PROSÍM O KONTROLU LOGU!!!

[Decimus]

MÁ ZA NÁSLEDEK SPUSTENI KODU, KTERY PRI NACTENI STRANEK ZOBRAZUJE JINE OBRAZKY A NUTI ME NA NE KLIKNOUT.

Logfile of HijackThis v1.99.1
Scan saved at 18:19:27, on 21.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\totalcmd1\TOTALCMD.EXE
C:\DOCUME~1\Decimus\LOCALS~1\Temp\_tc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4FEF405B-E03D-4876-AFE6-F99FCAFDFECD} - C:\WINDOWS\system32\pmnnmNEv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\vtUonmNE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BM236d4b51] Rundll32.exe "C:\WINDOWS\system32\dpmnssqq.dll",s
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7031814437
O17 - HKLM\System\CCS\Services\Tcpip\..\{D86B602B-7640-4E98-BE6B-F16B1CBC04D9}: NameServer = 62.84.129.4,213.155.229.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: vtUonmNE - C:\WINDOWS\SYSTEM32\vtUonmNE.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Reklama]

[fredik]

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Decimus]

ComboFix 08-05-21.2 - Decimus 2008-05-22 15:58:30.1 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.797 [GMT 2:00]
Running from: C:\Documents and Settings\Decimus\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM236d4b51.xml
C:\WINDOWS\system32\ccbddfii.ini
C:\WINDOWS\system32\ccbddfii.ini2
C:\WINDOWS\system32\epmnahwy.ini
C:\WINDOWS\system32\GjmmVyxx.ini2
C:\WINDOWS\system32\pdqqjrmo.exe
C:\WINDOWS\system32\twHjlnmp.ini
C:\WINDOWS\system32\twHjlnmp.ini2
C:\WINDOWS\system32\vENmnnmp.ini2
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 15:19 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 15:19 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 15:19 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 15:19 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 15:19 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 15:19 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 15:19 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 15:19 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 15:19 . 2008-05-22 15:19 3,042 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 22:44 . 2008-05-21 23:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-21 22:39 . 2008-05-21 22:40 128,000 --a------ C:\WINDOWS\system32\secetwoa.dll.vir
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\ćablony
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Program Files\Crawler
2008-05-21 17:34 . 2008-05-21 17:34 370,176 --a------ C:\WINDOWS\system32\pmnnmNEv.dll.vir
2008-05-21 17:17 . 2008-05-21 17:17 115,200 --a------ C:\WINDOWS\system32\opsxwcik.dll.vir
2008-05-20 22:01 . 2008-05-20 22:01 42,852 --a------ C:\Soumrak_dne.jpg
2008-05-20 21:03 . 2008-05-20 21:03 370,176 --a------ C:\WINDOWS\system32\pmnljHwt.dll.vir
2008-05-20 21:00 . 2008-05-20 21:00 117,248 --a------ C:\WINDOWS\system32\ggmlpthn.dll.vir
2008-05-20 20:50 . 2008-05-20 20:50 57,344 --a------ C:\WINDOWS\system32\vtUonmNE.dll.vir
2008-05-19 16:25 . 2008-05-19 16:25 79,225 --a------ C:\z mek.jpg
2008-05-17 16:05 . 2008-05-17 16:05 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 14:20 . 2000-06-08 17:00 5,532 --------- C:\WINDOWS\system32\Stdole.tlb
2008-05-16 14:20 . 2008-05-16 14:22 3,126 --------- C:\WINDOWS\system32\tempimg.tmp
2008-05-16 14:19 . 2008-05-16 14:19 <DIR> d-------- C:\WINDOWS\system32\ac
2008-05-16 14:19 . 2008-05-16 14:20 <DIR> d-------- C:\Program Files\AudioConvert
2008-05-16 14:19 . 2001-09-27 10:51 299,008 --------- C:\WINDOWS\system32\IGTabs40.ocx
2008-05-16 14:19 . 2001-11-06 07:57 233,472 --------- C:\WINDOWS\system32\SmartMenuXP.ocx
2008-05-16 14:19 . 2002-09-06 12:36 233,472 --------- C:\WINDOWS\system32\lame_enc.dll
2008-05-16 14:19 . 2002-03-15 17:36 180,224 --------- C:\WINDOWS\system32\ListbarControl.ocx
2008-05-16 14:19 . 2002-01-15 00:36 172,032 --------- C:\WINDOWS\system32\MP2enc.dll
2008-05-16 14:19 . 2001-06-26 15:10 69,632 --------- C:\WINDOWS\system32\arflatbutton.ocx
2008-05-16 14:19 . 2002-04-03 00:00 65,536 --------- C:\WINDOWS\system32\fltcmb.ocx
2008-05-16 14:19 . 2001-10-13 23:48 28,672 --------- C:\WINDOWS\system32\SmartMenuXP.dll
2008-05-15 22:32 . 2008-05-15 22:32 16,171 --a------ C:\PUMA.jpg
2008-05-14 22:49 . 2008-05-14 22:49 24,565 --a------ C:\167.jpg
2008-05-14 21:24 . 2008-05-14 21:24 31,356 --a------ C:\12_Opic.jpg
2008-05-07 13:25 . 2005-01-05 13:13 36,864 --------- C:\WINDOWS\system32\APCSnmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 13:56 --------- d-----w C:\Program Files\GetRight
2008-05-22 13:44 --------- d-----w C:\Program Files\Trojan Remover
2008-05-21 20:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 19:23 --------- d-----w C:\Program Files\PowerISO
2008-05-20 18:51 --------- d-----w C:\Program Files\ImTOO
2008-05-17 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 13:59 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-17 13:48 --------- d-----w C:\Program Files\NewTech Infosystems
2008-05-10 19:23 6,144 ------w C:\WINDOWS\system32\drivers\NTIDrvr.sys
2008-05-07 11:25 --------- d-----w C:\Program Files\APC
2008-04-20 20:30 --------- d-----w C:\Program Files\DivX
2008-04-17 15:12 --------- d-----w C:\Program Files\Azureus
2008-04-12 20:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 21:31 --------- d-----w C:\Program Files\KProbe
2008-04-09 21:29 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 10:05 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-04-09 10:04 --------- d-----w C:\Program Files\SolidWorks
2008-04-09 10:00 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2008-04-09 09:56 --------- d-----w C:\Program Files\MSBuild
2008-04-09 09:53 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-09 09:52 --------- d-----w C:\Program Files\MSECache
2008-03-23 22:43 22,328 ------w C:\WINDOWS\system32\drivers\PnkBstrK.sys
.

