System Integrity Scan Wizard

[uličník]

//Téma rozděleno
fredik

Dobrý den, taky mám tenhle problém a prosil bych o pomoc.
přikládám log Hijackthis. Předem děkuji za odpověď.

Logfile of HijackThis v1.99.1
Scan saved at 16:24:41, on 4.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Data aplikací\yhelobcj\ihufkhij.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spgbirsz.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\totalcmd\TOTALCMD.EXE
D:\Programy\ochrana pc\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vagycdtn] C:\WINDOWS\system32\ofcnkpub.exe
O4 - HKCU\..\Run: [rrwsqacr] C:\WINDOWS\system32\spgbirsz.exe
O4 - HKCU\..\Run: [xjdcsnqb] C:\WINDOWS\system32\mnubctmh.exe
O4 - HKCU\..\Run: [lgjwkbyi] C:\WINDOWS\system32\vuhuhkxe.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3037F32-5EEB-42D0-845E-8EB7984B5434}: NameServer = 10.128.194.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

[Reklama]

[fredik]

Vítej na fóru.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

PS: příště si založ vlastní téma, i kdyby jsi měl stejný problém jako se zde řeší.

[uličník]

Dobře příště se polepšim. Tady je ComboFix snad to pomůže.


ComboFix 08-04-03.3 - ulicnik 2008-04-04 17:39:37.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.268 [GMT 2:00]
Running from: C:\Documents and Settings\ulicnik\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 15:54 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-04 15:53 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\CCleaner
2008-04-04 14:50 . 2008-04-04 14:50 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 14:50 . 2008-04-04 14:50 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 22:30 . 2008-04-03 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-03 21:17 . 2008-04-04 17:38 <DIR> d-------- C:\Program Files\ESET
2008-04-03 21:02 . 2008-04-03 21:02 106,496 --a------ C:\WINDOWS\system32\vuhuhkxe.exe
2008-04-03 20:14 . 2008-04-03 20:14 106,496 --a------ C:\WINDOWS\system32\mnubctmh.exe
2008-04-03 20:06 . 2008-04-03 20:06 106,496 --a------ C:\WINDOWS\system32\spgbirsz.exe
2008-04-03 14:24 . 2008-04-03 21:49 <DIR> d-------- C:\Program Files\PC-Antispyware
2008-04-03 14:21 . 2008-04-03 14:21 94,208 --a------ C:\WINDOWS\system32\klmlmton.exe
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-01 21:03 . 2008-04-01 21:03 90,112 --a------ C:\WINDOWS\system32\orwhsnqt.exe
2008-04-01 14:30 . 2008-04-03 21:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 14:30 . 2008-04-01 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 08:28 . 2008-04-02 22:55 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-28 08:22 . 2008-03-28 08:22 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-03-28 08:06 . 2008-03-28 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\yhelobcj
2008-03-28 08:06 . 2008-03-28 08:06 110,592 --a------ C:\WINDOWS\system32\ofcnkpub.exe
2008-03-27 10:04 . 2008-03-27 10:04 <DIR> d-------- C:\Program Files\PowerISO
2008-03-27 09:54 . 2008-03-27 09:54 <DIR> d-------- C:\WINDOWS\system32\languages
2008-03-27 02:14 . 2008-03-27 09:54 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-27 02:14 . 2008-03-27 09:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:40 . 2008-03-26 23:41 <DIR> d-------- C:\Program Files\DivX
2008-03-26 12:44 . 2008-03-26 23:38 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-19 19:43 . 2008-03-19 19:43 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-03-19 19:41 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-19 19:07 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-19 19:07 . 2008-03-19 19:07 <DIR> d-------- C:\Program Files\Autodesk
2008-03-19 18:38 . 2008-03-19 18:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-19 18:35 . 2008-03-19 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-19 18:33 . 2008-03-19 18:33 <DIR> dr-h----- C:\MSOCache
2008-03-19 16:47 . 2008-03-19 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-19 15:32 . 2008-04-04 16:15 <DIR> d-------- C:\Dočasné soubory
2008-03-19 13:26 . 2008-03-19 13:26 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:11 . 2008-03-18 20:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-18 20:02 . 2008-03-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:55 . 2008-03-18 19:55 <DIR> d-------- C:\Program Files\Java
