prosím o kontrolu logu z ComboFix

[bobak11]

Zdravím, PC sa mi začalo samovolne reštartovať a po reštarte vypíše že to bola vážna chyba. A teraz mi nejde nič hodiť do koša. Vypisuje mi, že súbor je nečitatelný alebo poškodený. Pomôžte prosím. Ďakujem.
Pridávam log z ComboFixu.

ComboFix 09-07-04.05 - Bobo 007 05.07.2009 13:32.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.768.470 [GMT 2:00]
Running from: c:\combofix(2)\ComboFix.exe
Command switches used :: c:\combofix(2)\CFScript.txt..txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1778201.msi
c:\windows\Installer\22ec446.msp
c:\windows\Installer\3f669e4.msi
c:\windows\Installer\4a45b53.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-06-26 07:40 . 2009-06-26 07:45 -------- d-----w- c:\program files\SubRip
2009-06-22 18:21 . 2009-06-22 18:21 -------- d-----w- c:\program files\SubSync
2009-06-22 18:21 . 2009-06-22 18:21 249856 ------w- c:\windows\Setup1.exe
2009-06-22 18:21 . 2009-06-22 18:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-22 11:29 . 2009-06-22 11:29 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\GRETECH
2009-06-22 11:25 . 2009-06-22 16:08 -------- d-----w- c:\program files\Ask.com
2009-06-22 11:23 . 2009-06-22 11:23 -------- d-----w- c:\program files\GRETECH
2009-06-22 10:52 . 2009-06-26 07:29 -------- d-----w- C:\DivXG400
2009-06-22 10:46 . 2009-06-22 10:46 209635 ----a-w- c:\windows\IPUI_DivXG400.exe
2009-06-17 17:17 . 2009-06-17 17:17 -------- d-----w- c:\program files\Audacity
2009-06-17 16:15 . 2009-06-25 01:22 -------- d-----w- C:\Návod na zvuk
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut4_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut2_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut1_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 12:23 . 2009-06-17 06:58 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-06-14 12:23 . 2009-06-17 06:58 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-06-14 12:22 . 2009-06-17 06:58 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-06-14 12:21 . 2009-06-14 12:21 -------- d-----w- c:\windows\Replay Media Catcher
2009-06-14 12:21 . 2009-06-17 06:59 -------- d-----w- c:\program files\Replay Media Catcher
2009-06-12 05:49 . 2009-06-12 05:50 -------- d-----w- c:\program files\Správce hesel
2009-06-09 20:23 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-09 20:23 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 19:50 . 2009-07-03 17:03 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Facebook
2009-06-06 11:30 . 2009-06-05 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 23:24 . 2009-06-05 23:25 -------- d-----w- c:\documents and settings\Bobo 007\Local Settings\Application Data\SubtitleCreator
2009-06-05 23:24 . 2009-06-05 23:24 -------- d-----w- c:\program files\SubtitleCreator
2009-06-05 23:15 . 2009-06-05 23:15 121128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\program files\MSBuild
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\program files\Reference Assemblies
2009-06-05 23:14 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-05 20:19 . 2009-06-05 20:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-05 20:19 . 2009-06-05 20:18 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-05 20:18 . 2009-06-05 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 20:18 . 2009-07-03 20:19 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 20:18 . 2009-07-03 20:19 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 20:18 . 2009-07-03 20:19 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-05 20:18 . 2009-06-05 20:18 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-05 20:17 . 2009-06-05 20:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-05 20:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-05 18:26 . 2009-06-05 19:55 -------- d-----w- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 11:36 . 2009-01-18 15:37 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\uTorrent
2009-07-05 10:59 . 2009-01-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-05 10:38 . 2009-05-17 18:58 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\MenuShrink
2009-07-05 09:47 . 2009-04-24 01:51 117760 ----a-w- c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 02:56 . 2009-01-21 00:31 -------- d-----w- c:\program files\FlashGet
2009-07-04 13:17 . 2009-05-14 20:43 -------- d-----w- c:\program files\Minilyrics
2009-07-04 07:46 . 2009-01-19 02:26 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Skype
2009-07-04 07:22 . 2009-01-19 02:28 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\skypePM
2009-07-03 20:20 . 2009-06-19 20:18 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-03 20:20 . 2009-06-19 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-03 20:19 . 2009-06-19 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-03 20:19 . 2009-06-19 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-03 20:19 . 2009-06-19 20:18 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-03 20:19 . 2009-06-19 20:18 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-03 20:19 . 2009-06-19 20:18 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-03 20:19 . 2009-06-19 20:18 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-03 20:19 . 2009-06-19 20:18 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-03 20:19 . 2009-06-19 20:18 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-03 20:19 . 2009-06-19 20:18 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-03 20:19 . 2009-06-19 20:18 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-03 20:19 . 2009-06-19 20:18 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-03 20:19 . 2009-06-19 20:18 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 16:34 . 2009-01-23 21:06 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\dvdcss
