PC-HELP.CZ

Ahoj,
po té co mi online eset našel infekci v nekolika .sys souborech jsem spustil combofix a po skonceni vypadnul nasledujici log. vzhledem k tomu ze vsechny nahlasene soubory se nachazeji v sekci "Ostatní výmazy", domnívám se, že nic dalšího nemusím podnikat (pc se vrátilo do normálu - již jde např. nainstalovat antivir což předtím odmítal)...tak se jen chci zeptat, zda skutečně už nemusím provádět žádnou další operaci.
děkuji moc
vítek

=====
ComboFix 09-05-25.03 - vitek 25.05.2009 22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\vitek\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\actmovieb.exe
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\acpi32.sys
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\netsik.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\ws2_32sik.sys
c:\windows\system32\NSREG.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETDDEDCOMLAUNCH
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_NetDDEDcomLaunch
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_systemntmi
-------\Service_ws2_32sik

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-25 do 2009-05-25 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:21 . 2010-07-09 12:21 -------- d-----w c:\program files\Skype
2010-07-09 12:20 . 2010-07-09 12:20 -------- d-----w c:\program files\InterVideo
2010-07-09 12:19 . 2010-07-09 12:19 -------- d-----w c:\program files\Common Files\InterVideo
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\RALINK
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\EeePC
2010-07-09 11:56 . 2010-07-09 11:56 315392 ----a-w c:\windows\HideWin.exe
2010-07-09 11:53 . 2010-07-09 11:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2010-07-09 11:50 . 2010-07-09 11:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-07-09 11:42 . 2010-07-09 11:21 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-09 11:42 . 2010-07-09 11:21 2378 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-09 11:40 . 2010-07-09 11:21 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-09 11:22 . 2010-07-09 11:22 -------- d-----w c:\program files\microsoft frontpage
2010-07-09 11:19 . 2010-07-09 11:19 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-25 19:00 . 2009-05-25 16:44 -------- d-----w c:\program files\ESET
2009-05-25 18:58 . 2008-07-07 17:20 81484 ----a-w c:\windows\system32\perfc005.dat
2009-05-25 18:58 . 2008-07-07 17:20 432906 ----a-w c:\windows\system32\perfh005.dat
2009-05-25 18:35 . 2009-05-25 18:35 -------- d-----w c:\program files\Avira
2009-05-25 18:01 . 2009-05-25 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 17:31 . 2009-04-11 22:55 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 17:00 . 2009-05-25 17:00 -------- d-----w c:\program files\Data0.Net Software
2009-05-25 16:25 . 2009-05-25 16:25 2944 ---ha-w c:\windows\system32\drivers\dciiodrv.sys
2009-05-24 14:42 . 2008-11-27 23:19 -------- d-----w c:\program files\Call of Duty
2009-05-22 14:22 . 2009-05-22 14:22 -------- d-----w c:\program files\eeectl_0.2.4
2009-05-22 12:32 . 2009-05-22 12:32 -------- d-----w c:\program files\XNote Stopwatch
2009-05-19 13:33 . 2009-05-19 13:33 32 --s-a-w c:\windows\system32\4173209304.dat
2009-05-16 14:22 . 2010-07-09 12:01 -------- d-----w c:\program files\Asus
2009-05-16 08:19 . 2008-11-08 16:17 -------- d-----w c:\program files\Google
2009-05-08 10:56 . 2009-02-15 20:58 -------- d-----w c:\program files\FreeMind
2009-05-06 22:19 . 2009-04-10 10:14 -------- d-----w c:\program files\PartyGaming
2009-05-05 17:11 . 2009-04-11 22:59 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-05 17:10 . 2009-04-11 22:55 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 07:58 . 2009-05-02 19:56 -------- d-----w c:\program files\JLC's Software
2009-05-02 22:20 . 2008-12-13 13:57 -------- d-----w c:\program files\Bytescout PPT To PDF Scout
2009-04-30 06:05 . 2009-04-06 17:52 -------- d-----w c:\program files\PopTray
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\IMDecoder
2009-04-29 23:22 . 2010-07-09 11:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 22:56 . 2009-04-11 22:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-11 16:44 . 2009-04-04 22:35 -------- d-----w c:\program files\Full Tilt Poker
2009-04-11 16:41 . 2009-02-16 08:25 -------- d-----w c:\program files\PokerStars
2009-04-09 21:35 . 2009-04-09 21:33 -------- d-----w c:\program files\ParadisePoker
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-05 20:16 . 2009-04-05 20:16 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-05 20:16 . 2009-04-05 20:16 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-05 20:16 . 2009-04-05 20:16 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-05 20:15 . 2008-10-20 21:21 -------- d-----w c:\program files\Sony Ericsson
2009-04-05 19:57 . 2009-04-05 19:57 -------- d-----w c:\program files\Avanquest update
2009-04-02 18:16 . 2009-04-02 17:55 -------- d-----w c:\program files\BrainWave Generator
