PC-HELP.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by thomas at 2009-09-10 16:21:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 344 MB (3%) free of 10 GB
Total RAM: 767 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:41, on 10.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
H:\inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
D:\instal\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
D:\instal\opera.exe
D:\instal\totalcmd\TOTALCMD.EXE
H:\_tos neco noveho.teda!!\instal\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\thomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Tiscali
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\_tos neco noveho.teda!!\instal\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\cannon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\cannon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = H:\_tos neco noveho.teda!!\instal\zalozky na plochu\PsnLite.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://H:\cannon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://H:\cannon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://H:\cannon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://H:\cannon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\instal\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\instal\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - H:\inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - H:\inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9abd4b27737c6) (gupdate1c9abd4b27737c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - D:\instal\retrorun.exe
O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE (file missing)

--
End of file - 6986 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\_tos neco noveho.teda!!\instal\rpbrowserrecordplugin.dll [2009-04-19 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - H:\cannon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - H:\cannon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\instal\ICQ6.5\ICQ.exe [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe [2006-04-14 98192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2005-03-05 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~2.EXE [2006-12-28 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Post-it® Software Notes Lite.lnk - H:\_tos neco noveho.teda!!\instal\zalozky na plochu\PsnLite.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-02-14 567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 285696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\instal\ICQ6\ICQ.exe"="D:\instal\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"H:\games\FarCry\Bin32\FarCry.exe"="H:\games\FarCry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\games\hd2.exe"="D:\games\hd2.exe:*:Enabled:hd2"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\instal\ICQ6.5\ICQ.exe"="D:\instal\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{008f9774-5137-11da-b096-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{188ad3ad-59da-11de-90bc-001109317116}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32a79cda-2db2-11da-98dc-001109317116}]
shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52323e5c-8ba3-11dd-8f6f-001109317116}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
shell\Open\command - resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc587f48-56c2-11de-90ba-001109317116}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe

======File associations======

.bat - open -
.bat - edit -
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-09-10 16:21:34 ----D---- C:\rsit
2009-09-09 19:34:46 ----D---- C:\Documents and Settings\thomas\Data aplikací\3M
2009-09-08 18:21:31 ----D---- C:\WINDOWS\pss
2009-09-07 20:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-07 20:11:29 ----A---- C:\WINDOWS\diabkill.bat
2009-09-07 19:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-09-04 08:16:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-04 08:16:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-04 08:16:08 ----A---- C:\WINDOWS\system32\java.exe
2009-08-19 20:42:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\RetroExp
2009-08-19 20:41:35 ----D---- C:\Program Files\Western Digital Technologies
2009-08-19 20:41:31 ----A---- C:\WINDOWS\system32\WDBtnMgr.exe

======List of files/folders modified in the last 1 months======

2009-09-10 16:21:39 ----D---- C:\WINDOWS\Temp
2009-09-10 16:21:18 ----A---- C:\WINDOWS\wincmd.ini
2009-09-10 16:12:25 ----D---- C:\WINDOWS\Prefetch
2009-09-10 10:40:48 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 09:27:37 ----D---- C:\WINDOWS
2009-09-10 00:47:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-09 23:46:44 ----A---- C:\WINDOWS\avp.ini
2009-09-09 22:40:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-09 19:34:25 ----HD---- C:\WINDOWS\inf
2009-09-09 19:34:21 ----D---- C:\WINDOWS\system32
2009-09-09 19:34:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-09 18:36:04 ----SHD---- C:\WINDOWS\Installer
2009-09-09 18:36:04 ----SHD---- C:\Config.Msi
2009-09-09 18:35:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-08 17:44:20 ----D---- C:\Program Files\AVerMedia
2009-09-07 20:20:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-07 19:38:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-07 19:27:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 18:42:40 ----AC---- C:\WINDOWS\S3D.ini
2009-09-04 08:16:06 ----D---- C:\Program Files\Java
2009-09-03 21:14:55 ----D---- C:\Documents and Settings\thomas\Data aplikací\Skype
2009-09-03 18:41:09 ----D---- C:\Documents and Settings\thomas\Data aplikací\skypePM
2009-08-31 14:19:52 ----D---- C:\Program Files\Common Files\Adobe
2009-08-31 14:19:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-08-23 18:55:18 ----D---- C:\WINDOWS\Debug
2009-08-19 20:41:35 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-09-25 24560]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2006-09-25 36176]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 ISODisk;ISODisk; C:\WINDOWS\system32\drivers\ISODisk.sys [2006-04-26 9600]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 8448]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-09-04 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-09-25 87424]
R2 athsgt;athsgt; C:\WINDOWS\system32\DRIVERS\athsgt.sys [2006-02-24 164992]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 limsgt;limsgt; C:\WINDOWS\system32\DRIVERS\limsgt.sys [2006-02-24 12544]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-12 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-17 606556]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 MUsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\MUsbFltr.sys []
S1 UsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\UsbFltr.sys []
S2 wincom32;wincom32; \??\C:\WINDOWS\system32\wincom32.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2006-09-25 16352]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 jatmlano;jatmlano; \??\C:\DOCUME~1\thomas\LOCALS~1\Temp\jatmlano.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\D:\instal\sniff\usft_sn4.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; H:\inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2006-03-09 40960]
R2 Autodesk EDM Server;Autodesk EDM Server; H:\inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe [2006-03-09 49152]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-25 79360]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2005-05-04 9150464]
R2 RetroExpLauncher;Retrospect Express HD Launcher; D:\instal\retrorun.exe [2006-09-11 94208]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-03-03 397312]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-03-03 516096]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S2 gupdate1c9abd4b27737c6;Google Update Service (gupdate1c9abd4b27737c6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-13 2528960]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE -i AUTODESKVAULT []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

