prosím o kontrolu logu, děkuji

[4422]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:31, on 27.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ICQ6.5\ICQ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://quicktimepro.apple.com/?country= ... 0000026883
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2009 Ultra Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12195 bytes

[Reklama]

[Damned]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[4422]

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2185
Windows 5.1.2600 Service Pack 3

27.5.2009 17:44:57
mbam-log-2009-05-27 (17-44-57).txt

Typ skenu: Rychlý sken
Objektu skenováno: 83302
Uplynulý cas: 8 minute(s), 57 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Vypni rezidentní štít antiviru i antispyware.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[4422]

ComboFix 09-05-26.05 - Barbar 27.05.2009 18:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.435 [GMT 2:00]
Spuštěný z: c:\documents and settings\Barbar\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\substpntx8.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-27 do 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 16:33 . 2009-05-27 16:39 -------- d-----w c:\program files\XULPlayer
2009-05-27 15:43 . 2009-05-27 15:44 -------- d-----w c:\program files\MediaCoder
2009-05-27 07:30 . 2009-05-27 07:30 -------- d-----w c:\program files\Trend Micro
2009-05-25 10:53 . 2009-05-25 10:53 -------- d-----w c:\windows\IIS Temporary Compressed Files
2009-05-24 13:44 . 2003-04-15 23:10 110592 ----a-w c:\windows\system32\tsccvid.dll
2009-05-24 13:44 . 2009-05-24 13:45 466944 ------w c:\windows\Setup1.exe
2009-05-24 13:44 . 2009-05-24 13:44 -------- d-----w c:\program files\CDVPlayer
2009-05-24 13:44 . 2009-05-24 13:45 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-24 11:10 . 2009-05-24 11:10 -------- d-----w c:\program files\Bonjour
2009-05-24 10:59 . 2009-05-24 10:59 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-21 16:58 . 2009-05-21 16:59 -------- d-----w c:\documents and settings\Barbar\Phone Browser
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\Common Files\Nokia
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\DIFX
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-21 14:42 . 2007-02-22 08:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-05-21 14:42 . 2007-02-22 08:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
2009-05-21 14:42 . 2007-02-22 08:15 8320 ----a-w c:\windows\system32\drivers\nmwcdc.sys
2009-05-21 14:42 . 2009-05-21 14:43 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-21 14:42 . 2007-02-22 08:15 137216 ----a-w c:\windows\system32\drivers\nmwcd.sys
2009-05-21 14:42 . 2007-02-22 08:15 65536 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-21 14:42 . 2009-05-21 14:43 -------- d-----w c:\program files\Nokia
2009-05-21 14:34 . 2008-04-13 17:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-20 12:09 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-20 12:09 . 2009-05-20 12:09 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-19 07:38 . 2009-05-19 07:47 -------- d-----w c:\program files\Total Video Converter
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-28 17:05 . 2009-04-28 17:05 138624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-28 17:05 . 2009-04-28 17:16 -------- d-----w c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 15:35 . 2009-04-07 08:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 10:21 . 2009-03-17 19:55 -------- d-----w c:\program files\Torrent Master
2009-05-26 11:20 . 2009-04-07 08:53 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-04-07 08:53 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 11:10 . 2009-03-15 12:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-24 10:42 . 2009-05-24 10:42 0 ----a-w c:\windows\system32\drivers\1043_ASUSTeK_F5R.alu
2009-05-21 14:32 . 2009-05-21 14:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-21 14:32 . 2009-05-21 14:32 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-20 12:10 . 2009-03-31 08:12 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-20 12:09 . 2009-03-31 08:13 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-20 12:05 . 2009-04-07 04:41 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-19 07:47 . 2009-05-19 07:47 2080 ----a-w c:\program files\Uninstall.ini
2009-05-19 07:47 . 2009-01-07 18:24 74330 ----a-w c:\program files\Uninstall.exe
2009-04-20 11:28 . 2001-10-25 15:00 84580 ----a-w c:\windows\system32\perfc005.dat
2009-04-20 11:28 . 2001-10-25 15:00 437750 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 05:59 . 2009-04-20 06:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 05:59 . 2009-03-15 12:15 -------- d-----w c:\program files\Java
2009-04-16 04:40 . 2009-03-15 12:36 -------- d-----w c:\program files\ESET
2009-04-16 04:23 . 2009-04-16 04:16 -------- d-----w c:\program files\Canon
2009-04-16 04:17 . 2009-04-16 04:17 -------- d--h--w c:\program files\CanonBJ
2009-04-07 08:34 . 2009-03-15 12:32 -------- d-----w c:\program files\Google
2009-04-07 08:28 . 2009-03-15 15:59 -------- d-----w c:\program files\SpeedFan
2009-04-07 06:20 . 2009-04-07 06:19 -------- d-----w c:\program files\DivX
2009-04-07 04:41 . 2009-04-07 04:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-03 10:33 . 2009-04-03 10:31 -------- d-----w c:\program files\Crawler
2009-03-23 20:00 . 2009-03-23 20:00 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-23 19:55 . 2008-09-26 20:27 53248 ----a-w c:\windows\system32\VCDControlTool.exe
2009-03-15 18:02 . 2009-03-15 18:02 45308 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-15 15:27 . 2009-03-15 15:27 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-15 14:37 . 2009-03-15 14:37 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-15 13:25 . 2009-03-15 13:25 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-15 12:46 . 2009-03-15 12:46 0 ----a-w c:\windows\nsreg.dat
2009-03-15 12:09 . 2009-03-15 11:34 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-15 12:09 . 2009-03-15 11:34 2426 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-03-15 12:08 . 2009-03-15 11:34 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-03-15 11:30 . 2009-03-15 11:30 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 13:51 . 2008-04-14 07:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-10-16 19:33 826368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2008-10-19 06:38 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll

[-] 2008-10-19 06:38 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe

[-] 2008-10-19 06:35 1589760 DD7E25E20AEBD672DAE7E1D911C2D824 c:\windows\explorer.exe

[-] 2008-10-19 06:35 66560 0AB43CE7EFFAD6B4914AE3C1B489AAA1 c:\windows\system32\ctfmon.exe

[-] 2008-11-05 16:33 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-15 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-10-19 66560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodTrialReset"="regedit" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-28 2776576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-10-19 66560]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"=c:\program files\DAEMON Tools Lite\daemon.exe -autorun
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"Wireless Console 2"=c:\program files\Wireless Console 2\wcourier.exe
"Power_Gear"=c:\program files\ASUS\Power4 Gear\BatteryLife.exe 1
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SMSERIAL"=c:\windows\sm56hlpr.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ASUS Live Update"=c:\program files\ASUS\ASUS Live Update\ALU.exe
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMEDIA.EXE
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RTHDCPL"=RTHDCPL.EXE
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"DrvIcon"=c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.4.2009 19:05 138624]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [31.3.2009 10:13 604416]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [15.3.2009 15:04 16269]
R3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [15.3.2009 15:31 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [15.3.2009 15:31 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CRYSTALSYSINFO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'

2009-05-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://quicktimepro.apple.com/?country= ... 0000026883
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Barbar\Data aplikací\Mozilla\Firefox\Profiles\e5xaun62.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 18:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\SETUPAPI.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-05-27 18:47
ComboFix-quarantined-files.txt 2009-05-27 16:47

Před spuštěním: 2 298 220 544
Po spuštění: 2 300 739 584

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

254 --- E O F --- 2009-05-13 19:42

[Damned]

Klidně bych odinstaloval ten Crawler toolbar.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\mlfcache.dat
c:\windows\system32\ezsidmv.dat
c:\windows\nsreg.dat


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Tyto soubory znáš?
c:\program files\Uninstall.ini
c:\program files\Uninstall.exe
c:\windows\Setup1.exe

Pokud ne, otestuj je na Virustotalu a sej sem odkazy na výsledky.