2009-07-02 07:43 . 2009-01-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-01 06:27 . 2009-04-26 13:20 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\RipIt4Me
2009-07-01 06:17 . 2009-01-18 23:17 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Vso
2009-06-30 17:13 . 2009-01-29 08:45 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Canon
2009-06-26 23:01 . 2009-01-18 13:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 02:12 . 2009-01-23 12:05 -------- d-----w- c:\program files\Opera
2009-06-14 15:39 . 2009-02-01 00:00 -------- d-----w- c:\program files\Pegasys Inc
2009-06-06 11:52 . 2009-04-18 13:46 -------- d-----w- c:\program files\Lavasoft
2009-06-06 11:52 . 2009-04-18 13:54 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Lavasoft
2009-06-06 11:30 . 2009-02-06 05:58 -------- d-----w- c:\program files\AimOne_AlltoMP3
2009-06-05 23:18 . 2009-01-18 14:00 47416 ----a-w- c:\documents and settings\Bobo 007\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:16 . 2009-04-24 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 20:11 . 2009-01-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-05 18:50 . 2009-02-01 08:15 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Pegasys Inc
2009-06-04 21:16 . 2009-06-04 21:16 3082 ----a-w- c:\windows\system32\affv9869p2now.sys
2009-06-04 20:39 . 2009-01-18 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----w- c:\program files\Common Files\Skype
2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----r- c:\program files\Skype
2009-06-04 20:23 . 2009-01-19 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-03 01:47 . 2009-06-03 01:47 -------- d-----w- c:\program files\MSECache
2009-06-01 23:22 . 2009-06-01 23:22 -------- d-----w- c:\program files\Jufsoft
2009-05-31 17:50 . 2009-01-24 18:21 -------- d-----w- c:\program files\DVD2SVCD
2009-05-31 14:54 . 2009-05-31 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-----w- c:\program files\IVT Corporation
2009-05-31 08:55 . 2009-05-04 05:16 -------- d-----w- c:\program files\Subtitle Converter
2009-05-30 03:39 . 2009-05-18 09:47 -------- d-----w- c:\program files\Free Screen Recorder
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\TamoSoft
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TamoSoft
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\program files\CountryWhois
2009-05-23 13:12 . 2009-05-23 13:12 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\DepositFiles Uploader
2009-05-22 03:36 . 2009-04-26 11:46 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\SendSpace Wizard
2009-05-19 21:24 . 2009-05-19 21:07 -------- d-----w- c:\program files\OCCT
2009-05-18 15:29 . 2009-05-18 15:29 -------- d-----w- c:\program files\ffdshow
2009-05-18 14:38 . 2009-05-18 14:36 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\vlc
2009-05-18 14:23 . 2009-05-18 05:22 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\XnView
2009-05-17 22:12 . 2009-05-17 22:12 -------- d-----w- c:\program files\XnView
2009-05-17 19:15 . 2009-02-10 20:56 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\PgcEdit
2009-05-17 18:11 . 2009-01-18 13:41 -------- d-----w- c:\program files\DVD Shrink
2009-05-17 06:36 . 2009-05-17 06:36 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\BSplayer Pro
2009-05-17 06:36 . 2009-05-17 06:36 -------- d-----w- c:\program files\Webteh
2009-05-15 17:17 . 2009-05-15 17:17 -------- d-----w- c:\program files\EvilLyrics
2009-05-15 16:51 . 2009-05-15 16:49 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Winamp
2009-05-15 16:49 . 2009-05-15 16:49 -------- d-----w- c:\program files\Winamp
2009-05-14 20:44 . 2009-05-14 20:44 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\MiniLyrics
2009-05-11 05:19 . 2009-01-24 18:22 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-10 12:23 . 2009-05-10 12:23 -------- d-----w- c:\program files\TimeAdjuster
2009-05-09 12:07 . 2009-01-18 17:28 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Ahead
2009-05-09 10:48 . 2009-01-25 00:50 -------- d-----w- c:\program files\Allok MP3 to AMR Converter
2009-05-07 15:32 . 2004-08-03 23:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 13:20 . 2009-04-26 13:20 643072 ----a-w- c:\documents and settings\Bobo 007\Application Data\RipIt4Me\updater\ri4mupdater.exe
2009-04-24 01:50 . 2009-04-24 01:50 34304 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
2009-04-18 13:46 . 2009-04-18 13:46 658432 ----a-w- c:\windows\isRS-000.tmp
2009-04-17 19:23 . 2009-04-13 11:50 117760 ----a-w- c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware(2)\SDDLLS(2)\UIREPAIR(2).DLL
2009-04-17 12:26 . 2007-06-24 07:40 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-06-24 07:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-05-16 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-03 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-25 949376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\documents and settings\Bobo 007\Application Data\Facebook\facebook.exe"= c:\documents and settings\Bobo 007\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.6.2009 22:19 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [25.1.2009 16:58 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.3.2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 14:07 72944]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11.2.2009 2:48 603904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 14:07 7408]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-07-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:19]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.atlas.sk/
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 13:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-07-05 13:38
ComboFix-quarantined-files.txt 2009-07-05 11:38
ComboFix2.txt 2009-06-21 08:58
ComboFix3.txt 2009-04-18 17:07