Odinstaluj si: ICQ6Toolbar.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 5.1.2600 Service Pack 2

10.9.2009 19:03:55
mbam-log-2009-09-10 (19-03-49).txt

Typ skenu: Rychlý sken
Objektu skenováno: 93825
Uplynulý cas: 7 minute(s), 36 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 6
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 7
Infikované soubory: 17

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\TypeLib\{dabf362d-d442-4402-9208-ca9ed70dd01e} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{602d9049-b4ac-4a25-bf75-a9b54d747cba} (Adware.Advantage) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.

Infikované soubory:
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\TR.dll (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 5.1.2600 Service Pack 2

10.9.2009 20:01:30
mbam-log-2009-09-10 (20-01-30).txt

Typ skenu: Rychlý sken
Objektu skenováno: 93818
Uplynulý cas: 6 minute(s), 41 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Výborně, ještě ComboFix.

ComboFix 09-09-09.09 - thomas 10.09.2009 20:10.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.417 [GMT 2:00]
Spuštěný z: c:\documents and settings\thomas\Plocha\ComboFix.exe
AV: avast! antivirus 4.7.892 [VPS 0714-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\setup.exe
c:\windows\Installer\180819.msi
c:\windows\Installer\18081c.msi
c:\windows\Installer\203424.msi
c:\windows\Installer\203427.msi
c:\windows\Installer\34c2e.msi
c:\windows\Installer\40d9fd.msi
c:\windows\Installer\40da00.msi
c:\windows\Installer\d472b.msi
c:\windows\Installer\d472f.msi
c:\windows\system32\ieuinit.inf
c:\windows\system32\wincom32.ini
c:\windows\system32\zlbw.dll
H:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINCOM32
-------\Service_wincom32

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-10 do 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 14:21 . 2009-09-10 14:21 -------- d-----w- C:\rsit
2009-09-07 18:11 . 2009-09-08 16:37 155 ----a-w- c:\windows\diabkill.bat
2009-08-20 06:03 . 2009-08-20 06:03 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2009-08-20 06:03 . 2009-08-20 06:03 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-19 18:41 . 2009-08-19 18:41 -------- d-----w- c:\program files\Western Digital Technologies
2009-08-19 18:41 . 2009-08-19 18:41 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 16:35 . 2007-02-16 16:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 15:44 . 2009-06-12 18:34 -------- d-----w- c:\program files\AVerMedia
2009-09-04 06:16 . 2007-03-11 20:28 -------- d-----w- c:\program files\Java
2009-08-31 12:19 . 2007-02-19 15:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-07 11:55 . 2009-08-07 11:55 155 ----a-w- c:\windows\bnetkill.bat
2009-08-05 19:05 . 2009-08-05 19:05 86528 ----a-w- c:\windows\bnetunin.exe
2009-08-05 19:05 . 2009-08-05 19:05 61440 ----a-w- c:\windows\diabunin.exe
2009-08-04 11:07 . 2005-09-18 18:16 -------- d-----w- c:\program files\Ahead
2009-08-04 11:05 . 2005-09-18 18:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 11:04 . 2005-09-18 18:15 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 11:02 . 2005-09-20 17:49 -------- d-----w- c:\program files\mozilla.org
2009-08-03 11:36 . 2008-11-04 20:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-11-04 20:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 14:01 . 2005-09-18 19:03 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 03:23 . 2009-08-04 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 16:20 . 2009-07-14 16:20 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-24 18:26 . 2001-10-25 12:00 81212 ----a-w- c:\windows\system32\perfc005.dat
2009-06-24 18:26 . 2001-10-25 12:00 416584 ----a-w- c:\windows\system32\perfh005.dat
2004-03-11 12:27 . 2005-09-18 18:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-07-03 09:14 . 2005-12-01 17:35 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-03 09:14 . 2005-12-01 17:35 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-03 09:14 . 2005-12-01 17:35 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-17 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-17 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\70074\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2005-11-24 . EA8FA6CCC90F413864E79B515BC571E0 . 3016192 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-10-05 . 10006BBC00C85E687AB3835932FE7FD6 . 3015680 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2004-08-17 . 66AFA007315E576CDC967FEA67600B51 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-17 . 66AFA007315E576CDC967FEA67600B51 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\mshtml.dll