2008-03-18 19:55 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 19:54 . 2008-03-18 19:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-18 18:51 . 2008-04-04 14:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 18:51 . 2008-03-18 18:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iTunes
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iPod
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\QuickTime
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Bonjour
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-18 18:48 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-18 18:08 . 2008-04-03 22:15 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Program Files\ICQ6
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:32 . 2008-03-18 16:32 <DIR> d-------- C:\Images
2008-03-18 16:27 . 2008-04-04 14:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Program Files\CyberLink
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-03-18 16:17 . 2008-03-18 16:17 <DIR> d-------- C:\Program Files\D-Tools
2008-03-18 16:17 . 2004-08-22 17:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-03-18 16:17 . 2004-08-22 17:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Logitech
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-18 16:14 . 2004-05-14 00:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-03-18 16:14 . 2004-05-14 00:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-03-18 16:14 . 2004-05-14 00:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-03-18 16:14 . 2004-05-14 00:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-03-18 16:14 . 2004-05-14 00:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-03-18 16:14 . 2004-05-14 00:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-03-18 16:09 . 2008-03-18 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2008-03-18 16:04 . 2008-03-18 16:04 <DIR> d-------- C:\Program Files\PC-TV
2008-03-18 16:02 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\IVT Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 20:05 --------- d-----w C:\Program Files\ATI Technologies
2008-03-17 19:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 17:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_20.02.24,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 20:30:55 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-04-03 20:30:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-04-03 20:30:56 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-04-03 20:30:56 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-04-03 19:29:07 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-04 12:52:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"vagycdtn"="C:\WINDOWS\system32\ofcnkpub.exe" [2008-03-28 08:06 110592]
"rrwsqacr"="C:\WINDOWS\system32\spgbirsz.exe" [2008-04-03 20:06 106496]
"xjdcsnqb"="C:\WINDOWS\system32\mnubctmh.exe" [2008-04-03 20:14 106496]
"lgjwkbyi"="C:\WINDOWS\system32\vuhuhkxe.exe" [2008-04-03 21:02 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"CreativeMouse "="C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe" [2003-07-29 23:12 503808]
"CreativeKeyboard "="C:\Program Files\Creative\Desktop Wireless\kb_2k.exe" [2003-07-31 11:24 1253376]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Nero DriveSpeed"="C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2004-06-28 23:22 585728]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09 200704]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 14:50 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 22:18:22 10872]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 14:04:14 1196032]
WinManager.lnk - C:\Program Files\PC-TV\WinManager\WinManager.exe [2008-03-18 16:04:29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"dPRwC1wIBS"= C:\Documents and Settings\All Users\Data aplikací\yhelobcj\ihufkhij.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 878BDA;DVB-TV 878 BDA Driver;C:\WINDOWS\system32\Drivers\878BDA.sys [2006-04-04 11:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 11:03:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-04 17:41:00
ComboFix-quarantined-files.txt 2008-04-04 15:40:52
ComboFix2.txt 2008-04-03 18:48:31
ComboFix3.txt 2008-04-03 18:12:23
ComboFix4.txt 2008-04-03 18:02:41
Adresářů: 8, Volných bajtů: 2,022,727,680
Adresářů: 11, Volných bajtů: 2,013,175,808