Pre-Run: 4 564 434 944 bytes free
Post-Run: 4 644 388 864 voľných bajtov

244 --- E O F --- 2009-06-10 01:06

[Reklama]

[Damned]

Odinstaluj si ten AskBar (Ask.com). Stáhni si z mého podpisu Hijackthis a podle návodu udělej z něho log.

Kdo ti poradil ComboFix? Na co si chtěl použít script?

[bobak11]

Neporadil mi nikto mal som ho z minulej kontroly tak som to skúsil. Ten ASK toolBar som už skúšal odinštalovať ale stále to tam je. Dík
Tu je log z HjT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:48, on 5.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8131 bytes

[Damned]

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu. Večer se na to mrknu. Asi okolo osmý.

[bobak11]

Urobil všetko tak ako si písal. To je log:

Malwarebytes' Anti-Malware 1.38
Verzia databázy: 2375
Windows 5.1.2600 Service Pack 3

5.7.2009 15:26:31
mbam-log-2009-07-05 (15-26-31).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 85305
Uplynutý cas: 3 minute(s), 15 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[Damned]

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Stáhni si T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si nový ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\affv9869p2now.sys
c:\program files\Ask.com
c:\windows\isRS-000.tmp

Folder::
c:\program files\Ask.com
c:\program files\Webteh
c:\windows\isRS-000.tmp
c:\documents and settings\Bobo 007\Application Data\BSplayer Pro

Driver::
affv9869p2now




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[bobak11]

Sorry bol som mimo. Urobil som všetko ako si napísal tu je log:

ComboFix 09-07-04.09 - Bobo 007 05.07.2009 21:35.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.768.493 [GMT 2:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\Bobo 007\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Ask.com"
"c:\windows\isRS-000.tmp"
"c:\windows\system32\affv9869p2now.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bobo 007\Application Data\BSplayer Pro
c:\documents and settings\Bobo 007\Application Data\BSplayer Pro\BSplayer.xml
c:\documents and settings\Bobo 007\Application Data\BSplayer Pro\EQ.xml
c:\program files\Ask.com
c:\program files\Webteh
c:\windows\isRS-000.tmp
c:\windows\system32\affv9869p2now.sys

