Internet Explorer zvláštní stránky

[Davidos]

Dobrý večer,
rozhodl jsem si nainstalovat Flashget do mé Opery. Šel jsme na oficiální stránku flashgetu a stáhl jsem si ho.
Instalace byl v podivném jazyce, ale úspěšně jsem ho nainstaloval.:)
Ale asi tak po 2 minutách s emi otevřel IE7 s nějakou divnou stránkou. tak jsme si řikal, že sjme si asi na něco klik. Ale když se to opakobvalo asi každých 5 minut a většinou tam byla jiná stránka tak už mě to zarazilo. Proto jsme si Flashget odinstaloval. Bohužel mi to okno IE7 někdy vyskočí a tam je nějaká otravná stránka.
Chtěl bych se zeptat, jestli nevíte čím by to mohlo být. Pro jistotu už jsme rozběhl noda:)
A IE 7 nechchi odinstalovát protože otec v ničem jiným neumí.

Děkuji za pomoct

Zrovna když sjem odeslal post se mi otevřelo znova to okno.. odkaz byl

Kód: Vybrat vše

http://url.adtrgt.com/cpv.jsp?p=112140&ip=83.208.34.55&url=http%3A%2F%2Fwww.pc-help.cz%2Fposting.php&selectedKeyword=ron&selectedListingId=7102519

[Reklama]

[krtenek]

Šup sem s logem HJT (viz můj podpis).

[Davidos]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:02, on 26.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\WIP Miranda IM\miranda32.exe
C:\Program Files\Opera\Opera.exe
F:\ZALOHA\DISK-2 (DAVIDOS)\totalcmd\TOTALCMD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\OVB-PC\Data aplikací\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Video Add-on Setup\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [vyvsbwde.exe] C:\WINDOWS\system32\vyvsbwde.exe
O4 - HKLM\..\Run: [svchost] %windir%\SVCHOST.EXE -d -L -p 8080 -e cmd.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [system32IMNX Agent] C:\WINDOWS\system32IMNX.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [GoldenFTPserver] C:\Program Files\Golden FTP Server Pro\gftppro.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [nDVDControl] C:\Program Files\DNsoft.be\nDVD\nDVDControl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\IntCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on Setup\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://www.xdesign.cz/3ddum/Blender3DPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FAA0872-E434-4783-AA4F-E6AF6DF6EB8D}: NameServer = 194.228.41.65 194.228.41.113
O22 - SharedTaskScheduler: armillifer - {e1adb94e-0dc6-487c-b274-981bee6301a1} - C:\WINDOWS\system32\siiyal.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - c:\apache\Apache.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: MySql - Unknown owner - C:/Documents and Settings/OVB-PC/Dokumenty/Programky/mysql-noinstall-4.0.25-win32/mysql-4.0.25-win32/bin/mysqld-nt.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe (file missing)

--
End of file - 11932 bytes

[fredik]

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Davidos]

log z 2. programu
ComboFix 08-01-23.1C - OVB-PC 2008-01-26 21:21:04.1 - NTFSx86
Running from: C:\Documents and Settings\OVB-PC\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\temp\tn3
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\win32.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_NPF
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\NPF
-------\vspf
-------\vspf_hk