[-] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-17 . 32A866B57CB8B04B337A26DBC0FA09EE . 2440320 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2005-10-21 . FEA61DB28F80AA80550031772B8A9317 . 662528 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 5E7263B2EE473B8EDBAB9A7D578018F0 . 661504 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2004-08-17 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-17 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\wininet.dll

[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe

[-] 2004-08-17 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-17 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\VistaMizer\old\wuauclt.exe

[-] 2004-08-17 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe

[-] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-17 . 7CE10A3B823F3DB9B92E06383F37C64A . 2316160 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 25088]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Post-itR Software Notes Lite.lnk - h:\_tos neco noveho.teda!!\instal\zalozky na plochu\PsnLite.exe [2004-10-15 2080768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\games\\hd2.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\instal\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [6.8.2006 17:57 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [6.8.2006 17:57 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [27.3.2009 15:23 9600]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [4.10.2008 14:49 11776]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.9.2007 19:10 15424]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [24.2.2006 20:36 164992]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [24.2.2006 20:36 12544]
S1 MUsbFltr;WayTechUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
S2 gupdate1c9abd4b27737c6;Google Update Service (gupdate1c9abd4b27737c6);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 18:30 133104]
S3 jatmlano;jatmlano;\??\c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys [?]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [17.7.2006 18:06 65664]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT --> c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [?]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;d:\instal\sniff\usft_sn4.sys [3.5.2008 20:15 24400]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:30]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - h:\cannon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - h:\cannon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - h:\cannon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - h:\cannon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\documents and settings\thomas\Data aplikací\Mozilla\Firefox\Profiles\ezwrmejj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: h:\_tos neco noveho.teda!!\instal\browserrecord\components\nprpbrowserrecordplugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 20:21
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(692)
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
h:\inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
d:\instal\retrorun.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-09-10 20:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-10 18:25

Před spuštěním: 330 907 648
Po spuštění: 232 624 128

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\diabkill.bat
c:\windows\system32\WDBtnMgr.exe
c:\windows\bnetkill.bat
c:\windows\bnetunin.exe
c:\windows\diabunin.exe
*****************************************************************************************************************************************
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys

Folder::
c:\program files\ICQ6Toolbar

Driver::
MUsbFltr;WayTechUSBFilterDriver;
MUsbFltr
UsbFltr;WayTechUSBFilterDriver;
UsbFltr
jatmlano;jatmlano
jatmlano

Rootkit::
c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

BA32 3.12.10.10 2009.09.10 Trojan-Downloader.Win32.Agent.drp
ViRobot 2009.9.10.1928 2009.09.10 -

Stačí jen odkaz (řádek s adresou)

ComboFix 09-09-09.09 - thomas 10.09.2009 21:24.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.419 [GMT 2:00]
Spuštěný z: c:\documents and settings\thomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\thomas\Plocha\CFScript.txt
AV: avast! antivirus 4.7.892 [VPS 0714-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-10 do 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 14:21 . 2009-09-10 14:21 -------- d-----w- C:\rsit
2009-09-07 18:11 . 2009-09-08 16:37 155 ----a-w- c:\windows\diabkill.bat
2009-08-20 06:03 . 2009-08-20 06:03 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2009-08-20 06:03 . 2009-08-20 06:03 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-19 18:41 . 2009-08-19 18:41 -------- d-----w- c:\program files\Western Digital Technologies
2009-08-19 18:41 . 2009-08-19 18:41 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 16:35 . 2007-02-16 16:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 15:44 . 2009-06-12 18:34 -------- d-----w- c:\program files\AVerMedia
2009-09-04 06:16 . 2007-03-11 20:28 -------- d-----w- c:\program files\Java
2009-08-31 12:19 . 2007-02-19 15:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-07 11:55 . 2009-08-07 11:55 155 ----a-w- c:\windows\bnetkill.bat
2009-08-05 19:05 . 2009-08-05 19:05 86528 ----a-w- c:\windows\bnetunin.exe
2009-08-05 19:05 . 2009-08-05 19:05 61440 ----a-w- c:\windows\diabunin.exe
2009-08-04 11:07 . 2005-09-18 18:16 -------- d-----w- c:\program files\Ahead
2009-08-04 11:05 . 2005-09-18 18:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 11:04 . 2005-09-18 18:15 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 11:02 . 2005-09-20 17:49 -------- d-----w- c:\program files\mozilla.org
2009-08-03 11:36 . 2008-11-04 20:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-11-04 20:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 14:01 . 2005-09-18 19:03 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 03:23 . 2009-08-04 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 16:20 . 2009-07-14 16:20 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-24 18:26 . 2001-10-25 12:00 81212 ----a-w- c:\windows\system32\perfc005.dat
2009-06-24 18:26 . 2001-10-25 12:00 416584 ----a-w- c:\windows\system32\perfh005.dat
2004-03-11 12:27 . 2005-09-18 18:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-07-03 09:14 . 2005-12-01 17:35 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-03 09:14 . 2005-12-01 17:35 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-03 09:14 . 2005-12-01 17:35 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-17 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-17 . 3FC38E8065E48772A4BA6849C58758B4 . 718848 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\70074\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2005-11-24 . EA8FA6CCC90F413864E79B515BC571E0 . 3016192 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-10-05 . 10006BBC00C85E687AB3835932FE7FD6 . 3015680 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2004-08-17 . 66AFA007315E576CDC967FEA67600B51 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-17 . 66AFA007315E576CDC967FEA67600B51 . 3396096 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\mshtml.dll