[fredik]

Kolikrát si ten ComboFix spouštěl

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\vuhuhkxe.exe
C:\WINDOWS\system32\mnubctmh.exe
C:\WINDOWS\system32\spgbirsz.exe
C:\WINDOWS\system32\klmlmton.exe
C:\WINDOWS\system32\ofcnkpub.exe

Folder::
C:\Program Files\PC-Antispyware
C:\Documents and Settings\All Users\Data aplikací\yhelobcj

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vagycdtn"=-
"rrwsqacr"=-
"xjdcsnqb"=-
"lgjwkbyi"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"dPRwC1wIBS"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Nový log z HJT (používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem log z aktuální verze)

[uličník]

No už sem ho spouštěl včera, ale nevěděl sem na co je a teda obdivuju ty co se v tom vyznaj. Tady je ComboFix-

ComboFix 08-04-03.3 - ulicnik 2008-04-04 18:39:40.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.229 [GMT 2:00]
Running from: C:\Documents and Settings\ulicnik\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ulicnik\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\klmlmton.exe
C:\WINDOWS\system32\mnubctmh.exe
C:\WINDOWS\system32\ofcnkpub.exe
C:\WINDOWS\system32\spgbirsz.exe
C:\WINDOWS\system32\vuhuhkxe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\yhelobcj
C:\Documents and Settings\All Users\Data aplikací\yhelobcj\ihufkhij.exe
C:\Program Files\PC-Antispyware
C:\WINDOWS\system32\klmlmton.exe
C:\WINDOWS\system32\mnubctmh.exe
C:\WINDOWS\system32\ofcnkpub.exe
C:\WINDOWS\system32\spgbirsz.exe
C:\WINDOWS\system32\vuhuhkxe.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 17:44 . 2008-04-04 17:44 90,112 --a------ C:\WINDOWS\system32\xspmpypi.exe
2008-04-04 15:54 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-04 15:53 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\CCleaner
2008-04-04 14:50 . 2008-04-04 14:50 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 14:50 . 2008-04-04 14:50 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 22:30 . 2008-04-03 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-03 21:17 . 2008-04-04 17:38 <DIR> d-------- C:\Program Files\ESET
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-01 21:03 . 2008-04-01 21:03 90,112 --a------ C:\WINDOWS\system32\orwhsnqt.exe
2008-04-01 14:30 . 2008-04-03 21:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 14:30 . 2008-04-01 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 08:28 . 2008-04-02 22:55 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-28 08:22 . 2008-03-28 08:22 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-03-27 10:04 . 2008-03-27 10:04 <DIR> d-------- C:\Program Files\PowerISO
2008-03-27 09:54 . 2008-03-27 09:54 <DIR> d-------- C:\WINDOWS\system32\languages
2008-03-27 02:14 . 2008-03-27 09:54 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-27 02:14 . 2008-03-27 09:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:40 . 2008-03-26 23:41 <DIR> d-------- C:\Program Files\DivX
2008-03-26 12:44 . 2008-03-26 23:38 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-19 19:43 . 2008-03-19 19:43 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-03-19 19:41 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-19 19:07 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-19 19:07 . 2008-03-19 19:07 <DIR> d-------- C:\Program Files\Autodesk
2008-03-19 18:38 . 2008-03-19 18:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-19 18:35 . 2008-03-19 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-19 18:33 . 2008-03-19 18:33 <DIR> dr-h----- C:\MSOCache
2008-03-19 16:47 . 2008-03-19 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-19 15:32 . 2008-04-04 16:15 <DIR> d-------- C:\Dočasné soubory
2008-03-19 13:26 . 2008-03-19 13:26 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:11 . 2008-03-18 20:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-18 20:02 . 2008-03-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 14:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:55 . 2008-03-18 19:55 <DIR> d-------- C:\Program Files\Java
2008-03-18 19:55 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 19:54 . 2008-03-18 19:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-18 18:51 . 2008-04-04 17:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 18:51 . 2008-03-18 18:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iTunes
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iPod
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\QuickTime
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Bonjour
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-18 18:48 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-18 18:08 . 2008-04-04 18:38 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Program Files\ICQ6
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:32 . 2008-03-18 16:32 <DIR> d-------- C:\Images
2008-03-18 16:27 . 2008-04-04 14:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Program Files\CyberLink
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-03-18 16:17 . 2008-03-18 16:17 <DIR> d-------- C:\Program Files\D-Tools
2008-03-18 16:17 . 2004-08-22 17:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-03-18 16:17 . 2004-08-22 17:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Logitech
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-18 16:14 . 2004-05-14 00:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-03-18 16:14 . 2004-05-14 00:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-03-18 16:14 . 2004-05-14 00:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-03-18 16:14 . 2004-05-14 00:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-03-18 16:14 . 2004-05-14 00:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-03-18 16:14 . 2004-05-14 00:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-03-18 16:09 . 2008-03-18 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2008-03-18 16:04 . 2008-03-18 16:04 <DIR> d-------- C:\Program Files\PC-TV
2008-03-18 16:02 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-18 16:01 . 2004-08-17 16:49 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-03-18 16:01 . 2004-08-17 16:49 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-03-18 16:01 . 2004-08-17 16:49 54,272 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-03-18 16:01 . 2004-08-17 16:49 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-03-18 16:01 . 2004-08-17 16:49 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-03-18 15:34 . 2008-03-18 15:34 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 20:05 --------- d-----w C:\Program Files\ATI Technologies
2008-03-17 19:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 17:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_20.02.24,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 20:30:55 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-04-03 20:30:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-04-03 20:30:56 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-04-03 20:30:56 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-04-03 19:29:07 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-04 15:44:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"vbhdqdnw"="C:\WINDOWS\system32\xspmpypi.exe" [2008-04-04 17:44 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"CreativeMouse "="C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe" [2003-07-29 23:12 503808]
"CreativeKeyboard "="C:\Program Files\Creative\Desktop Wireless\kb_2k.exe" [2003-07-31 11:24 1253376]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Nero DriveSpeed"="C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2004-06-28 23:22 585728]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09 200704]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 14:50 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 22:18:22 10872]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 14:04:14 1196032]
WinManager.lnk - C:\Program Files\PC-TV\WinManager\WinManager.exe [2008-03-18 16:04:29 61440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 878BDA;DVB-TV 878 BDA Driver;C:\WINDOWS\system32\Drivers\878BDA.sys [2006-04-04 11:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 11:03:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 18:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-04 18:41:20
ComboFix-quarantined-files.txt 2008-04-04 16:41:12
ComboFix2.txt 2008-04-04 15:41:01
ComboFix3.txt 2008-04-03 18:48:31
ComboFix4.txt 2008-04-03 18:12:23
ComboFix5.txt 2008-04-03 18:02:41
Adresářů: 8, Volných bajtů: 2,222,526,464
Adresářů: 10, Volných bajtů: 2,211,729,408