((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 21:37 . 2008-01-26 21:37 <DIR> d-------- C:\Temp\tn3
2008-01-26 21:36 . 2008-01-26 21:36 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-26 21:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 18:06 . 2007-09-19 11:19 503,808 --a------ C:\WINDOWS\system32\KuGoo3DownXControl.ocx
2008-01-26 18:05 . 2008-01-26 18:06 <DIR> d----c--- C:\Downloads
2008-01-26 17:35 . 2008-01-26 17:35 86,144 --a------ C:\WINDOWS\system32\drivers\bthusbb.sys
2008-01-24 22:50 . 2008-01-24 22:50 <DIR> d----c--- C:\MPS
2008-01-24 22:46 . 1996-09-30 19:46 24,576 --------- C:\WINDOWS\UniFISH.exe
2008-01-24 19:46 . 2008-01-24 19:46 <DIR> d-------- C:\Program Files\Plogue
2008-01-24 19:46 . 2007-10-01 14:19 212,992 --a------ C:\WINDOWS\system\ReWire.dll
2008-01-21 20:16 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-21 20:15 . 2007-08-07 18:33 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-21 20:13 . 2008-01-21 20:14 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-21 20:13 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-21 20:13 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-21 20:13 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-21 20:13 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-21 20:13 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-21 20:13 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-21 20:13 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-21 20:04 . 2008-01-21 20:04 <DIR> d----c--- C:\Intel
2008-01-21 20:02 . 2008-01-26 15:48 <DIR> d-------- C:\Program Files\Intel
2008-01-21 20:02 . 2002-10-15 00:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-01-21 20:02 . 2002-10-15 00:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-01-21 20:02 . 2002-10-15 00:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-01-21 19:59 . 2008-01-21 19:59 <DIR> d----c--- C:\NVIDIA
2008-01-21 00:20 . 2008-01-21 00:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-20 17:21 . 2008-01-20 17:26 <DIR> d-------- C:\Program Files\OneNote
2008-01-20 13:02 . 2008-01-20 13:02 <DIR> d-------- C:\Program Files\Youdagames
2008-01-20 01:23 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-19 21:56 . 2008-01-19 21:56 4 --a--c--- C:\timestmp.tmp
2008-01-02 14:53 . 2008-01-02 14:53 <DIR> d-------- C:\Program Files\Dnote Software
2007-12-30 12:25 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2007-12-30 12:25 . 2007-12-30 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 16:57 --------- d-----w C:\Program Files\Opera
2008-01-26 15:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-26 15:16 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-26 15:04 --------- d-----w C:\Program Files\Teamspeak2_RC22
2008-01-26 15:03 --------- d-----w C:\Program Files\Skype
2008-01-26 15:01 --------- d-----w C:\Program Files\Sjboy Emulator
2008-01-26 15:00 --------- d-----w C:\Program Files\QuickTime
2008-01-26 14:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 19:43 --------- d-----w C:\Program Files\AIMP2
2008-01-23 18:54 --------- d-----w C:\Program Files\SwiftSwitch
2008-01-20 09:15 --------- d-----w C:\Program Files\Roguescanfix
2008-01-13 23:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 17:13 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 18:37 --------- d-----w C:\Program Files\ICQ6
2008-01-03 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 16:05 --------- d-----w C:\Program Files\Power MP3 Cutter
2007-12-25 17:26 --------- d-----w C:\Program Files\TomTom HOME 2
2007-12-25 17:08 --------- d-----w C:\Program Files\TomTom DesktopSuite
2007-12-24 03:16 --------- d-----w C:\Program Files\SWiSH v2.0
2007-12-21 19:38 --------- d-----w C:\Program Files\eMule
2007-12-21 19:31 --------- d-----w C:\Program Files\vso
2007-12-21 19:30 --------- d-----w C:\Program Files\Aspell
2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-15 23:38 --------- d-----w C:\Program Files\THQ
2007-12-15 23:18 --------- d-----w C:\Program Files\MotoRacer3
2007-12-15 11:04 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-15 07:38 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-15 07:38 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-15 07:36 --------- d-----w C:\Program Files\Ligos
2007-12-15 00:21 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-15 00:11 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-22 07:38 98,304 ----a-w C:\WINDOWS\DUMPfc22.tmp
2007-10-26 15:47 1,645,320 -c--a-w C:\WINDOWS\gdiplus.dll
2007-10-26 15:47 1,408,141 -c--a-w C:\WINDOWS\Metro.scr
2005-12-31 10:13 960 -c--a-w C:\Program Files\Briefcase Database
2002-01-12 22:29 53,248 ----a-w C:\Program Files\mmlang.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}]
C:\Program Files\IntCodec\isaddon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}
{A2595F37-48D0-46A1-9B51-478591A97764}
{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}

[HKEY_CLASSES_ROOT\clsid\{a2595f37-48d0-46a1-9b51-478591a97764}]

[HKEY_CLASSES_ROOT\clsid\{41f6170d-6af8-4188-8d92-9ddab3c71a78}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A2595F37-48D0-46A1-9B51-478591A97764}"= C:\Program Files\IntCodec\iesplugin.dll [ ]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Program Files\Video Add-on Setup\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{a2595f37-48d0-46a1-9b51-478591a97764}]

[HKEY_CLASSES_ROOT\clsid\{41f6170d-6af8-4188-8d92-9ddab3c71a78}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2004-12-05 11:20 543744]
"GoldenFTPserver"="C:\Program Files\Golden FTP Server Pro\gftppro.exe" [ ]
"SpyEmergency"="C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
"nDVDControl"="C:\Program Files\DNsoft.be\nDVD\nDVDControl.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 14:19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2006-03-10 08:05 347695]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2005-12-06 08:45 233524]
"CnxDslTaskBar"="C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2004-04-29 08:00 462848]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 13:01 188416]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"Cmaudio"="cmicnfg.cpl" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic 6\delay.exe" [ ]
"cmonitor"="C:\Program Files\SystemDoctor 2006 Free\pasmon.exe" [ ]
"vyvsbwde.exe"="C:\WINDOWS\system32\vyvsbwde.exe" [ ]
"svchost"="%windir%\SVCHOST.exe" [ ]
"WinVNC"="C:\Program Files\RealVNC\WinVNC\winvnc.exe" [ ]
"system32IMNX Agent"="C:\WINDOWS\system32IMNX.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2008-01-24 23:01 389632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2006-04-28 07:04 77870]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"homepage.monitor.exe"= C:\Program Files\IntCodec\isamonitor.exe
"some"= C:\Program Files\Video Add-on Setup\icthis.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{e1adb94e-0dc6-487c-b274-981bee6301a1}"= C:\WINDOWS\system32\siiyal.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]