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 13:12 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 13:12 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 07:40 . 2009-06-26 07:45 -------- d-----w- c:\program files\SubRip
2009-06-22 18:21 . 2009-06-22 18:21 -------- d-----w- c:\program files\SubSync
2009-06-22 18:21 . 2009-06-22 18:21 249856 ------w- c:\windows\Setup1.exe
2009-06-22 18:21 . 2009-06-22 18:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-22 11:29 . 2009-06-22 11:29 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\GRETECH
2009-06-22 11:23 . 2009-06-22 11:23 -------- d-----w- c:\program files\GRETECH
2009-06-22 10:52 . 2009-06-26 07:29 -------- d-----w- C:\DivXG400
2009-06-22 10:46 . 2009-06-22 10:46 209635 ----a-w- c:\windows\IPUI_DivXG400.exe
2009-06-17 17:17 . 2009-06-17 17:17 -------- d-----w- c:\program files\Audacity
2009-06-17 16:15 . 2009-06-25 01:22 -------- d-----w- C:\Návod na zvuk
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut4_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut2_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 15:41 . 2009-06-14 15:41 323584 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{C26AE123-1628-4A1C-9893-613EC8B2BB94}\NewShortcut1_7D92DCA137CF48779A5D10147F1909A1.exe
2009-06-14 12:23 . 2009-06-17 06:58 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-06-14 12:23 . 2009-06-17 06:58 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-06-14 12:22 . 2009-06-17 06:58 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-06-14 12:21 . 2009-06-14 12:21 -------- d-----w- c:\windows\Replay Media Catcher
2009-06-14 12:21 . 2009-06-17 06:59 -------- d-----w- c:\program files\Replay Media Catcher
2009-06-12 05:49 . 2009-06-12 05:50 -------- d-----w- c:\program files\Správce hesel
2009-06-09 20:23 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-09 20:23 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 19:50 . 2009-07-03 17:03 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Facebook
2009-06-06 11:30 . 2009-06-05 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 23:24 . 2009-06-05 23:25 -------- d-----w- c:\documents and settings\Bobo 007\Local Settings\Application Data\SubtitleCreator
2009-06-05 23:24 . 2009-06-05 23:24 -------- d-----w- c:\program files\SubtitleCreator
2009-06-05 23:15 . 2009-06-05 23:15 121128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\program files\MSBuild
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-05 23:15 . 2009-06-05 23:15 -------- d-----w- c:\program files\Reference Assemblies
2009-06-05 23:14 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-05 20:19 . 2009-06-05 20:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-05 20:19 . 2009-06-05 20:18 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-05 20:18 . 2009-06-05 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 20:18 . 2009-07-03 20:19 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 20:18 . 2009-07-03 20:19 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 20:18 . 2009-07-03 20:19 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-05 20:18 . 2009-06-05 20:18 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-05 20:17 . 2009-06-05 20:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-05 20:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 19:34 . 2009-01-18 15:37 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\uTorrent
2009-07-05 19:24 . 2009-04-24 01:51 117760 ----a-w- c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 13:15 . 2009-04-13 07:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 10:59 . 2009-01-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-05 10:38 . 2009-05-17 18:58 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\MenuShrink
2009-07-05 02:56 . 2009-01-21 00:31 -------- d-----w- c:\program files\FlashGet
2009-07-04 13:17 . 2009-05-14 20:43 -------- d-----w- c:\program files\Minilyrics
2009-07-04 07:46 . 2009-01-19 02:26 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Skype
2009-07-04 07:22 . 2009-01-19 02:28 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\skypePM
2009-07-03 20:20 . 2009-06-19 20:18 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-03 20:20 . 2009-06-19 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-03 20:19 . 2009-06-19 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-03 20:19 . 2009-06-19 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-03 20:19 . 2009-06-19 20:18 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-03 20:19 . 2009-06-19 20:18 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-03 20:19 . 2009-06-19 20:18 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-03 20:19 . 2009-06-19 20:18 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-03 20:19 . 2009-06-19 20:18 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-03 20:19 . 2009-06-19 20:18 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-03 20:19 . 2009-06-19 20:18 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-03 20:19 . 2009-06-19 20:18 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-03 20:19 . 2009-06-19 20:18 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-03 20:19 . 2009-06-19 20:18 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 16:34 . 2009-01-23 21:06 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\dvdcss