2009-04-02 13:49 . 2010-07-09 12:15 -------- d-----w c:\program files\Java
2009-03-30 08:33 . 2009-05-25 18:35 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:08 . 2009-05-03 07:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-09 03:19 . 2008-11-30 23:06 410984 ----a-w c:\windows\system32\deploytk.dll
2008-05-07 14:34 . 2010-07-09 12:21 15523560 ----a-w c:\program files\U1 Setup.exe
2009-04-03 09:29 . 2009-02-13 21:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2005-09-23 05:28 270848 ----a-w c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2005-09-23 05:28 270848 ----a-w c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-03 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vitek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - eeectl.lnk - c:\program files\eeectl_0.2.4\eeectl.exe [2009-5-22 31232]
Z stupce - Lama1.lnk - d:\programy\lama10\Lama1.exe [2009-1-17 513024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-11-3 116224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\vitek\\Plocha\\Between_v5\\Between.exe"=
"c:\\Program Files\\Asus\\EeePC\\Super Hybrid Engine\\SuperHybridEngine.exe"=
"d:\\programy\\Dark Room 0.8b\\DarkRoom.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsTray.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsEPCMon.exe"=
"c:\\Program Files\\Elantech\\ETDCtrl.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\VirtuaWin\\VirtuaWin.exe"=
"c:\\Program Files\\eeectl_0.2.4\\eeectl.exe"=
"d:\\programy\\lama10\\Lama1.exe"=
"c:\\Program Files\\VirtuaWin\\modules\\WinList.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Google\\Google Desktop Search\\pdftotext.exe"=
"c:\\Program Files\\Call of Duty\\CoDSP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol__.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\vitek\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12.4.2009 0:55 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12.4.2009 0:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12.4.2009 0:59 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12.4.2009 0:56 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 20:35 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 4:03 65536]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9.7.2010 13:59 11264]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [25.5.2009 18:25 2944]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [21.5.2008 13:20 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [17.5.2008 18:19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.7.2010 13:59 616704]
S2 gupdate1c9905d16363c82;Služba Google Update (gupdate1c9905d16363c82);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 19:36 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [28.1.2009 3:35 17432]
S3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_225.sys [19.11.2008 13:41 17152]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\drivers\BDA_Loader_225.sys [19.11.2008 13:40 18944]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.4.2009 22:16 13224]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.2.2009 23:29 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12.4.2009 0:55 64392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [13.12.2008 18:42 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [13.12.2008 18:42 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [13.12.2008 18:42 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [13.12.2008 18:42 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [13.12.2008 18:42 100008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.4.2009 0:55 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12.4.2009 0:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 17:00]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-vitek - c:\documents and settings\vitek\vitek.exe
SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - google.cz
FF - component: c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 22:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4260098610-726476409-1454328811-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25030E83-CDA0-4CBC-9B34-4A35E15C2D43}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamlohlkeg"=hex:66,61,63,6d,6a,68,69,65,68,63,62,68,00,31
"dabljjpg"=hex:64,62,61,6a,64,61,61,6f,6b,63,65,66,6b,66,61,6c,61,65,70,6e,69,
61,6a,61,67,6c,6f,64,6f,62,64,62,61,63,63,70,70,67,6f,68,00,00
"iaejnbgjhnncglbhed"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,00
"hakjdpjfgmfnjfjj"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,e0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3728)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3404.26077__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\VirtuaWin\modules\WinList.exe
.
**************************************************************************
.
Celkový čas: 2009-05-25 22:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-25 20:34