R1 bthusbb;bthusbb;C:\WINDOWS\system32\drivers\bthusbb.sys [2008-01-26 17:35]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 18:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 18:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 07:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys []
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" [2002-01-25 05:30]
S3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2006-04-13 11:25]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2003-09-19 15:38]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MemStPCI;Řadič Sony Memory Stick (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 22:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c1ee2bf-f506-11d9-8778-000a94116f82}]
\Shell\AutoRun\command - G:\welcome.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4936249b-6003-11d9-92c1-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
\Shell\Open(O)\command - Recycled\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a49891d-2620-11dc-bb10-000a94116f82}]
\Shell\AutoRun\command - D:\setup.exe /autorun
\Shell\dxsetup\command - D:\directx\dxsetup.exe
\Shell\openit\command - explorer Nordic
\Shell\setup\command - D:\setup.exe /autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b012cd97-6bdb-11db-bf4e-000a94116f82}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c90f84-b2f0-11dc-bc7e-000a94116f82}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff10ac09-b5ae-11db-bfe9-000a94116f82}]
\Shell\AutoRun\command - E:\MafiaLauncher.EXE

*Newly Created Service* - NVSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 21:39:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
svchost = %windir%\SVCHOST.EXE -d -L -p 8080 -e cmd.exe?
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/Documents and Settings/OVB-PC/Dokumenty/Programky/mysql-noinstall-4.0.25-win32/mysql-4.0.25-win32/bin/mysqld-nt.exe"
.
Completion time: 2008-01-26 21:48:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 20:48:20

[Davidos]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2008 at 11:39 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:44:39

Memory items scanned : 491
Memory threats detected : 0
Registry items scanned : 6620
Registry threats detected : 58
File items scanned : 52256
File threats detected : 119

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKCR\CLSID\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}
HKCR\CLSID\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}
HKCR\CLSID\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\InprocServer32
HKCR\CLSID\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\INTCODEC\ISADDON.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}

Trojan.Media-Codec
HKLM\Software\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764}
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\Implemented Categories
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\InprocServer32
HKCR\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\INTCODEC\IESPLUGIN.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{a2595f37-48d0-46a1-9b51-478591a97764}
HKU\S-1-5-21-1214440339-746137067-725345543-1003\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#homepage.monitor.exe [ C:\Program Files\IntCodec\isamonitor.exe ]

Adware.Tracking Cookie
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@mediaservices.myspace[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@richmedia.yahoo[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@statcounter[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adbrite[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@jizdnirady.idnes[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@zedo[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@tribalfusion[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teenda[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@porn.gonzo-movies[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@galleries.adult-empire[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@paycounter[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.teenlotto[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adarbo2.bbmedia[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.pornokanal[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@stat.cluso[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.reallyeighteen[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teenisdumb[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.danceporn[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hardcoresexarena[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@sexmedo[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@mobilnihry.idnes[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.bravoteens[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@2o7[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@image.masterstats[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@precisionclick[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sex-freefoto-porno[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ads.adbrite[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@metacafe.122.2o7[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teensexmovs[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.teenda[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad2.billboard[3].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.ideal-teens[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adultadworld[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adlegend[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@sexy-eroticke-povidky[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@freshteenz[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@sexypattycake[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.young-teen-video[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@audit.median[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hardsexyvixens[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@secure.pornaccess[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@amazontimex.122.2o7[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@serving-sys[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@streamsex[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sexburger[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.teengee[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sexynet[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad2.bbmedia[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@tradedoubler[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@porno.hrisnici[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@galleries.teensexmovs[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.teenycinema[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad.crazytomato[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.fatherteens[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.streamsex[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad2.billboard[4].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@snowboard-zezula[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@guyspornportal[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@indextools[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@fatherteens[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@casalemedia[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@altastat[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@questionmarket[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@k.iinfo[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adrenaline[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@pornsgates[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@toplist[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adserver.a1media[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad.yieldmanager[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@xiti[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@599.stats.misstrends[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.isexasian[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teensource[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.porntubeclips[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sexfarmer[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@toplist[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ads.gamesbannernet[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@goldteenmovs[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.bstats[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sexy-eroticke-povidky[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@statsnove.cybertest[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@pornaccess[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.porno-povidky[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@galleries.teens3some[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.googleadservices[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@counter.cnw[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@adidnes2.bbmedia[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@sex-doma[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@hot-teen-movies[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@atwola[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hot-teen-movies[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.adult-empire[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@eroticke-povidky.sexytela[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.diggerporn[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.sexorigin[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.xxx69[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.bravoteens[3].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ads.realtechnetwork[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.maxxxporn[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@partypoker[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teeniefiles[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@partygaming.122.2o7[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@4.adbrite[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@scripts.sunporno[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad2.billboard[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@xxxcounter[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.googleadservices[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@teens3some[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.porn-plus[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@admin.teenrevenue[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@realteenpictureclub[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@yadro[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@xxxvogue[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.winantivirus[2].txt

