prosím o kontrolu logu..

[Aime]

ahojky...odpoledne jsem si něco omylem přivlekla z netu ( kdybych tak věděla s čím) a před tvrdým restartem compu jsem dokonce ani nebyla schopná udělat log z H. Pokaždé rychle naskočila data a zamrzl...nereagoval na nic. teď se mi to naštěstí umoudřilo a zde je log. Děkuji.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:20, on 30.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\3xHybridRMT.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7E67C8E-CF31-4286-A7A8-CB689849E3D3}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Reklama]

[Aime]

Ještě jsem přihodila log z MWAVu..
Sun Sep 30 21:52:34 2007 => **********************************************************
Sun Sep 30 21:52:34 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Sep 30 21:52:34 2007 => Copyright © MicroWorld
Sun Sep 30 21:52:34 2007 => **********************************************************
Sun Sep 30 21:52:34 2007 => Source: C:\DOCUME~1\ADMINI~1\Plocha\mwav\mwav.exe
Sun Sep 30 21:52:34 2007 => Version 9.4.4 (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mexe.com)
Sun Sep 30 21:52:34 2007 => Log File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MWAV.LOG
Sun Sep 30 21:52:34 2007 => MWAV Registered: FALSE.
Sun Sep 30 21:52:34 2007 => User Account: Administratorka (Administrator Mode)
Sun Sep 30 21:52:34 2007 => OS Type: Windows Workstation
Sun Sep 30 21:52:34 2007 => OS: Windows XP
Sun Sep 30 21:52:34 2007 => Ver: Service Pack 2 (Build 2600)
Sun Sep 30 21:52:34 2007 => Windows Root Folder: C:\WINDOWS
Sun Sep 30 21:52:34 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Sun Sep 30 21:52:34 2007 => Interface0 DHCPNameServer: 212.47.1.4 212.47.0.4
Sun Sep 30 21:52:34 2007 => Interface0 NameServer: 194.228.41.65 194.228.41.113
Sun Sep 30 21:52:34 2007 => Local Fixed Drives: c:\
Sun Sep 30 21:52:34 2007 => MWAV Mode: Only Scan files.

Scanning Registry and File system for Adware/Spyware *****
Sun Sep 30 22:48:29 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\spydb.avs, Size: 250249].
Sun Sep 30 22:48:29 2007 => Indexed Spyware Databases Successfully Created...

Sun Sep 30 22:48:30 2007 => Offending Key found: HKCU\Software\magnet !!!
Sun Sep 30 22:48:48 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 30 22:48:48 2007 => Offending Key found: HKCR\magnet !!!
Sun Sep 30 22:48:48 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Sep 30 22:48:49 2007 => Offending Folder found: C:\Documents and Settings\Administratorka\Data aplikací\icq\bart\1024
Sun Sep 30 22:48:49 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.

Sun Sep 30 22:48:59 2007 => Checking MountPoints2 Registry Key...
Sun Sep 30 22:48:59 2007 => Invalid Command Found in D\Shell\AutoRun\command: D:\autorun.exe
Sun Sep 30 22:48:59 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D !!!
Sun Sep 30 22:48:59 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

[sakiri]

Použij ComboFix:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt

[Aime]

Nevím jak velkou část z logu mám zkopírovat a tak jsem vybrala konec.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 07:19]
"nwiz"="nwiz.exe" [2006-07-12 07:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 07:19]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\3xHybridRMT.exe" [2006-01-19 04:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 01:07]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 19:18 C:\WINDOWS\system32\stmctrl.dll]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 10:03]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 12:43]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3xHybrid;SAA7135 Analog + Digital TV Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 15:15:41 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 10:15:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\3xHybridRMT.exe??T?a??E7?m?a?????????????????????????????????????????x?7?????xA7?????????????????x?7??????E7?????????T?a?x?7?m?a????????????????|?E7?????????????????????????????????????????????????????x?7?????T?a?h?o?m?a???????????B???????@??kA??#B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-01 10:16:42
C:\ComboFix-quarantined-files.txt ... 2007-10-01 10:16

[sakiri]

Zkopíruj sem celý obsah souboru C:\ComboFix.txt

[Aime]

ComboFix 07-09-21.2 - "Administratorka" 2007-10-01 10:14:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.521 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-09-01 to 2007-10-01 )))))))))))))))))))))))))))))))
.

