 -------- d-----w c:\windows\system32\Adobe
2009-05-04 13:43 . 2009-05-04 13:43 -------- d-----w c:\program files\Common Files\COWON
2009-05-04 13:43 . 2009-05-04 13:43 -------- d-----w c:\program files\JetAudio
2009-05-04 13:43 . 2009-05-04 13:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 13:34 . 2008-03-16 13:30 216064 --sh--r c:\windows\system32\nbDX.dll
2009-05-04 13:34 . 2007-02-21 11:47 31232 --sh--r c:\windows\system32\msfDX.dll
2009-05-04 13:34 . 2006-05-03 10:06 163328 --sh--r c:\windows\system32\flvDX.dll
2009-05-04 13:31 . 2009-05-04 13:31 -------- d-----w c:\program files\eRightSoft
2009-05-04 13:26 . 2009-05-04 13:26 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-04 13:21 . 2009-05-04 13:21 -------- d-----w c:\program files\SlySoft
2009-05-04 13:17 . 2009-05-04 13:17 -------- d-----w c:\program files\PowerPoint Viewer
2009-05-04 13:16 . 2009-05-04 13:16 -------- d-----w c:\program files\Shrink Pic
2009-05-04 13:10 . 2009-05-04 13:10 -------- d-----w c:\program files\Common Files\Adobe
2009-05-04 12:41 . 2009-05-04 12:41 -------- d-----w c:\documents and settings\Odinka\Bluetooth Software
2009-05-04 12:41 . 2008-04-15 09:14 990632 ----a-w c:\windows\system32\drivers\btkrnl.sys
2009-05-04 12:41 . 2008-04-15 09:13 534440 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-05-04 12:41 . 2009-05-04 12:41 -------- d-----w c:\program files\WIDCOMM
2009-05-03 21:46 . 2009-05-03 21:46 -------- d-----w c:\program files\Windows Defender
2009-05-03 21:32 . 2008-06-14 17:35 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-03 21:32 . 2008-06-14 17:35 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-03 21:30 . 2009-02-09 11:26 2191232 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-03 21:30 . 2009-02-09 11:26 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-03 21:30 . 2009-02-09 11:26 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-03 21:30 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-03 21:27 . 2007-07-27 07:41 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-03 21:27 . 2009-05-03 21:37 -------- d--h--w c:\windows\$hf_mig$
2009-05-03 21:19 . 2009-05-03 21:19 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-03 21:19 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-03 21:18 . 2009-05-03 21:18 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-03 21:18 . 2009-05-03 21:19 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-03 20:49 . 2009-05-03 20:54 -------- d-----w c:\program files\PhotoFiltre Studio X
2009-05-03 20:46 . 2009-05-04 16:45 -------- d-----w c:\windows\system32\oodag
2009-05-03 20:42 . 2009-05-03 20:42 -------- d-----w c:\program files\OO Software
2009-05-03 20:30 . 2009-05-03 20:30 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-03 20:26 . 2009-05-03 20:26 -------- d-----w c:\program files\Common Files\Skype
2009-05-03 20:26 . 2009-05-03 20:26 -------- d-----r c:\program files\Skype
2009-05-03 19:03 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-03 18:52 . 2009-05-03 18:52 -------- d-----w c:\program files\Alcohol Soft
2009-05-03 18:51 . 2009-05-03 18:51 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-03 18:39 . 2009-05-03 18:39 -------- d-----w c:\program files\IObit
2009-05-03 18:33 . 2009-01-09 10:46 39776 ----a-w c:\windows\system32\DfSdkBt64.exe
2009-05-03 18:33 . 2009-01-09 10:46 33632 ----a-w c:\windows\system32\DfSdkBt.exe
2009-05-03 18:32 . 2009-05-03 18:58 -------- d-----w c:\program files\Ashampoo
2009-05-03 18:02 . 2008-04-13 22:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-03 17:50 . 2009-05-03 17:49 298104 ----a-w c:\windows\system32\imon.dll