Adware.WhenU
C:\Documents and Settings\OVB-PC\Nabídka Start\Programy\WhenU\Uninstall.lnk
C:\Documents and Settings\OVB-PC\Nabídka Start\Programy\WhenU

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\AppId\WinPGI.DLL
HKCR\AppId\WinPGI.DLL#AppID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance

Trojan.Homepage/Puper
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString




Díky moc za pomoct

[fredik]

Nech otestovat tento soubor na VirusTotall a vlož sem výsledek:
C:\WINDOWS\system32\drivers\bthusbb.sys

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\core.cache.dsk

Folder::
C:\Temp\tn3
C:\Program Files\IntCodec
C:\Program Files\SystemDoctor 2006 Free
C:\Program Files\Video Add-on Setup
C:\Recycled
D:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[-HKEY_CLASSES_ROOT\clsid\{41f6170d-6af8-4188-8d92-9ddab3c71a78}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmonitor"=-
"vyvsbwde.exe"=-
"svchost"=-
"system32IMNX Agent"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"homepage.monitor.exe"=-
"some"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{e1adb94e-0dc6-487c-b274-981bee6301a1}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4936249b-6003-11d9-92c1-806d6172696f}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Davidos]

0 bytes size received / Se ha recibido un archivo vacio


tak u toho 2. testu mi to píše že mám registry z jiného počítače. Je to pravda protože ty moje tam nebyli a nevim proč. taky jsme tam neměl cmd.

[fredik]

Teď nevím co přesně myslíš. No uděláme to jinak. Použij znovu SuperAntiSpyware, ale tentokrát ho nezapomeň aktualizovat, protože co jsi sem dal posledně z něho log tak máš starou databázi někdy z června. Přes něho pak odstraníš větší část problému co tam máš.

Pak spusť znovu ComboFix a vlož sem z něho log po jeho proběhnutí.

[Davidos]

Výpis z logu AntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2008 at 04:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 01:48:31

Memory items scanned : 393
Memory threats detected : 0
Registry items scanned : 6618
Registry threats detected : 117
File items scanned : 52942
File threats detected : 17

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32
HKCR\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON SETUP\ICTMDL.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\Video Add-on Setup\icthis.exe ]
HKU\S-1-5-21-1214440339-746137067-725345543-1003\Software\Online Add-on
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{e1adb94e-0dc6-487c-b274-981bee6301a1}
HKCR\CLSID\{E1ADB94E-0DC6-487C-B274-981BEE6301A1}
HKCR\CLSID\{E1ADB94E-0DC6-487C-B274-981BEE6301A1}\InProcServer32
HKCR\CLSID\{E1ADB94E-0DC6-487C-B274-981BEE6301A1}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SIIYAL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{e1adb94e-0dc6-487c-b274-981bee6301a1}

Adware.Tracking Cookie
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hornycrocodile[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.pimpasfuck[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@august.bidsex[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@trafficroup[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@traffic.el-ladies[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@ad2.bbmedia[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.trafficholder[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@toplist[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@lovefuckk[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@15minutesfree.nakedsword[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hornybank[3].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.virginfucked[2].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.trafficadept[1].txt
C:\Documents and Settings\OVB-PC\Cookies\ovb-pc@www.hornybank[2].txt