2007-10-01 10:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-09-30 21:55 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-09-30 21:52 147,968 --a------ C:\WINDOWS\R.COM
2007-09-30 21:52 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-24 11:13 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-09-24 11:13 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-09-24 11:13 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-09-24 11:13 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-09-24 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\MAGIX
2007-09-24 11:12 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-09-24 11:12 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-09-24 11:12 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-09-24 11:12 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-09-24 11:12 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-09-24 11:12 <DIR> d-------- C:\Program Files\MAGIX
2007-09-24 10:50 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2007-09-24 10:33 <DIR> d-------- C:\Program Files\Ashampoo
2007-09-24 10:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ashampoo
2007-09-22 19:16 <DIR> d--hs---- C:\DOCUME~1\Jaryna\UserData
2007-09-20 22:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Shared
2007-09-20 22:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-09-20 22:22 <DIR> d-------- C:\Program Files\LimeWire
2007-09-20 22:22 <DIR> d-------- C:\Program Files\FDRLab
2007-09-19 16:17 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-19 16:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-19 16:16 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-18 11:37 <DIR> d-------- C:\Program Files\QIP
2007-09-15 15:43 <DIR> d-------- C:\Program Files\Nvu
2007-09-14 09:25 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-13 23:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-13 18:31 <DIR> d-------- C:\WINDOWS\Cache
2007-09-13 18:31 <DIR> d-------- C:\Program Files\3DO
2007-09-13 18:30 <DIR> d-------- C:\Program Files\Ubisoft
2007-09-13 15:40 <DIR> d-------- C:\Program Files\Mirage Interactive
2007-09-12 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Google
2007-09-12 13:25 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Data aplikacˇ
2007-09-12 13:25 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Nabˇdka Start
2007-09-12 13:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\ćablony
2007-09-12 13:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Okolnˇ tisk rny
2007-09-12 13:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Okolnˇ sˇś
2007-09-12 13:25 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Plocha
2007-09-12 13:25 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Oblˇben‚ polo§ky
2007-09-12 13:25 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Dokumenty
2007-09-12 13:09 <DIR> d-------- C:\PPK
2007-09-12 13:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-12 13:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-12 13:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-12 13:01 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-12 12:59 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-12 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-09-12 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-09-12 12:58 <DIR> d-------- C:\Program Files\ScanSoft
2007-09-12 12:56 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-09-12 12:55 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2007-09-12 12:55 161,792 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2007-09-12 12:55 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2007-09-12 12:55 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2007-09-12 12:55 1,134,592 --a------ C:\WINDOWS\system32\CNCC160.DLL
2007-09-12 12:55 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-09-12 12:55 <DIR> d--h----- C:\Program Files\CanonBJ
2007-09-12 12:55 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\DATAAP~1\CanonBJ
2007-09-12 12:54 <DIR> d-------- C:\Program Files\Canon
2007-09-12 12:33 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-09-12 12:33 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-09-12 12:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Bluetooth
2007-09-12 12:17 <DIR> d-------- C:\Program Files\IVT Corporation
2007-09-12 11:58 <DIR> d-------- C:\Program Files\Google
2007-09-12 11:46 <DIR> d-------- C:\Program Files\ICQ6
2007-09-12 11:27 <DIR> d-------- C:\Program Files\ICQLite
2007-09-12 11:11 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-09-12 11:11 549,421 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2007-09-12 11:11 36,864 -ra------ C:\WINDOWS\system32\stmclean.exe
2007-09-12 11:11 253,952 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2007-09-12 11:11 155,648 -ra------ C:\WINDOWS\system32\stmctrl.dll
2007-09-12 11:11 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2007-09-11 11:00 16 --a------ C:\WINDOWS\popcinfo.dat
2007-09-11 10:50 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-11 10:50 <DIR> d-------- C:\Program Files\ICQToolbar
2007-09-11 10:50 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2007-09-11 10:49 335 --a------ C:\WINDOWS\nsreg.dat
2007-09-11 10:49 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2007-09-11 10:49 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2007-09-11 10:49 10,693 --a------ C:\WINDOWS\mozver.dat
2007-09-11 10:49 <DIR> d-------- C:\Program Files\mozilla.org
2007-09-11 10:48 <DIR> d-------- C:\Program Files\Skype
2007-09-11 10:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-11 10:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-09-11 10:15 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-11 10:15 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-11 10:15 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-11 10:15 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-11 10:15 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-11 10:15 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-11 10:15 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 10:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-12 12:59 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-12 12:57 --------- d-------- C:\Program Files\ArcSoft
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 07:19]
"nwiz"="nwiz.exe" [2006-07-12 07:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 07:19]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\3xHybridRMT.exe" [2006-01-19 04:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 01:07]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 19:18 C:\WINDOWS\system32\stmctrl.dll]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 10:03]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 12:43]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3xHybrid;SAA7135 Analog + Digital TV Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 15:15:41 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 10:15:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\3xHybridRMT.exe??T?a??E7?m?a?????????????????????????????????????????x?7?????xA7?????????????????x?7??????E7?????????T?a?x?7?m?a????????????????|?E7?????????????????????????????????????????????????????x?7?????T?a?h?o?m?a???????????B???????@??kA??#B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-01 10:16:42
C:\ComboFix-quarantined-files.txt ... 2007-10-01 10:16

[Aime]

Tak a nyní večer se vše opakuje. Opět se nemohu přihlásit v prohlížeči do mailu a grafika si dělá co chce.