[uličník]

A tady hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:29, on 4.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\totalcmd\TOTALCMD.EXE
D:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vbhdqdnw] C:\WINDOWS\system32\xspmpypi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3037F32-5EEB-42D0-845E-8EB7984B5434}: NameServer = 10.128.194.241
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 7393 bytes

[Argoneus]

ComboFix je k systému celkem drastický.... Bez porady s někým velmi zkušeným, jako je třeba tady fredik to může vést k selhání celého systému...

\\Sorry za těžký OT, nemohl jsem si pomoci.

[fredik]

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí. Vlož tentokrát do něho toto:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\xspmpypi.exe
C:\WINDOWS\system32\orwhsnqt.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vbhdqdnw"=-

Vlož sem pak log z CF po použití skriptu.

[uličník]

ComboFix 08-04-03.3 - ulicnik 2008-04-04 20:41:42.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.206 [GMT 2:00]
Running from: C:\Documents and Settings\ulicnik\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ulicnik\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\orwhsnqt.exe
C:\WINDOWS\system32\xspmpypi.exe
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\orwhsnqt.exe
C:\WINDOWS\system32\xspmpypi.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 15:54 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-04 15:53 . 2008-04-04 15:54 <DIR> d-------- C:\Program Files\CCleaner
2008-04-04 14:50 . 2008-04-04 14:50 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 14:50 . 2008-04-04 14:50 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-03 22:30 . 2008-04-03 22:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 22:30 . 2008-04-03 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-03 21:17 . 2008-04-04 17:38 <DIR> d-------- C:\Program Files\ESET
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-02 22:12 . 2008-04-02 22:23 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\PC-Cleaner
2008-04-01 14:30 . 2008-04-03 21:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-01 14:30 . 2008-04-01 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 14:04 . 2008-03-28 14:04 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ Toolbar
2008-03-28 08:28 . 2008-04-02 22:55 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-28 08:22 . 2008-03-28 08:22 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-03-27 10:04 . 2008-03-27 10:04 <DIR> d-------- C:\Program Files\PowerISO
2008-03-27 09:54 . 2008-03-27 09:54 <DIR> d-------- C:\WINDOWS\system32\languages
2008-03-27 02:14 . 2008-03-27 09:54 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-27 02:14 . 2008-03-27 09:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:42 . 2008-03-26 23:42 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DivX
2008-03-26 23:40 . 2008-03-26 23:41 <DIR> d-------- C:\Program Files\DivX
2008-03-26 12:44 . 2008-03-26 23:38 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-26 12:43 . 2008-03-26 12:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\DVD2AVI Ripper
2008-03-19 19:43 . 2008-03-19 19:43 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-03-19 19:41 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:47 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Autodesk
2008-03-19 19:19 . 2008-03-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-03-19 19:07 . 2008-03-19 19:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-19 19:07 . 2008-03-19 19:07 <DIR> d-------- C:\Program Files\Autodesk
2008-03-19 18:38 . 2008-03-19 18:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-19 18:35 . 2008-03-19 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-19 18:33 . 2008-03-19 18:33 <DIR> dr-h----- C:\MSOCache
2008-03-19 16:47 . 2008-03-19 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-19 15:32 . 2008-04-04 20:32 <DIR> d-------- C:\Dočasné soubory
2008-03-19 13:26 . 2008-03-19 13:26 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:19 . 2008-03-18 20:19 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\vlc
2008-03-18 20:11 . 2008-03-18 20:11 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-18 20:02 . 2008-03-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 20:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 20:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:57 . 2008-04-04 20:43 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\Azureus
2008-03-18 19:55 . 2008-03-18 19:55 <DIR> d-------- C:\Program Files\Java
2008-03-18 19:55 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 19:54 . 2008-03-18 19:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-18 18:51 . 2008-04-04 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 18:51 . 2008-03-18 18:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iTunes
2008-03-18 18:50 . 2008-03-18 18:50 <DIR> d-------- C:\Program Files\iPod
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\QuickTime
2008-03-18 18:49 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Bonjour