Malware.AntiVirGear
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\bwngwyhuFldM
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\InprocHandler32
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\jlxjxAqnifNTr
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\jwyXpvtro
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\LocalServer32
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\LocalServer32#LocalServer32
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\Maajdjiumyvaw
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\NpfsoHisvec
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\PbJvxZ
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\ProgID
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\VersionIndependentProgID
HKCR\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}\zasmhvtvMpkoA
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}\1.0
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}\1.0\0
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}\1.0\0\win32
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}\1.0\FLAGS
HKCR\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}\1.0\HELPDIR
HKCR\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}
HKCR\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}\ProxyStubClsid
HKCR\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}\ProxyStubClsid32
HKCR\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}\TypeLib
HKCR\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}\TypeLib#Version
HKCR\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}
HKCR\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}\ProxyStubClsid
HKCR\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}\ProxyStubClsid32
HKCR\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}\TypeLib
HKCR\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}\TypeLib#Version
HKCR\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}
HKCR\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}\ProxyStubClsid
HKCR\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}\ProxyStubClsid32
HKCR\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}\TypeLib
HKCR\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}\TypeLib#Version
HKCR\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}
HKCR\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}\ProxyStubClsid
HKCR\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}\ProxyStubClsid32
HKCR\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}\TypeLib
HKCR\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}\TypeLib#Version
HKCR\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}
HKCR\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}\ProxyStubClsid
HKCR\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}\ProxyStubClsid32
HKCR\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}\TypeLib
HKCR\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}\TypeLib#Version
HKCR\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}
HKCR\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}\ProxyStubClsid
HKCR\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}\ProxyStubClsid32
HKCR\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}\TypeLib
HKCR\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}\TypeLib#Version
HKCR\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}
HKCR\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}\ProxyStubClsid
HKCR\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}\ProxyStubClsid32
HKCR\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}\TypeLib
HKCR\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}\TypeLib#Version
HKCR\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}
HKCR\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}\ProxyStubClsid
HKCR\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}\ProxyStubClsid32
HKCR\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}\TypeLib
HKCR\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}\TypeLib#Version
HKCR\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}
HKCR\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}\ProxyStubClsid
HKCR\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}\ProxyStubClsid32
HKCR\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}\TypeLib
HKCR\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}\TypeLib#Version
HKCR\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}
HKCR\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}\ProxyStubClsid
HKCR\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}\ProxyStubClsid32
HKCR\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}\TypeLib
HKCR\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}\TypeLib#Version
HKCR\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}
HKCR\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}\ProxyStubClsid
HKCR\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}\ProxyStubClsid32
HKCR\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}\TypeLib
HKCR\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}\TypeLib#Version
HKCR\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}
HKCR\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}\ProxyStubClsid
HKCR\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}\ProxyStubClsid32
HKCR\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}\TypeLib
HKCR\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}\TypeLib#Version
HKCR\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}
HKCR\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}\ProxyStubClsid
HKCR\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}\ProxyStubClsid32
HKCR\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}\TypeLib
HKCR\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}\TypeLib#Version
HKCR\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}
HKCR\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}\ProxyStubClsid
HKCR\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}\ProxyStubClsid32
HKCR\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}\TypeLib
HKCR\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}\TypeLib#Version
HKCR\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}
HKCR\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}\ProxyStubClsid
HKCR\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}\ProxyStubClsid32
HKCR\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}\TypeLib
HKCR\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}\TypeLib#Version
HKCR\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}
HKCR\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}\ProxyStubClsid
HKCR\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}\ProxyStubClsid32
HKCR\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}\TypeLib
HKCR\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}\TypeLib#Version

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

[fredik]

Pokud máš po ruce instalační CD s Windows tak ho najdeš na něm v adresáři I386.
Nebo se podívej do tohoto adresáře: C:\WINDOWS\system32\dllcache\ tam by měl být také.

Když tam budou tak ho překopíruj ten soubor do této složky/adresáře:
C:\WINDOWS\
Pokud by jsi neuspěl, tak bych ti ho musel nahrát někam na web. Dej pak vědět.

[Davidos]