2009-05-03 17:50 . 2009-05-03 17:49 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-05-03 17:50 . 2009-05-03 17:49 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-05-03 17:49 . 2009-05-11 18:03 -------- d-----w c:\program files\ESET
2009-05-03 17:39 . 2009-05-11 18:03 -------- d-----w c:\program files\Internet Download Manager
2009-05-03 17:28 . 2009-05-03 17:28 -------- d-s---w c:\documents and settings\Odinka\UserData
2009-05-03 17:09 . 2009-05-03 17:09 -------- d-----w c:\program files\CCleaner
2009-05-03 17:04 . 2008-04-14 00:09 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-03 17:04 . 2009-05-03 17:04 -------- d-----w c:\program files\Opera
2009-05-03 17:03 . 2008-04-14 00:16 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-03 17:03 . 2008-04-14 00:16 85248 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-03 17:03 . 2008-04-14 00:16 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-03 17:03 . 2008-04-14 00:16 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-03 17:03 . 2008-04-14 00:16 19200 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-03 17:03 . 2008-04-14 00:09 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-03 17:03 . 2008-04-14 00:09 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-03 17:03 . 2008-04-14 00:16 15232 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-03 17:03 . 2008-04-14 00:09 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-03 17:03 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-03 17:02 . 2008-04-14 08:52 54272 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-03 17:02 . 2008-04-14 00:16 121984 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-05-03 17:02 . 2008-04-14 06:51 4096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
2009-05-03 17:02 . 2008-04-14 06:51 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-03 17:02 . 2008-04-14 07:44 58496 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-03 17:01 . 2008-04-14 08:52 75264 ----a-w c:\windows\system32\usbui.dll
2009-05-03 17:01 . 2008-04-14 00:06 10240 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-05-03 17:01 . 2008-04-14 00:06 14208 ----a-w c:\windows\system32\drivers\battc.sys
2009-05-03 17:01 . 2008-04-14 00:06 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 18:08 . 2009-05-03 15:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-04 14:50 . 2001-10-25 12:00 78048 ----a-w c:\windows\system32\perfc005.dat
2009-05-04 14:50 . 2001-10-25 12:00 428982 ----a-w c:\windows\system32\perfh005.dat
2009-05-03 16:35 . 2009-05-03 16:35 0 ----a-w c:\windows\nsreg.dat
2009-05-03 15:44 . 2009-05-03 15:44 -------- d-----w c:\program files\Motorola
2009-05-03 15:17 . 2009-05-03 15:17 -------- d-----w c:\program files\microsoft frontpage
2009-05-03 15:16 . 2001-10-25 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-03 15:13 . 2009-05-03 15:13 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w c:\windows\system32\OODAGMG.DLL
2009-04-07 13:00 . 2009-04-07 13:00 37896 ----a-w c:\windows\system32\drivers\oobctm.sys
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w c:\windows\system32\ootmapi.dll
2009-03-26 15:35 . 2009-04-27 13:42 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-06 14:23 . 2008-04-14 06:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:12 . 2008-04-14 06:52 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-14 06:51 81920 ----a-w c:\windows\system32\ieencode.dll
2006-05-03 10:06 . 2009-05-04 13:34 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-04 13:34 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-04 13:34 216064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-12_12.14.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 15:42 . 2009-05-12 15:42 16384 c:\windows\Temp\Perflib_Perfdata_8e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Bluetooth Tray Application"="c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe" [2008-04-14 596584]
