Prosim o kontrolu logu

[Shaman007]

Prosim o kontrolu logu.Mam problem so sekanim grafiky,nic som neinstaloval,ani nestahoval,prislo to nahle,tak hladam pricinu.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:54:34, on 13. 1. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\Knight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Documents and Settings\Stanley\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Stanley\Plocha\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAB.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E745C87A-476E-41A4-A01F-736E0C1507F9}: NameServer = 85.159.104.200,85.159.104.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7030 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

If Exist ctflog.txt del /q ctflog.txt
Dir /S/A-D "%drive%\ctfmon.exe" >>ctflog.txt
Notepad ctflog.txt
Del /q ctflog.txt

Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: ctffind.bat
Uložit jako typ: Všechny soubory
Ulož soubor na disk C u a spusť ho. Po chvíli hledání se zobrazí nové okno s výsledky, zkopíruj sem prosím celý jeho obsah

[Shaman007]

Vopred dakujem za snahu o pomoc
combofix.txt

ComboFix 08-01-13.1 - Stanley 2008-01-13 16:24:42.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.130 [GMT 1:00]
Running from: C:\Documents and Settings\Stanley\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\knight.exe
C:\WINDOWS\recover.reg

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 16:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:39 . 2008-01-13 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 13:39 . 2008-01-13 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 00:59 . 2008-01-13 01:07 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-13 00:59 . 2008-01-13 00:59 <DIR> d-------- C:\darcek
2008-01-05 15:30 . 2008-01-05 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2008-01-05 15:28 . 2008-01-05 15:28 <DIR> d-------- C:\Documents and Settings\Stanley\Data aplikací\InstallShield
2008-01-05 15:27 . 2008-01-05 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2008-01-05 15:27 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-05 15:27 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-05 15:27 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-05 15:25 . 2008-01-05 15:30 <DIR> d-------- C:\Program Files\epson
2008-01-05 15:25 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-05 15:25 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-05 15:25 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-05 15:25 . 2008-01-05 15:25 26 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-03 18:51 . 2008-01-03 18:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 20:02 . 2008-01-03 11:50 <DIR> d-------- C:\kukushka
2007-12-27 22:31 . 1994-09-26 22:03 133,777 --a------ C:\WINDOWS\EKGSS.SCR
2007-12-27 22:31 . 1994-09-26 21:24 74,946 --a------ C:\WINDOWS\RHYTHMS.DLL
2007-12-15 11:56 . 2008-01-09 17:25 <DIR> d-------- C:\Downloads
2007-12-15 11:55 . 2008-01-09 17:58 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:43 --------- d-----w C:\Program Files\Skype
2008-01-13 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 12:39 --------- d-----w C:\Program Files\QuickTime
2008-01-05 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 09:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-09 09:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-09 09:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-27 23:35 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-27 23:35 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\skypePM
2007-11-27 23:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-11-27 20:22 --------- d-----w C:\Program Files\AKlient
2007-11-25 08:18 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\AdobeUM
2007-11-24 10:09 --------- d-----w C:\Program Files\Lavasoft
2007-11-24 10:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 18:24 110592]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-08-08 20:05 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 14:57 573440]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 07:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"Disk Knight"="C:\WINDOWS\Knight.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 17:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b2ea2da-a174-11dc-aa3f-000ea6f7c49a}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c3a837-90fc-11dc-a9f0-000ea6f7c49a}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60bd2e64-5c5b-11dc-a977-001a92146df5}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683a6041-6c72-11dc-a99c-001a92146df5}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a243e0-9b28-11dc-aa14-000ea6f7c49a}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1b8dd1-9e66-11dc-aa29-000ea6f7c49a}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e54eb237-9c01-11dc-aa1b-000ea6f7c49a}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 16:26:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 16:27:08
ComboFix-quarantined-files.txt 2008-01-13 15:26:52

[Shaman007]

ctflog

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 1C37-3A4C.