ComboFix 08-01-23.1C - OVB-PC 2008-01-27 20:09:12.2 - NTFSx86
Running from: C:\Documents and Settings\OVB-PC\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 20:21 . 2008-01-27 20:21 <DIR> d-------- C:\Temp\tn3
2008-01-27 20:20 . 2008-01-27 20:20 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-27 20:04 . 2008-01-27 20:04 147,968 --a------ C:\WINDOWS\REGEDIT.EXE
2008-01-26 21:55 . 2008-01-27 10:32 226,304 --a------ C:\WINDOWS\system32\regedit.exe
2008-01-26 21:52 . 2008-01-27 17:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 21:50 . 2008-01-26 21:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 21:43 . 2008-01-26 21:43 <DIR> d-------- C:\WINDOWS\nview
2008-01-26 21:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 18:06 . 2007-09-19 11:19 503,808 --a------ C:\WINDOWS\system32\KuGoo3DownXControl.ocx
2008-01-26 18:05 . 2008-01-26 18:06 <DIR> d----c--- C:\Downloads
2008-01-26 17:35 . 2008-01-26 17:35 86,144 --a------ C:\WINDOWS\system32\drivers\bthusbb.sys
2008-01-24 22:50 . 2008-01-24 22:50 <DIR> d----c--- C:\MPS
2008-01-24 22:46 . 1996-09-30 19:46 24,576 --------- C:\WINDOWS\UniFISH.exe
2008-01-24 19:46 . 2008-01-24 19:46 <DIR> d-------- C:\Program Files\Plogue
2008-01-24 19:46 . 2007-10-01 14:19 212,992 --a------ C:\WINDOWS\system\ReWire.dll
2008-01-21 20:16 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-21 20:15 . 2007-08-07 18:33 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-21 20:13 . 2008-01-21 20:14 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-21 20:13 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-21 20:13 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-21 20:13 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-21 20:13 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-21 20:13 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-21 20:13 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-21 20:13 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-21 20:04 . 2008-01-21 20:04 <DIR> d----c--- C:\Intel
2008-01-21 20:02 . 2008-01-26 15:48 <DIR> d-------- C:\Program Files\Intel
2008-01-21 20:02 . 2002-10-15 00:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-01-21 20:02 . 2002-10-15 00:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-01-21 20:02 . 2002-10-15 00:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-01-21 19:59 . 2008-01-21 19:59 <DIR> d----c--- C:\NVIDIA
2008-01-21 00:20 . 2008-01-21 00:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-20 17:21 . 2008-01-20 17:26 <DIR> d-------- C:\Program Files\OneNote
2008-01-20 13:02 . 2008-01-20 13:02 <DIR> d-------- C:\Program Files\Youdagames
2008-01-20 01:23 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-19 21:56 . 2008-01-19 21:56 4 --a--c--- C:\timestmp.tmp
2008-01-02 14:53 . 2008-01-02 14:53 <DIR> d-------- C:\Program Files\Dnote Software
2007-12-30 12:25 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2007-12-30 12:25 . 2007-12-30 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 16:57 --------- d-----w C:\Program Files\Opera
2008-01-26 15:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-26 15:16 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-26 15:04 --------- d-----w C:\Program Files\Teamspeak2_RC22
2008-01-26 15:03 --------- d-----w C:\Program Files\Skype
2008-01-26 15:01 --------- d-----w C:\Program Files\Sjboy Emulator
2008-01-26 15:00 --------- d-----w C:\Program Files\QuickTime
2008-01-26 14:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 19:43 --------- d-----w C:\Program Files\AIMP2
2008-01-23 18:54 --------- d-----w C:\Program Files\SwiftSwitch
2008-01-20 09:15 --------- d-----w C:\Program Files\Roguescanfix
2008-01-13 23:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 17:13 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 18:37 --------- d-----w C:\Program Files\ICQ6
2008-01-03 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 16:05 --------- d-----w C:\Program Files\Power MP3 Cutter
2007-12-25 17:26 --------- d-----w C:\Program Files\TomTom HOME 2
2007-12-25 17:08 --------- d-----w C:\Program Files\TomTom DesktopSuite
2007-12-24 03:16 --------- d-----w C:\Program Files\SWiSH v2.0
2007-12-21 19:38 --------- d-----w C:\Program Files\eMule
2007-12-21 19:31 --------- d-----w C:\Program Files\vso
2007-12-21 19:30 --------- d-----w C:\Program Files\Aspell
2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 07:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-15 23:38 --------- d-----w C:\Program Files\THQ
2007-12-15 23:18 --------- d-----w C:\Program Files\MotoRacer3
2007-12-15 11:04 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-15 07:38 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-15 07:38 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-15 07:36 --------- d-----w C:\Program Files\Ligos
2007-12-15 00:21 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-15 00:11 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-22 07:38 98,304 ----a-w C:\WINDOWS\DUMPfc22.tmp
2005-12-31 10:13 960 -c--a-w C:\Program Files\Briefcase Database
2002-01-12 22:29 53,248 ----a-w C:\Program Files\mmlang.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_21.47.41.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-26 20:52:42 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-26 20:52:42 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-26 20:52:42 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2003-07-28 13:19:00 3,902,603 -c--a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
+ 2003-07-28 13:19:00 1,341,339 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2003-07-28 13:19:00 1,323,008 ----a-w C:\WINDOWS\system32\dmcpl.exe
- 2005-04-01 15:16:00 3,454,656 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2003-07-28 13:19:00 1,341,339 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2003-07-28 13:19:00 286,806 ----a-w C:\WINDOWS\system32\keystone.exe