[4422]

ComboFix 09-05-26.05 - Barbar 27.05.2009 20:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.383 [GMT 2:00]
Spuštěný z: c:\documents and settings\Barbar\Plocha\program\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Barbar\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\nsreg.dat"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\mlfcache.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\nsreg.dat
c:\windows\system32\ezsidmv.dat
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-27 do 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 17:37 . 2009-05-27 17:37 -------- d-----w c:\documents and settings\Barbar\LocalLow
2009-05-27 17:11 . 2009-05-27 17:11 -------- d-----w c:\documents and settings\Barbar\.dvdcss
2009-05-27 16:33 . 2009-05-27 17:34 -------- d-----w c:\program files\XULPlayer
2009-05-27 15:43 . 2009-05-27 15:44 -------- d-----w c:\program files\MediaCoder
2009-05-27 07:30 . 2009-05-27 07:30 -------- d-----w c:\program files\Trend Micro
2009-05-25 10:53 . 2009-05-25 10:53 -------- d-----w c:\windows\IIS Temporary Compressed Files
2009-05-24 13:44 . 2003-04-15 23:10 110592 ----a-w c:\windows\system32\tsccvid.dll
2009-05-24 13:44 . 2009-05-24 13:45 466944 ------w c:\windows\Setup1.exe
2009-05-24 13:44 . 2009-05-24 13:44 -------- d-----w c:\program files\CDVPlayer
2009-05-24 13:44 . 2009-05-24 13:45 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-24 11:10 . 2009-05-24 11:10 -------- d-----w c:\program files\Bonjour
2009-05-24 10:59 . 2009-05-24 10:59 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-21 16:58 . 2009-05-21 16:59 -------- d-----w c:\documents and settings\Barbar\Phone Browser
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\Common Files\Nokia
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\DIFX
2009-05-21 14:43 . 2009-05-21 14:43 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-21 14:42 . 2007-02-22 08:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-05-21 14:42 . 2007-02-22 08:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
2009-05-21 14:42 . 2007-02-22 08:15 8320 ----a-w c:\windows\system32\drivers\nmwcdc.sys
2009-05-21 14:42 . 2009-05-21 14:43 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-21 14:42 . 2007-02-22 08:15 137216 ----a-w c:\windows\system32\drivers\nmwcd.sys
2009-05-21 14:42 . 2007-02-22 08:15 65536 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-21 14:42 . 2009-05-21 14:43 -------- d-----w c:\program files\Nokia
2009-05-21 14:34 . 2008-04-13 17:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-20 12:09 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-20 12:09 . 2009-05-20 12:09 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-19 07:38 . 2009-05-19 07:47 -------- d-----w c:\program files\Total Video Converter
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-28 17:05 . 2009-04-28 17:05 138624 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-28 17:05 . 2009-04-28 17:16 -------- d-----w c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 15:35 . 2009-04-07 08:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 10:21 . 2009-03-17 19:55 -------- d-----w c:\program files\Torrent Master
2009-05-26 11:20 . 2009-04-07 08:53 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-04-07 08:53 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 11:10 . 2009-03-15 12:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-24 10:42 . 2009-05-24 10:42 0 ----a-w c:\windows\system32\drivers\1043_ASUSTeK_F5R.alu
2009-05-21 14:32 . 2009-05-21 14:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-21 14:32 . 2009-05-21 14:32 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-20 12:10 . 2009-03-31 08:12 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-20 12:09 . 2009-03-31 08:13 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-20 12:05 . 2009-04-07 04:41 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-19 07:47 . 2009-05-19 07:47 2080 ----a-w c:\program files\Uninstall.ini
2009-05-19 07:47 . 2009-01-07 18:24 74330 ----a-w c:\program files\Uninstall.exe
2009-04-20 11:28 . 2001-10-25 15:00 84580 ----a-w c:\windows\system32\perfc005.dat
2009-04-20 11:28 . 2001-10-25 15:00 437750 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 05:59 . 2009-04-20 06:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 05:59 . 2009-03-15 12:15 -------- d-----w c:\program files\Java
2009-04-16 04:40 . 2009-03-15 12:36 -------- d-----w c:\program files\ESET
2009-04-16 04:23 . 2009-04-16 04:16 -------- d-----w c:\program files\Canon
2009-04-16 04:17 . 2009-04-16 04:17 -------- d--h--w c:\program files\CanonBJ
2009-04-07 08:34 . 2009-03-15 12:32 -------- d-----w c:\program files\Google
2009-04-07 08:28 . 2009-03-15 15:59 -------- d-----w c:\program files\SpeedFan
2009-04-07 06:20 . 2009-04-07 06:19 -------- d-----w c:\program files\DivX
2009-04-07 04:41 . 2009-04-07 04:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-03 10:33 . 2009-04-03 10:31 -------- d-----w c:\program files\Crawler
2009-03-23 20:00 . 2009-03-23 20:00 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-23 19:55 . 2008-09-26 20:27 53248 ----a-w c:\windows\system32\VCDControlTool.exe
2009-03-15 15:27 . 2009-03-15 15:27 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-15 13:25 . 2009-03-15 13:25 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-15 12:09 . 2009-03-15 11:34 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-15 12:09 . 2009-03-15 11:34 2426 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-03-15 12:08 . 2009-03-15 11:34 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-03-15 11:30 . 2009-03-15 11:30 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 13:51 . 2008-04-14 07:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-10-16 19:33 826368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2008-10-19 06:38 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll

[-] 2008-10-19 06:38 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe

[-] 2008-10-19 06:35 1589760 DD7E25E20AEBD672DAE7E1D911C2D824 c:\windows\explorer.exe

[-] 2008-10-19 06:35 66560 0AB43CE7EFFAD6B4914AE3C1B489AAA1 c:\windows\system32\ctfmon.exe

[-] 2008-11-05 16:33 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-15 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-10-19 66560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodTrialReset"="regedit" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-28 2776576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-10-19 66560]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"=c:\program files\DAEMON Tools Lite\daemon.exe -autorun
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"Wireless Console 2"=c:\program files\Wireless Console 2\wcourier.exe
"Power_Gear"=c:\program files\ASUS\Power4 Gear\BatteryLife.exe 1
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SMSERIAL"=c:\windows\sm56hlpr.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ASUS Live Update"=c:\program files\ASUS\ASUS Live Update\ALU.exe
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMEDIA.EXE
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RTHDCPL"=RTHDCPL.EXE
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"DrvIcon"=c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\XULPlayer\\xulrunner\\xulrunner.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2009 11:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.4.2009 19:05 138624]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [31.3.2009 10:13 604416]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [15.3.2009 15:04 16269]
R3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [15.3.2009 15:31 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [15.3.2009 15:31 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CRYSTALSYSINFO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'

2009-05-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://quicktimepro.apple.com/?country= ... 0000026883
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Barbar\Data aplikací\Mozilla\Firefox\Profiles\e5xaun62.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 20:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\SETUPAPI.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-05-27 20:25
ComboFix-quarantined-files.txt 2009-05-27 18:25
ComboFix2.txt 2009-05-27 16:47

Před spuštěním: 1 543 258 112
Po spuštění: 1 480 663 040

252 --- E O F --- 2009-05-13 19:42

[4422]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:24, on 27.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://quicktimepro.apple.com/?country= ... 0000026883
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11366 bytes

[Damned]

Ještě ty odkazy na virustotal a zkontroluj tam i toto:

C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe

[4422]

vypadá to, že jsou O.K. Díky moc.

[Damned]

Ten Crawler si tam necháš? Cracknutej NOD taky? Cracknutý NERo taky?
Za chvíli tu bedeš zas