Před spuštěním: 6 709 764 096
Po spuštění: 7 851 044 864

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=KPJJ41 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=KPJJ41-BAK

343

Bylo by dobrý začít od začátku. To znamená logem z HJT, protože ani ComboFix není všemocný.

soucasny HJT log. díky
-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:10, on 25.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\eeectl_0.2.4\eeectl.exe
D:\programy\lama10\Lama1.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-4260098610-726476409-1454328811-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - eeectl.lnk = C:\Program Files\eeectl_0.2.4\eeectl.exe
O4 - Startup: Zástupce - Lama1.lnk = D:\programy\lama10\Lama1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9905d16363c82) (gupdate1c9905d16363c82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9600 bytes

Spusť si HJT a fixni (zaškrtnout čtvereček před hodnotou a zmáčkni "Fix checked"):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe
O4 - Global Startup: Bluetooth.lnk = ?

A pokud tuto adresu neznáš tak i toto:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

fixnuto. log je zde. díky
------
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2178
Windows 5.1.2600 Service Pack 3

26.5.2009 0:52:39
mbam-log-2009-05-26 (00-52-31).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89959
Uplynulý cas: 5 minute(s), 14 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Pak spusť ComboFix.
Musíš vypnout rezidenty antiviru, antispywaru a ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

Potom sem dej log.

počkej, jediný co mbam píše je, že mám natvrdo vypnutý windows security center. což mám, dělal jsem to sám. tam přece žádnej nález není, tak na co aplikovat znova combofix etc....

Já z logu nepoznám, jestli si to byl ty, nebo virus.

Odinstaluj starý ComboFix takto:
Start-Spustit a zadej ComboFix[mezera]/u

Stáhni si nový,
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 09-05-26.05 - vitek 28.05.2009 0:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1420 [GMT 2:00]
Spuštěný z: c:\documents and settings\vitek\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-27 do 2009-05-27 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:21 . 2010-07-09 12:21 -------- d-----w c:\program files\Skype
2010-07-09 12:20 . 2010-07-09 12:20 -------- d-----w c:\program files\InterVideo
2010-07-09 12:19 . 2010-07-09 12:19 -------- d-----w c:\program files\Common Files\InterVideo
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\RALINK
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\EeePC
2010-07-09 11:56 . 2010-07-09 11:56 315392 ----a-w c:\windows\HideWin.exe
2010-07-09 11:53 . 2010-07-09 11:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2010-07-09 11:50 . 2010-07-09 11:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-07-09 11:42 . 2010-07-09 11:21 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-09 11:42 . 2010-07-09 11:21 2378 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-09 11:40 . 2010-07-09 11:21 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-09 11:22 . 2010-07-09 11:22 -------- d-----w c:\program files\microsoft frontpage
2010-07-09 11:19 . 2010-07-09 11:19 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-26 16:21 . 2008-07-07 17:20 82840 ----a-w c:\windows\system32\perfc005.dat
2009-05-26 16:21 . 2008-07-07 17:20 437574 ----a-w c:\windows\system32\perfh005.dat
2009-05-26 15:37 . 2009-05-26 15:37 -------- d-----w c:\program files\MSXML 4.0
2009-05-25 22:45 . 2009-05-25 22:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 21:57 . 2009-05-25 21:57 -------- d-----w c:\program files\Trend Micro
2009-05-25 19:00 . 2009-05-25 16:44 -------- d-----w c:\program files\ESET
2009-05-25 18:01 . 2009-05-25 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 17:31 . 2009-04-11 22:55 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 17:00 . 2009-05-25 17:00 -------- d-----w c:\program files\Data0.Net Software
2009-05-25 16:25 . 2009-05-25 16:25 2944 ---ha-w c:\windows\system32\drivers\dciiodrv.sys
2009-05-24 14:42 . 2008-11-27 23:19 -------- d-----w c:\program files\Call of Duty
2009-05-22 14:22 . 2009-05-22 14:22 -------- d-----w c:\program files\eeectl_0.2.4
2009-05-22 12:32 . 2009-05-22 12:32 -------- d-----w c:\program files\XNote Stopwatch
2009-05-19 13:33 . 2009-05-19 13:33 32 --s-a-w c:\windows\system32\4173209304.dat
2009-05-16 14:22 . 2010-07-09 12:01 -------- d-----w c:\program files\Asus
2009-05-16 08:19 . 2008-11-08 16:17 -------- d-----w c:\program files\Google
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-05-08 10:56 . 2009-02-15 20:58 -------- d-----w c:\program files\FreeMind
2009-05-06 22:19 . 2009-04-10 10:14 -------- d-----w c:\program files\PartyGaming
2009-05-05 17:11 . 2009-04-11 22:59 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-05 17:10 . 2009-04-11 22:55 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 07:58 . 2009-05-02 19:56 -------- d-----w c:\program files\JLC's Software
2009-05-02 22:20 . 2008-12-13 13:57 -------- d-----w c:\program files\Bytescout PPT To PDF Scout
2009-04-30 06:05 . 2009-04-06 17:52 -------- d-----w c:\program files\PopTray
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\IMDecoder
2009-04-29 23:22 . 2010-07-09 11:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 22:56 . 2009-04-11 22:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-11 16:44 . 2009-04-04 22:35 -------- d-----w c:\program files\Full Tilt Poker
2009-04-11 16:41 . 2009-02-16 08:25 -------- d-----w c:\program files\PokerStars
2009-04-09 21:35 . 2009-04-09 21:33 -------- d-----w c:\program files\ParadisePoker
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-06 13:32 . 2009-05-25 22:45 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-25 22:45 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-05 20:16 . 2009-04-05 20:16 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-05 20:16 . 2009-04-05 20:16 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-05 20:16 . 2009-04-05 20:16 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-05 20:15 . 2008-10-20 21:21 -------- d-----w c:\program files\Sony Ericsson