- 2005-04-01 15:16:00 3,980,288 ------w C:\WINDOWS\system32\nv4_disp.dll
+ 2003-07-28 13:19:00 3,902,603 ----a-w C:\WINDOWS\system32\nv4_disp.dll
+ 2003-07-28 13:19:00 4,841,472 ----a-w C:\WINDOWS\system32\nvcpl.dll
+ 2003-07-28 13:19:00 852,038 ----a-w C:\WINDOWS\system32\nview.dll
+ 2003-07-28 13:19:00 512,000 ----a-w C:\WINDOWS\system32\nviewimg.dll
+ 2003-07-28 13:19:00 126,976 ----a-w C:\WINDOWS\system32\nvinstnt.dll
+ 2003-07-28 13:19:00 49,152 ----a-w C:\WINDOWS\system32\nvmctray.dll
+ 2003-07-28 13:19:00 3,850,240 ----a-w C:\WINDOWS\system32\nvoglnt.dll
+ 2003-07-28 13:19:00 2,863,104 ----a-w C:\WINDOWS\system32\nvrsar.dll
+ 2003-07-28 13:19:00 262,144 ----a-w C:\WINDOWS\system32\nvrscs.dll
+ 2003-07-28 13:19:00 266,240 ----a-w C:\WINDOWS\system32\nvrsda.dll
+ 2003-07-28 13:19:00 274,432 ----a-w C:\WINDOWS\system32\nvrsde.dll
+ 2003-07-28 13:19:00 270,336 ----a-w C:\WINDOWS\system32\nvrsel.dll
+ 2003-07-28 13:19:00 266,240 ----a-w C:\WINDOWS\system32\nvrseng.dll
+ 2003-07-28 13:19:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
+ 2003-07-28 13:19:00 282,624 ----a-w C:\WINDOWS\system32\nvrsesm.dll
+ 2003-07-28 13:19:00 258,048 ----a-w C:\WINDOWS\system32\nvrsfi.dll
+ 2003-07-28 13:19:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
+ 2003-07-28 13:19:00 2,859,008 ----a-w C:\WINDOWS\system32\nvrshe.dll
+ 2003-07-28 13:19:00 262,144 ----a-w C:\WINDOWS\system32\nvrshu.dll
+ 2003-07-28 13:19:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
+ 2003-07-28 13:19:00 3,485,696 ----a-w C:\WINDOWS\system32\nvrsja.dll
+ 2003-07-28 13:19:00 3,481,600 ----a-w C:\WINDOWS\system32\nvrsko.dll
+ 2003-07-28 13:19:00 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
+ 2003-07-28 13:19:00 266,240 ----a-w C:\WINDOWS\system32\nvrsno.dll
+ 2003-07-28 13:19:00 262,144 ----a-w C:\WINDOWS\system32\nvrspl.dll
+ 2003-07-28 13:19:00 270,336 ----a-w C:\WINDOWS\system32\nvrspt.dll
+ 2003-07-28 13:19:00 274,432 ----a-w C:\WINDOWS\system32\nvrsptb.dll
+ 2003-07-28 13:19:00 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
+ 2003-07-28 13:19:00 262,144 ----a-w C:\WINDOWS\system32\nvrssk.dll
+ 2003-07-28 13:19:00 270,336 ----a-w C:\WINDOWS\system32\nvrssl.dll
+ 2003-07-28 13:19:00 266,240 ----a-w C:\WINDOWS\system32\nvrssv.dll
+ 2003-07-28 13:19:00 270,336 ----a-w C:\WINDOWS\system32\nvrstr.dll
+ 2003-07-28 13:19:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
+ 2003-07-28 13:19:00 221,184 ----a-w C:\WINDOWS\system32\nvrszht.dll
+ 2003-07-28 13:19:00 471,112 ----a-w C:\WINDOWS\system32\nvshell.dll
+ 2003-07-28 13:19:00 77,824 ----a-w C:\WINDOWS\system32\nvsvc32.exe
+ 2003-07-28 13:19:00 45,127 ----a-w C:\WINDOWS\system32\nvwddi.dll
+ 2003-07-28 13:19:00 143,360 ----a-w C:\WINDOWS\system32\nvwrsar.dll
+ 2003-07-28 13:19:00 159,744 ----a-w C:\WINDOWS\system32\nvwrscs.dll
+ 2003-07-28 13:19:00 159,744 ----a-w C:\WINDOWS\system32\nvwrsda.dll
+ 2003-07-28 13:19:00 176,128 ----a-w C:\WINDOWS\system32\nvwrsde.dll
+ 2003-07-28 13:19:00 184,320 ----a-w C:\WINDOWS\system32\nvwrsel.dll
+ 2003-07-28 13:19:00 147,456 ----a-w C:\WINDOWS\system32\nvwrseng.dll
+ 2003-07-28 13:19:00 176,128 ----a-w C:\WINDOWS\system32\nvwrses.dll
+ 2003-07-28 13:19:00 147,456 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
+ 2003-07-28 13:19:00 163,840 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
+ 2003-07-28 13:19:00 172,032 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
+ 2003-07-28 13:19:00 139,264 ----a-w C:\WINDOWS\system32\nvwrshe.dll
+ 2003-07-28 13:19:00 167,936 ----a-w C:\WINDOWS\system32\nvwrshu.dll
+ 2003-07-28 13:19:00 172,032 ----a-w C:\WINDOWS\system32\nvwrsit.dll
+ 2003-07-28 13:19:00 106,496 ----a-w C:\WINDOWS\system32\nvwrsja.dll
+ 2003-07-28 13:19:00 102,400 ----a-w C:\WINDOWS\system32\nvwrsko.dll
+ 2003-07-28 13:19:00 167,936 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
+ 2003-07-28 13:19:00 159,744 ----a-w C:\WINDOWS\system32\nvwrsno.dll
+ 2003-07-28 13:19:00 163,840 ----a-w C:\WINDOWS\system32\nvwrspl.dll
+ 2003-07-28 13:19:00 176,128 ----a-w C:\WINDOWS\system32\nvwrspt.dll
+ 2003-07-28 13:19:00 172,032 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
+ 2003-07-28 13:19:00 176,128 ----a-w C:\WINDOWS\system32\nvwrsru.dll
+ 2003-07-28 13:19:00 167,936 ----a-w C:\WINDOWS\system32\nvwrssk.dll
+ 2003-07-28 13:19:00 155,648 ----a-w C:\WINDOWS\system32\nvwrssl.dll
+ 2003-07-28 13:19:00 159,744 ----a-w C:\WINDOWS\system32\nvwrssv.dll
+ 2003-07-28 13:19:00 163,840 ----a-w C:\WINDOWS\system32\nvwrstr.dll
+ 2003-07-28 13:19:00 86,016 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
+ 2003-07-28 13:19:00 86,016 ----a-w C:\WINDOWS\system32\nvwrszht.dll
+ 2003-07-28 13:19:00 323,584 ----a-w C:\WINDOWS\system32\nwiz.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2004-12-05 11:20 543744]
"GoldenFTPserver"="C:\Program Files\Golden FTP Server Pro\gftppro.exe" [ ]
"SpyEmergency"="C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
"nDVDControl"="C:\Program Files\DNsoft.be\nDVD\nDVDControl.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2006-03-10 08:05 347695]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2005-12-06 08:45 233524]
"CnxDslTaskBar"="C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2004-04-29 08:00 462848]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 13:01 188416]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"Cmaudio"="cmicnfg.cpl" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic 6\delay.exe" [ ]
"vyvsbwde.exe"="C:\WINDOWS\system32\vyvsbwde.exe" [ ]
"WinVNC"="C:\Program Files\RealVNC\WinVNC\winvnc.exe" [ ]
"system32IMNX Agent"="C:\WINDOWS\system32IMNX.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2006-04-28 07:04 77870]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]