[-] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-17 . 32A866B57CB8B04B337A26DBC0FA09EE . 2440320 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2005-10-21 . FEA61DB28F80AA80550031772B8A9317 . 662528 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 5E7263B2EE473B8EDBAB9A7D578018F0 . 661504 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2004-08-17 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-17 . 6ED57BDAAD00043872DC45984DA91096 . 802304 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\wininet.dll

[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe

[-] 2004-08-17 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . D236E3B128029D7A01EB50F778FFF414 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-17 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\VistaMizer\old\wuauclt.exe

[-] 2004-08-17 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 52CF1BEECCD26FAC8B12A4310A5E47FE . 1550848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . 5050A0B550CCF3FFBC3DAD33524A4DC1 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe

[-] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-17 . 7CE10A3B823F3DB9B92E06383F37C64A . 2316160 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 25088]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Post-itR Software Notes Lite.lnk - h:\_tos neco noveho.teda!!\instal\zalozky na plochu\PsnLite.exe [2004-10-15 2080768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\games\\hd2.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\instal\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [6.8.2006 17:57 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [6.8.2006 17:57 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [27.3.2009 15:23 9600]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [4.10.2008 14:49 11776]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.9.2007 19:10 15424]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [24.2.2006 20:36 164992]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [24.2.2006 20:36 12544]
S1 MUsbFltr;WayTechUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
S2 gupdate1c9abd4b27737c6;Google Update Service (gupdate1c9abd4b27737c6);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 18:30 133104]
S3 jatmlano;jatmlano;\??\c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys [?]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [17.7.2006 18:06 65664]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT --> c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [?]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;d:\instal\sniff\usft_sn4.sys [3.5.2008 20:15 24400]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:30]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - h:\cannon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - h:\cannon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - h:\cannon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - h:\cannon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\documents and settings\thomas\Data aplikací\Mozilla\Firefox\Profiles\ezwrmejj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: h:\_tos neco noveho.teda!!\instal\browserrecord\components\nprpbrowserrecordplugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 21:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Celkový čas: 2009-09-10 21:34
ComboFix-quarantined-files.txt 2009-09-10 19:34
ComboFix2.txt 2009-09-10 18:25

Před spuštěním: 242 032 640
Po spuštění: 230 150 144

Current=5 Default=5 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
196

Máš tu čtyři červené soubory. Potřebuji tedy čtyři odkazy. Pokud je s tím problém, popiš ho, odstraníme.

Špatně si zkopíroval zelený text do skriptu, ComboFix nic neprovedl. Tak ještě jednou:

Damned píše:Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\diabkill.bat
c:\windows\system32\WDBtnMgr.exe
c:\windows\bnetkill.bat
c:\windows\bnetunin.exe
c:\windows\diabunin.exe
*****************************************************************************************************************************************
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys

Folder::
c:\program files\ICQ6Toolbar

Driver::
MUsbFltr;WayTechUSBFilterDriver;
MUsbFltr
UsbFltr;WayTechUSBFilterDriver;
UsbFltr
jatmlano;jatmlano
jatmlano

Rootkit::
c:\docume~1\thomas\LOCALS~1\Temp\jatmlano.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

PC-HELP.CZ

prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: tak je tu ten log........

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: průběžně to zatim naslo

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik

Re: prosím o pomoc s počítačem..vkádám log pro kontrolu..dik