2009-07-02 07:43 . 2009-01-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-01 06:27 . 2009-04-26 13:20 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\RipIt4Me
2009-07-01 06:17 . 2009-01-18 23:17 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Vso
2009-06-30 17:13 . 2009-01-29 08:45 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Canon
2009-06-26 23:01 . 2009-01-18 13:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 02:12 . 2009-01-23 12:05 -------- d-----w- c:\program files\Opera
2009-06-14 15:39 . 2009-02-01 00:00 -------- d-----w- c:\program files\Pegasys Inc
2009-06-06 11:52 . 2009-04-18 13:46 -------- d-----w- c:\program files\Lavasoft
2009-06-06 11:52 . 2009-04-18 13:54 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Lavasoft
2009-06-06 11:30 . 2009-02-06 05:58 -------- d-----w- c:\program files\AimOne_AlltoMP3
2009-06-05 23:18 . 2009-01-18 14:00 47416 ----a-w- c:\documents and settings\Bobo 007\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:16 . 2009-04-24 01:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 20:11 . 2009-01-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-05 18:50 . 2009-02-01 08:15 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Pegasys Inc
2009-06-04 20:39 . 2009-01-18 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----w- c:\program files\Common Files\Skype
2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----r- c:\program files\Skype
2009-06-04 20:23 . 2009-01-19 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-03 01:47 . 2009-06-03 01:47 -------- d-----w- c:\program files\MSECache
2009-06-01 23:22 . 2009-06-01 23:22 -------- d-----w- c:\program files\Jufsoft
2009-05-31 17:50 . 2009-01-24 18:21 -------- d-----w- c:\program files\DVD2SVCD
2009-05-31 14:54 . 2009-05-31 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-05-31 14:46 . 2009-05-31 14:46 -------- d-----w- c:\program files\IVT Corporation
2009-05-31 08:55 . 2009-05-04 05:16 -------- d-----w- c:\program files\Subtitle Converter
2009-05-30 03:39 . 2009-05-18 09:47 -------- d-----w- c:\program files\Free Screen Recorder
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\TamoSoft
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TamoSoft
2009-05-26 18:08 . 2009-05-26 18:08 -------- d-----w- c:\program files\CountryWhois
2009-05-23 13:12 . 2009-05-23 13:12 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\DepositFiles Uploader
2009-05-22 03:36 . 2009-04-26 11:46 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\SendSpace Wizard
2009-05-19 21:24 . 2009-05-19 21:07 -------- d-----w- c:\program files\OCCT
2009-05-18 15:29 . 2009-05-18 15:29 -------- d-----w- c:\program files\ffdshow
2009-05-18 14:38 . 2009-05-18 14:36 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\vlc
2009-05-18 14:23 . 2009-05-18 05:22 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\XnView
2009-05-17 22:12 . 2009-05-17 22:12 -------- d-----w- c:\program files\XnView
2009-05-17 19:15 . 2009-02-10 20:56 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\PgcEdit
2009-05-17 18:11 . 2009-01-18 13:41 -------- d-----w- c:\program files\DVD Shrink
2009-05-15 17:17 . 2009-05-15 17:17 -------- d-----w- c:\program files\EvilLyrics
2009-05-15 16:51 . 2009-05-15 16:49 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Winamp
2009-05-15 16:49 . 2009-05-15 16:49 -------- d-----w- c:\program files\Winamp
2009-05-14 20:44 . 2009-05-14 20:44 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\MiniLyrics
2009-05-11 05:19 . 2009-01-24 18:22 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-10 12:23 . 2009-05-10 12:23 -------- d-----w- c:\program files\TimeAdjuster
2009-05-09 12:07 . 2009-01-18 17:28 -------- d-----w- c:\documents and settings\Bobo 007\Application Data\Ahead
2009-05-09 10:48 . 2009-01-25 00:50 -------- d-----w- c:\program files\Allok MP3 to AMR Converter
2009-05-07 15:32 . 2004-08-03 23:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 13:20 . 2009-04-26 13:20 643072 ----a-w- c:\documents and settings\Bobo 007\Application Data\RipIt4Me\updater\ri4mupdater.exe
2009-04-24 01:50 . 2009-04-24 01:50 34304 ----a-r- c:\documents and settings\Bobo 007\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
2009-04-17 19:23 . 2009-04-13 11:50 117760 ----a-w- c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware(2)\SDDLLS(2)\UIREPAIR(2).DLL
2009-04-17 12:26 . 2007-06-24 07:40 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-06-24 07:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-05-16 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-03 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-25 949376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\documents and settings\Bobo 007\Application Data\Facebook\facebook.exe"= c:\documents and settings\Bobo 007\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.6.2009 22:19 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [25.1.2009 16:58 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.3.2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 14:07 72944]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11.2.2009 2:48 603904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 14:07 7408]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-07-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.atlas.sk/
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Bobo 007\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-07-05 21:41
ComboFix-quarantined-files.txt 2009-07-05 19:41