R1 bthusbb;bthusbb;C:\WINDOWS\system32\drivers\bthusbb.sys [2008-01-26 17:35]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 18:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 18:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 07:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys []
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" [2002-01-25 05:30]
S3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2006-04-13 11:25]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2003-09-19 15:38]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MemStPCI;Řadič Sony Memory Stick (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 22:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c1ee2bf-f506-11d9-8778-000a94116f82}]
\Shell\AutoRun\command - G:\welcome.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a49891d-2620-11dc-bb10-000a94116f82}]
\Shell\AutoRun\command - D:\setup.exe /autorun
\Shell\dxsetup\command - D:\directx\dxsetup.exe
\Shell\openit\command - explorer Nordic
\Shell\setup\command - D:\setup.exe /autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b012cd97-6bdb-11db-bf4e-000a94116f82}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c90f84-b2f0-11dc-bc7e-000a94116f82}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff10ac09-b5ae-11db-bfe9-000a94116f82}]
\Shell\AutoRun\command - E:\MafiaLauncher.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 20:22:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/Documents and Settings/OVB-PC/Dokumenty/Programky/mysql-noinstall-4.0.25-win32/mysql-4.0.25-win32/bin/mysqld-nt.exe"
.
Completion time: 2008-01-27 20:27:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 19:27:01
ComboFix2.txt 2008-01-26 20:48:27