Výpis adresáře C:\Documents and Settings\Stanley\Nabídka Start\Programy\Po spuštění

27. 06. 2006 09:06 20 480 ctfmon.exe
1 souborů, 20 480 bajtů

Výpis adresáře C:\Recycled

27. 06. 2006 10:06 20 480 ctfmon.exe
1 souborů, 20 480 bajtů

Výpis adresáře C:\Recycled\Recycled

27. 06. 2006 09:06 20 480 ctfmon.exe
1 souborů, 20 480 bajtů

Výpis adresáře C:\WINDOWS\$NtServicePackUninstall$

25. 10. 2001 13:00 13 312 ctfmon.exe
1 souborů, 13 312 bajtů

Výpis adresáře C:\WINDOWS\ServicePackFiles\i386

17. 08. 2004 14:49 15 360 ctfmon.exe
1 souborů, 15 360 bajtů

Výpis adresáře C:\WINDOWS\system32

17. 08. 2004 14:49 15 360 ctfmon.exe
1 souborů, 15 360 bajtů

Počet souborů v seznamu:
6 souborů, 105 472 bajtů
Adresářů: 0, Volných bajtů: 47 974 617 088

[fredik]

Vezmi flešku a připoj ji k PC.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\Documents and Settings\Stanley\Nabídka Start\Programy\Po spuštění\ctfmon.exe

Folder::
C:\Recycled
D:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Disk Knight"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b2ea2da-a174-11dc-aa3f-000ea6f7c49a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c3a837-90fc-11dc-a9f0-000ea6f7c49a}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60bd2e64-5c5b-11dc-a977-001a92146df5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683a6041-6c72-11dc-a99c-001a92146df5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a243e0-9b28-11dc-aa14-000ea6f7c49a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1b8dd1-9e66-11dc-aa29-000ea6f7c49a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e54eb237-9c01-11dc-aa1b-000ea6f7c49a}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni tento program: Flash Disinfector (by sUBs) a spusť ho.

Po proběhnutí programu ji můžeš odpojit.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Comobifx po použití skriptu
- nový log z HJT

[Shaman007]

ComboFix 08-01-13.1 - Stanley 2008-01-13 22:50:56.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.132 [GMT 1:00]
Running from: C:\Documents and Settings\Stanley\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stanley\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Stanley\Nabídka Start\Programy\Po spuštění\ctfmon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Stanley\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\Recycled
C:\Recycled\ctfmon.exe
C:\Recycled\desktop.ini
C:\Recycled\INFO2
C:\Recycled\Recycled\ctfmon.exe
G:\autorun.inf
G:\Knight.exe
G:\Recycled
G:\Recycled\ctfmon.exe
G:\Recycled\desktop.ini
G:\Recycled\INFO2

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 22:52 . 2008-01-13 22:52 <DIR> dr-hs---- C:\Recycled
2008-01-13 16:33 . 2008-01-13 16:33 122 --a------ C:\ctffind.bat
2008-01-13 16:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:39 . 2008-01-13 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 13:39 . 2008-01-13 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 00:59 . 2008-01-13 01:07 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-13 00:59 . 2008-01-13 00:59 <DIR> d-------- C:\darcek
2008-01-05 15:30 . 2008-01-05 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2008-01-05 15:28 . 2008-01-05 15:28 <DIR> d-------- C:\Documents and Settings\Stanley\Data aplikací\InstallShield
2008-01-05 15:27 . 2008-01-05 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2008-01-05 15:27 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-05 15:27 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-05 15:27 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-05 15:25 . 2008-01-05 15:30 <DIR> d-------- C:\Program Files\epson
2008-01-05 15:25 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-05 15:25 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-05 15:25 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-05 15:25 . 2008-01-05 15:25 26 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-03 18:51 . 2008-01-03 18:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 20:02 . 2008-01-03 11:50 <DIR> d-------- C:\kukushka
2007-12-27 22:31 . 1994-09-26 22:03 133,777 --a------ C:\WINDOWS\EKGSS.SCR
2007-12-27 22:31 . 1994-09-26 21:24 74,946 --a------ C:\WINDOWS\RHYTHMS.DLL
2007-12-15 11:56 . 2008-01-09 17:25 <DIR> d-------- C:\Downloads
2007-12-15 11:55 . 2008-01-09 17:58 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:43 --------- d-----w C:\Program Files\Skype
2008-01-13 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 12:39 --------- d-----w C:\Program Files\QuickTime
2008-01-05 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 09:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-09 09:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-09 09:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-27 23:35 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-27 23:35 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\skypePM
2007-11-27 23:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-11-27 20:22 --------- d-----w C:\Program Files\AKlient
2007-11-25 08:18 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\AdobeUM
2007-11-24 10:09 --------- d-----w C:\Program Files\Lavasoft
2007-11-24 10:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_16.26.37,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 21:50:51 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 21:50:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 21:50:51 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 21:50:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:24:31 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 21:50:52 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 15:24:31 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 21:50:52 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 18:24 110592]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-08-08 20:05 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 14:57 573440]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 07:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"Disk Knight"="C:\WINDOWS\Knight.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 17:16]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 22:52:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 22:53:25
ComboFix-quarantined-files.txt 2008-01-13 21:53:09
ComboFix2.txt 2008-01-13 15:27:09






Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:57:38, on 13. 1. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stanley\Plocha\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAB.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E745C87A-476E-41A4-A01F-736E0C1507F9}: NameServer = 85.159.104.200,85.159.104.130
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6436 bytes

[Shaman007]

Problemy so sekanim grafiky vsak stale pretrvavaju :(

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disk Knight"=-

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

Udělej pak nový log z ComboFix a dej ho sem.

[Shaman007]

ComboFix 08-01-13.1 - Stanley 2008-01-14 20:37:50.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.144 [GMT 1:00]
Running from: C:\Documents and Settings\Stanley\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 22:52 . 2008-01-13 22:52 <DIR> dr-hs---- C:\Recycled
2008-01-13 16:33 . 2008-01-13 16:33 122 --a------ C:\ctffind.bat
2008-01-13 16:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:39 . 2008-01-13 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 13:39 . 2008-01-13 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 00:59 . 2008-01-13 01:07 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-13 00:59 . 2008-01-13 00:59 <DIR> d-------- C:\darcek
2008-01-05 15:30 . 2008-01-05 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2008-01-05 15:28 . 2008-01-05 15:28 <DIR> d-------- C:\Documents and Settings\Stanley\Data aplikací\InstallShield
2008-01-05 15:27 . 2008-01-05 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2008-01-05 15:27 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-05 15:27 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-05 15:27 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-05 15:25 . 2008-01-05 15:30 <DIR> d-------- C:\Program Files\epson
2008-01-05 15:25 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-05 15:25 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-05 15:25 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-05 15:25 . 2008-01-05 15:25 26 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-03 18:51 . 2008-01-03 18:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 20:02 . 2008-01-03 11:50 <DIR> d-------- C:\kukushka
2007-12-27 22:31 . 1994-09-26 22:03 133,777 --a------ C:\WINDOWS\EKGSS.SCR
2007-12-27 22:31 . 1994-09-26 21:24 74,946 --a------ C:\WINDOWS\RHYTHMS.DLL
2007-12-15 11:56 . 2008-01-09 17:25 <DIR> d-------- C:\Downloads
2007-12-15 11:55 . 2008-01-09 17:58 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:43 --------- d-----w C:\Program Files\Skype
2008-01-13 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 12:39 --------- d-----w C:\Program Files\QuickTime
2008-01-05 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 09:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-09 09:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-09 09:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-27 23:35 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-27 23:35 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\skypePM
2007-11-27 23:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-11-27 20:22 --------- d-----w C:\Program Files\AKlient
2007-11-25 08:18 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\AdobeUM
2007-11-24 10:09 --------- d-----w C:\Program Files\Lavasoft
2007-11-24 10:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_16.26.37,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 21:50:51 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 21:50:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 21:50:51 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 21:50:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:24:31 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 21:50:52 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 15:24:31 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 21:50:52 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 18:24 110592]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-08-08 20:05 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 14:57 573440]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 07:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 17:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bef371a-c2b9-11dc-aacd-000ea6f7c49a}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:39:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 20:40:13
ComboFix-quarantined-files.txt 2008-01-14 19:39:58
ComboFix2.txt 2008-01-13 21:53:26
ComboFix3.txt 2008-01-13 15:27:09

[fredik]

Připoj opět flešku k Pc (pokud jich máš víc doma, které jsi měl připojené k tomuto Pc v poslední době, tak je taky připoj)

Vytvoř si nový CFScript a vlož do něho tentokrát toto:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bef371a-c2b9-11dc-aacd-000ea6f7c49a}]

Po proběhnutí ComboFixu hned použij Flash Disinfector. Vlož sem pak log z ComboFix, který se ti zobrazí.