2009-04-05 19:57 . 2009-04-05 19:57 -------- d-----w c:\program files\Avanquest update
2009-04-02 18:16 . 2009-04-02 17:55 -------- d-----w c:\program files\BrainWave Generator
2009-04-02 13:49 . 2010-07-09 12:15 -------- d-----w c:\program files\Java
2009-03-24 14:08 . 2009-05-03 07:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-09 03:19 . 2008-11-30 23:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2008-07-07 17:20 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-07-07 17:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-07-07 17:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-07-07 17:20 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-07-07 17:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-07-07 17:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-07-07 17:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-07-07 17:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-07-07 17:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-07-07 17:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:23 . 2008-07-07 17:20 284160 ----a-w c:\windows\system32\pdh.dll
2008-05-07 14:34 . 2010-07-09 12:21 15523560 ----a-w c:\program files\U1 Setup.exe
2009-04-03 09:29 . 2009-02-13 21:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-03 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vitek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - eeectl.lnk - c:\program files\eeectl_0.2.4\eeectl.exe [2009-5-22 31232]
Z stupce - Lama1.lnk - d:\programy\lama10\Lama1.exe [2009-1-17 513024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-11-3 116224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\vitek\\Plocha\\Between_v5\\Between.exe"=
"c:\\Program Files\\Asus\\EeePC\\Super Hybrid Engine\\SuperHybridEngine.exe"=
"d:\\programy\\Dark Room 0.8b\\DarkRoom.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsTray.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsEPCMon.exe"=
"c:\\Program Files\\Elantech\\ETDCtrl.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\VirtuaWin\\VirtuaWin.exe"=
"c:\\Program Files\\eeectl_0.2.4\\eeectl.exe"=
"d:\\programy\\lama10\\Lama1.exe"=
"c:\\Program Files\\VirtuaWin\\modules\\WinList.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Google\\Google Desktop Search\\pdftotext.exe"=
"c:\\Program Files\\Call of Duty\\CoDSP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol__.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\vitek\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12.4.2009 0:55 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12.4.2009 0:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12.4.2009 0:59 39200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12.4.2009 0:56 159600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 4:03 65536]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9.7.2010 13:59 11264]
R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_225.sys [19.11.2008 13:41 17152]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [25.5.2009 18:25 2944]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [21.5.2008 13:20 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [17.5.2008 18:19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.7.2010 13:59 616704]
S2 gupdate1c9905d16363c82;Služba Google Update (gupdate1c9905d16363c82);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 19:36 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [28.1.2009 3:35 17432]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [10.10.2008 17:25 26144]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\drivers\BDA_Loader_225.sys [19.11.2008 13:40 18944]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.4.2009 22:16 13224]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.2.2009 23:29 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12.4.2009 0:55 64392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [13.12.2008 18:42 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [13.12.2008 18:42 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [13.12.2008 18:42 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [13.12.2008 18:42 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [13.12.2008 18:42 100008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.4.2009 0:55 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12.4.2009 0:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 17:00]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - google.cz
FF - component: c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 00:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4260098610-726476409-1454328811-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25030E83-CDA0-4CBC-9B34-4A35E15C2D43}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamlohlkeg"=hex:66,61,63,6d,6a,68,69,65,68,63,62,68,00,31
"dabljjpg"=hex:64,62,61,6a,64,61,61,6f,6b,63,65,66,6b,66,61,6c,61,65,70,6e,69,
61,6a,61,67,6c,6f,64,6f,62,64,62,61,63,63,70,70,67,6f,68,00,00
"iaejnbgjhnncglbhed"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,00
"hakjdpjfgmfnjfjj"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,e0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1036)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(712)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3404.26077__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2009-05-27 0:57
ComboFix-quarantined-files.txt 2009-05-27 22:57

Před spuštěním: 9 559 339 008
Po spuštění: 9 544 073 216

295

Máš tam Spyware Doktor a Spybot, jeden odinstaluj.

díky, za ochotu. ani jeden z těch programů není spuštěn rezidentně (to běží jen ESET), takže myslím, že to vedle sebe zvládnou:) používám je jen jednorázově.
jinak myslím, že vše zlé je již pryč :evil:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\4173209304.dat
c:\windows\system32\drivers\avgntflt.sys

DirLook::
c:\program files\Data0.Net Software

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Znáš červené soubory?:
c:\windows\HideWin.exe
c:\program files\U1 Setup.exe

Pokud ne, zkontroluj je na Virustotalu a dej sem odkazy na výsledky.

PC-HELP.CZ

kontrola snad dobrého logu

kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu

Re: kontrola snad dobrého logu