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-18 18:48 . 2008-03-18 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-18 18:48 . 2008-03-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-18 18:08 . 2008-04-04 18:38 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Program Files\ICQ6
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 18:08 . 2008-03-19 14:07 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\ICQ
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:33 . 2008-03-18 16:33 <DIR> d-------- C:\Documents and Settings\ulicnik\Data aplikací\CyberLink
2008-03-18 16:32 . 2008-03-18 16:32 <DIR> d-------- C:\Images
2008-03-18 16:27 . 2008-04-04 14:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Program Files\CyberLink
2008-03-18 16:18 . 2008-03-18 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-03-18 16:17 . 2008-03-18 16:17 <DIR> d-------- C:\Program Files\D-Tools
2008-03-18 16:17 . 2004-08-22 17:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-03-18 16:17 . 2004-08-22 17:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Logitech
2008-03-18 16:14 . 2008-03-18 16:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-18 16:14 . 2004-05-14 00:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-03-18 16:14 . 2004-05-14 00:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-03-18 16:14 . 2004-05-14 00:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-03-18 16:14 . 2004-05-14 00:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-03-18 16:14 . 2004-05-14 00:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-03-18 16:14 . 2004-05-14 00:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-03-18 16:09 . 2008-03-18 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2008-03-18 16:04 . 2008-03-18 16:04 <DIR> d-------- C:\Program Files\PC-TV
2008-03-18 16:02 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-18 16:01 . 2004-08-17 16:49 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-03-18 16:01 . 2004-08-17 16:49 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-03-18 16:01 . 2004-08-17 16:49 54,272 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-03-18 16:01 . 2004-08-17 16:49 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-03-18 16:01 . 2004-08-17 16:49 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-03-18 15:34 . 2008-03-18 15:34 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-18 15:34 . 2008-03-18 15:34 <DIR> d-------- C:\WINDOWS\Profiles
2008-03-18 15:34 . 2008-03-18 15:34 <DIR> d-------- C:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 20:05 --------- d-----w C:\Program Files\ATI Technologies
2008-03-17 19:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 17:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_20.02.24,89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-03 20:30:55 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-04-03 20:30:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-04-03 20:30:56 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-04-03 20:30:56 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-04-03 19:29:07 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-03-05 06:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-04 16:57:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"CreativeMouse "="C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe" [2003-07-29 23:12 503808]
"CreativeKeyboard "="C:\Program Files\Creative\Desktop Wireless\kb_2k.exe" [2003-07-31 11:24 1253376]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Nero DriveSpeed"="C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2004-06-28 23:22 585728]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09 200704]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 14:50 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 22:18:22 10872]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 14:04:14 1196032]
WinManager.lnk - C:\Program Files\PC-TV\WinManager\WinManager.exe [2008-03-18 16:04:29 61440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 878BDA;DVB-TV 878 BDA Driver;C:\WINDOWS\system32\Drivers\878BDA.sys [2006-04-04 11:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 11:03:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 20:43:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-04 20:44:08
ComboFix-quarantined-files.txt 2008-04-04 18:44:00
ComboFix2.txt 2008-04-04 16:41:21
ComboFix3.txt 2008-04-04 15:41:01
ComboFix4.txt 2008-04-03 18:48:31
ComboFix5.txt 2008-04-03 18:12:23
Adresářů: 8, Volných bajtů: 1,975,029,760
Adresářů: 11, Volných bajtů: 1,964,507,136

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře: ComboFix /u
-(mezi comobofix a /u musí být mezera) a dej Ok.

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

Máš ještě problémy?

[uličník]

Tak sem si vybral Comodo. Problémy už nemám všechno je v poho:) Díky moc moc, seš dobrej, fakt supr:) A to fórum je skvělá věc:)

[fredik]

Nemáš za co , kdyby byl nějaký problém tak dej vědět.

Jinak kdyby jsi potřeboval, tak menší návod a zatím přeloženou nápovědu do cz k němu najdeš ze:
Navod a nastavenia - Comodo Firewall 3