Pre-Run: 4 719 636 480 bytes free
Post-Run: 4 707 725 312 voľných bajtov

243 --- E O F --- 2009-06-10 01:06

Počas spusteného ComboFixu mi vyskočila hláška: NirCmd.afexe - poškodený súbor v súvislosti s I:/Recykler
Nestačil som to opísať.

[Damned]

Start-spustit-napiš: notepad .do něho vlož tento celý text:

Kód: Vybrat vše

dir \ekrn.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
*****************************************************************************************************************************************
Červené soubory zkontroluj na Virustotalu a vlož sem odkazy na výsledek.

c:\WINDOWS\NirCmd.exe
c:\documents and settings\Bobo 007\Application Data\Facebook\facebook.exe
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=-
"NMIndexingService"=-



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
*****************************************************************************************************************************************
Udělej nový log z HJT a vlož ho sem.

[bobak11]

To je ten prvý výpis:
Zv„zok v jednotke C nem  §iadnu menovku.
S‚riov‚ źˇslo zv„zku je 70C6-4B38
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tu je z Virustotalu:
Soubor NIRCMD.exe přijatý 2009.07.05 21:02:24 (UTC)
Současný stav: Dokončeno
Výsledek: 5/41 (12.2%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.07.05 -
AhnLab-V3 5.0.0.2 2009.07.05 -
AntiVir 7.9.0.204 2009.07.05 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.04 -
Avast 4.8.1335.0 2009.07.05 -
AVG 8.5.0.386 2009.07.05 -
BitDefender 7.2 2009.07.05 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.05 -
eSafe 7.0.17.0 2009.07.02 Suspicious File
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.04 -
F-Secure 8.0.14470.0 2009.07.05 -
Fortinet 3.117.0.0 2009.07.03 HackerTool/Nircmd
GData 19 2009.07.05 -
Ikarus T3.1.1.64.0 2009.07.05 -
Jiangmin 11.0.706 2009.07.05 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.05 -
McAfee 5667 2009.07.05 -
McAfee+Artemis 5667 2009.07.05 -
McAfee-GW-Edition 6.8.5 2009.07.05 -
Microsoft 1.4803 2009.07.05 -
NOD32 4219 2009.07.05 -
Norman 6.01.09 2009.07.04 -
nProtect 2009.1.8.0 2009.07.05 -
Panda 10.0.0.14 2009.07.05 Suspicious file
PCTools 4.4.2.0 2009.07.05 -
Prevx 3.0 2009.07.05 -
Rising 21.36.62.00 2009.07.05 -
Sophos 4.43.0 2009.07.05 NirCmd
Sunbelt 3.2.1858.2 2009.07.05 -
Symantec 1.4.4.12 2009.07.05 -
TheHacker 6.3.4.3.362 2009.07.04 -
TrendMicro 8.950.0.1094 2009.07.05 -
VBA32 3.12.10.7 2009.07.05 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.05 -
Rozšiřující informace
File size: 31232 bytes
MD5...: ac6094297cd882b8626466cdeb64f19f
SHA1..: 07a683bf71f60c4cd249ceaa852f4c44ff14e982
SHA256: 27c7ffd8367aaa73155fbb287a7df1f157f2d0c3323dbb176d02b36ff616fca5
ssdeep: 768:yvFaVTatVpWviQe1IRKIQbrfA1X4kJO/:+EatV0Y1XIQbr9L/
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12b60
timedatestamp.....: 0x4a1c1d44 (Tue May 26 16:48:04 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xc000 0x7000 0x6e00 7.89 79cf916a8252d249440287390e432898
.rsrc 0x13000 0x1000 0x800 3.31 3dd3dc3578027e128db198452af263a7

( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: BitBlt
> msvcrt.dll: exit
> ole32.dll: CoInitialize
> SHELL32.dll: ShellExecuteA
> USER32.dll: GetDC
> WINMM.dll: mixerOpen

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Facebook:

Soubor facebook.exe přijatý 2009.07.05 21:21:26 (UTC)
Současný stav: Dokončeno
Výsledek: 1/41 (2.44%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.07.05 -
AhnLab-V3 5.0.0.2 2009.07.05 -
AntiVir 7.9.0.204 2009.07.05 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.04 -
Avast 4.8.1335.0 2009.07.05 -
AVG 8.5.0.386 2009.07.05 -
BitDefender 7.2 2009.07.05 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.05 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.05 -
F-Secure 8.0.14470.0 2009.07.05 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.05 -
Ikarus T3.1.1.64.0 2009.07.05 -
Jiangmin 11.0.706 2009.07.05 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.05 -
McAfee 5667 2009.07.05 -
McAfee+Artemis 5667 2009.07.05 -
McAfee-GW-Edition 6.8.5 2009.07.05 Heuristic.BehavesLike.Win32.Spyware.L
Microsoft 1.4803 2009.07.05 -
NOD32 4219 2009.07.05 -
Norman 6.01.09 2009.07.04 -
nProtect 2009.1.8.0 2009.07.05 -
Panda 10.0.0.14 2009.07.05 -
PCTools 4.4.2.0 2009.07.05 -
Prevx 3.0 2009.07.05 -
Rising 21.36.62.00 2009.07.05 -
Sophos 4.43.0 2009.07.05 -
Sunbelt 3.2.1858.2 2009.07.05 -
Symantec 1.4.4.12 2009.07.05 -
TheHacker 6.3.4.3.362 2009.07.04 -
TrendMicro 8.950.0.1094 2009.07.05 -
VBA32 3.12.10.7 2009.07.05 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.05 -
Rozšiřující informace
File size: 17408 bytes
MD5...: 3a31a586b2a7496ce998b1a56fd3f46b
SHA1..: 69dbbad66270cf3afd7dd9de04bc4b25bc93d9ab
SHA256: 44d9d96ec7b5b6ccc419d6ce953adae8ee202364a8535f0d139735affe6dfb5c
ssdeep: 192:7FP8/lIS96hJWPLksR+bQJSQxORAymywQ6HNlMBsfZgrzL2RQksgZ1LJYtCS
UQXi:YHtLk4+sJSPW3nMBs0L2RhL/m0eQoc
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x285a
timedatestamp.....: 0x45950393 (Fri Dec 29 12:01:23 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ba2 0x1c00 6.23 562e1257a73048f57627736473e97733
.rdata 0x3000 0x6f6 0x800 4.42 0bc54cbd28b49931942782e80f4ef6d3
.data 0x4000 0x131c 0xc00 4.51 eba5b343aaa3349bcf8645590ff30f63
.rsrc 0x6000 0xf20 0x1000 4.71 8c8a5d2359afea19f48149935237f0ae

( 3 imports )
> USER32.dll: GetFocus, MessageBoxA
> MSVCR71.dll: _adjust_fdiv, __p__commode, __p__fmode, __setusermatherr, _except_handler3, _strdup, __dllonexit, _onexit, _controlfp, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _XcptFilter, _exit, _c_exit, realloc, bsearch, qsort, fprintf, _iob, setbuf, getenv, atoi, malloc, free, strncmp, strrchr, __p___argv, __p___argc, strncpy, _snprintf, _stricmp, __set_app_type
> KERNEL32.dll: GetStartupInfoA, IsBadReadPtr, SetLastError, GetProcessHeap, HeapFree, VirtualFree, VirtualProtect, VirtualAlloc, FreeLibrary, GetModuleHandleA, LoadLibraryA, GetProcAddress, OutputDebugStringA, GetFullPathNameA, UnmapViewOfFile, CreateFileA, GetFileSize, CreateFileMappingA, CloseHandle, MapViewOfFile, FindResourceA, LoadResource, LockResource, GetModuleFileNameA, GetLastError, FormatMessageA, LocalFree, lstrlenA, HeapAlloc

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): Py2Exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
a tu je z HjT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:12, on 5.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8207 bytes

Dík.

[Damned]

Kdyby si sem vložil jen odkaz (zkopírovaný adresní řádek) bylo by to přehlednější. Ještě ten facebook.exe, ať můžu napsat script.

[bobak11]

Facebook

http://www.virustotal.com/cs/analisis/4 ... 1246829801

[Damned]

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Vyčisti vše po ComboFixu T-Cleanerem
(smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš). Samozřejmě i soubor NirCmd.exe

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
*****************************************************************************************************************************************
Potom:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config Eset HTTP Server (EHttpSrv) start= disabled
sc config Eset HTTP Server start= disabled
sc config EHttpSrv start= disabled
sc config Eset Service (ekrn) start= disabled
sc config Eset Service start= disabled
sc config ekrn start= disabled
sc stop Eset HTTP Server (EHttpSrv)
sc stop Eset HTTP Server
sc stop EHttpSrv
sc stop Eset Service (ekrn)
sc stop Eset Service
sc stop ekrn
sc delete Eset HTTP Server (EHttpSrv)
sc delete Eset HTTP Server
sc delete EHttpSrv
sc delete Eset Service (ekrn)
sc delete Eset Service
sc delete ekrn

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp a vlož sem nový log z HJT.