[Shaman007]

ComboFix 08-01-13.1 - Stanley 2008-01-14 21:20:43.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.129 [GMT 1:00]
Running from: C:\Documents and Settings\Stanley\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stanley\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 22:52 . 2008-01-13 22:52 <DIR> dr-hs---- C:\Recycled
2008-01-13 16:33 . 2008-01-13 16:33 122 --a------ C:\ctffind.bat
2008-01-13 16:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 13:39 . 2008-01-13 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 13:39 . 2008-01-13 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 00:59 . 2008-01-13 01:07 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-13 00:59 . 2008-01-13 00:59 <DIR> d-------- C:\darcek
2008-01-05 15:30 . 2008-01-05 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2008-01-05 15:28 . 2008-01-05 15:28 <DIR> d-------- C:\Documents and Settings\Stanley\Data aplikací\InstallShield
2008-01-05 15:27 . 2008-01-05 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2008-01-05 15:27 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-01-05 15:27 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-01-05 15:27 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-05 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-05 15:25 . 2008-01-05 15:30 <DIR> d-------- C:\Program Files\epson
2008-01-05 15:25 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-05 15:25 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-05 15:25 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-05 15:25 . 2008-01-05 15:25 26 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-05 15:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-03 18:51 . 2008-01-03 18:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-02 20:02 . 2008-01-03 11:50 <DIR> d-------- C:\kukushka
2007-12-27 22:31 . 1994-09-26 22:03 133,777 --a------ C:\WINDOWS\EKGSS.SCR
2007-12-27 22:31 . 1994-09-26 21:24 74,946 --a------ C:\WINDOWS\RHYTHMS.DLL
2007-12-15 11:56 . 2008-01-09 17:25 <DIR> d-------- C:\Downloads
2007-12-15 11:55 . 2008-01-09 17:58 <DIR> d-------- C:\Program Files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:43 --------- d-----w C:\Program Files\Skype
2008-01-13 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 12:39 --------- d-----w C:\Program Files\QuickTime
2008-01-05 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 09:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-09 09:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-09 09:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-27 23:35 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-27 23:35 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\skypePM
2007-11-27 23:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-11-27 20:22 --------- d-----w C:\Program Files\AKlient
2007-11-25 08:18 --------- d-----w C:\Documents and Settings\Stanley\Data aplikací\AdobeUM
2007-11-24 10:09 --------- d-----w C:\Program Files\Lavasoft
2007-11-24 10:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_16.26.37,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 20:20:38 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 20:20:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:24:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 20:20:38 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:24:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 20:20:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:24:31 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 20:20:39 4,366,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 15:24:31 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 20:20:39 118,784 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 18:24 110592]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-08-08 20:05 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 14:57 573440]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 07:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-14 17:16]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 21:22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 21:23:10
ComboFix-quarantined-files.txt 2008-01-14 20:22:53
ComboFix2.txt 2008-01-14 19:40:14
ComboFix3.txt 2008-01-13 21:53:26
ComboFix4.txt 2008-01-13 15:27:09

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Můžeš také smazat soubor co jsme použili na výpis (ctffind.bat) a (fix.reg)

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Zkus trošku víc rozepsat kdy se objevuje problém s grafikou. Bude to pravděpodobně jiný problém.
Máš kromě toho ještě nějaké jiné problémy?

Poznámka:
Používáš starší verzi HijackThis, pokud by jsi někdy v budoucnu ho potřeboval, stáhni si aktuální verzi zde a tu starou před použitím vymaž.