"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-03 949376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-29 16805888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3.5.2009 19:50 15424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [3.5.2009 23:19 603904]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [14.4.2008 0:26 69120]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [3.5.2009 20:33 410976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-05-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {A627F3D8-B833-4587-84D1-698BD0F83B60} = 213.250.192.1,213.250.194.1
FF - ProfilePath - c:\documents and settings\Odinka\Data aplikací\Mozilla\Firefox\Profiles\62wquxg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 18:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="BA6091FBE02F5ABD1AFA1677C3A8846663270DF1B818E181C50B555D3D03DF5D8C1742DF8269C1D72EBEE374876FB221F68BE260C9D1EB563BF1ECEB82A365682585AA7576EB96D58470D05553044AB3B6C1B20C1FCD020521FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB3452BA7FD869164D6794480A7E15CC76930D832AC2A5BD1074EACDFE0C410937313614A1708D134524B225DB04005B10C01CF8400C4EB44CF41A53D6FD6D467A4A462C56D09BDFF465C9ED731C062075467780B38A736A41E78EA7DB197F25D5A6F72E6DA7F0D5AEF52264AAD9908097ECE66836461CDF8B9C8045BB7A44642C388F64AAC6B810410EB4BD7FE1CA14CCD1B3F220D9974A2AB2AA1FC551497646C4DB0A7713E4DDDDB8FD2693F028A64F66AA58EB74781402A2CB956E62E20352E8A951E185284299567F3A2D535C3A3E6E1DC3B7DA15DAD733A5834C86A8E2DD124F6098AB7B766D1A3C0D36EB61821C026153C662066FD9047FB39B29F3255F04A2CD71A71AE4B78C3DA23D3073E8CE0F529A0177AB579485A3E5BCCBE48DAD55FEA866AD862E3988907772AC94872257CB217019A54DFD7F614FB401DF1107EFC57114878123983EC577AC7D09B1426C30E0C2D95C3CEC0A8B17A8F109DA0B14D99B399115CE5DB1710666D5DA6B42BAE5494D6178C99B93F7D8E5DA4FC8BD532292BD3E0EE97539AC783CFBD76C98FCD4BC85EC694729DD8026DD0DDDEE08948B33A892FAE5B2829498F14A0F2121446B140749E0411B7E0702A26BAB92B49284CBA7A7B1E44B0EC826EA2FD72A18F49B998ED9D373D7DFE9646BED6D2F76DC81248B2B48BE56AC6DCFB3AB495DA1C8DB0B82977ED02ABE93B916A21E72605579F3C85D9C00D387AC4078D64241C2CCA39C670CDC7D422D6BE122287FBEEC33E869F715CEE6249BB20D0CDBE29367DFF2F4E958B2D3B3916330B2B391AA7581CFA357B942678BB6AF4763F71144DCB84930D62E8560F4A56B6E8F8D9D023B1FB039C64A9F2935FE59EE19FDF578D55F2EDAA1559F6661F67BD5A5902DC1E3BE14B34B575208ADE9E6FBEA537D896730AA7AE1A88E5A39668E1A832F919D7765040F8E050B9366441657BAF35A818EDCCB855298A56520ABA1DB5E6C5C7A61EF92BB5C0FBD0EB4ACA6DE8EEB80A228E8236552277AE51CCE3A358D60E3F4730D519FA5C0A2F0D1995E64105FA961762F48FA636CE66D9A2E5B318C3845DADFBED814017C36E5DB50852F0D82D266A05AD1992E130A4068FA1350FBB25F2D425CC56525B6384ED36D68F778A23D0DB06C6006FB5B44D93BBCED8620A6D3A4938FB554F078AD3B9EE0D7EC669BEDE616B9927DBC97BDE5A94B7EBBDFF98BAA3759"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\idmmbc.dll
.
Celkový čas: 2009-05-12 18:06
ComboFix-quarantined-files.txt 2009-05-12 16:06

Před spuštěním: Volných bajtů: 134 369 878 016
Po spuštění: Volných bajtů: 134 357 733 376

256 --- E O F --- 2009-05-08 13:11


A tady HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:17, on 12.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Odinka\Plocha\Logy\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bluetooth Tray Application] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1377338625
O17 - HKLM\System\CCS\Services\Tcpip\..\{A627F3D8-B833-4587-84D1-698BD0F83B60}: NameServer = 213.250.192.1,213.250.194.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8623 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vše,