------- Sigcheck -------

2002-09-20 20:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
2004-08-17 15:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 15:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 15:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-17 15:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 15:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 15:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 15:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 25088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-21 23:44 1510640]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-06 15:15 917504]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 13:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 16:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 23:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.uldx"= C:\PROGRA~1\ULEADS~1\ULEADD~1\ULEADD~1\DivX_UL.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"D:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\APC\\PowerChute Business Edition\\agent\\pbeagent.exe"=

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05]
R2 APCPBEAgent;APC PBE Agent;C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe [2006-08-22 09:19]
R3 Cap7134;Philips WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-03-07 13:00]
R3 PhTVTune;Philips WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-03-07 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00]
S3 FlyPCI;FlyPCI;C:\PROGRA~1\FLY200~1\FlyPCI.sys [2003-10-10 13:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C397C2C-2A8E-76CD-1A66-818D6CD882A1}]
C:\WINDOWS\system32:regedt.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 12:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:01:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2008-05-22 16:05:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 14:05:03

Adresářů: 10, Volných bajtů: 15,988,883,456
Adres ý…: 13, Volněch bajt…: 15,862,312,960

221 --- E O F --- 2008-05-17 19:17:13

[Decimus]

PROSÍM O DOKONČENÍ ČIŠTĚNÍ, VŠE SE ZDÁ BÝTI SVIŽNĚJŠÍ, JE TŘEBA PO TOMTO VÝPISU NĚCO UDĚLAT??? DĚKUJI!!!

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\secetwoa.dll.vir
C:\WINDOWS\system32\pmnnmNEv.dll.vir
C:\WINDOWS\system32\opsxwcik.dll.vir
C:\WINDOWS\system32\pmnljHwt.dll.vir
C:\WINDOWS\system32\ggmlpthn.dll.vir
C:\WINDOWS\system32\vtUonmNE.dll.vir

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C397C2C-2A8E-76CD-1A66-818D6CD882A1}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Decimus]

ComboFix 08-05-21.2 - Decimus 2008-05-22 17:54:05.4 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.798 [GMT 2:00]
Running from: C:\Documents and Settings\Decimus\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Decimus\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ggmlpthn.dll.vir
C:\WINDOWS\system32\opsxwcik.dll.vir
C:\WINDOWS\system32\pmnljHwt.dll.vir
C:\WINDOWS\system32\pmnnmNEv.dll.vir
C:\WINDOWS\system32\secetwoa.dll.vir
C:\WINDOWS\system32\vtUonmNE.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000117_.tmp.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\ggmlpthn.dll.vir
C:\WINDOWS\system32\opsxwcik.dll.vir
C:\WINDOWS\system32\pmnljHwt.dll.vir
C:\WINDOWS\system32\pmnnmNEv.dll.vir
C:\WINDOWS\system32\secetwoa.dll.vir
C:\WINDOWS\system32\vtUonmNE.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 15:19 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 15:19 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 15:19 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 15:19 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 15:19 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 15:19 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 15:19 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 15:19 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 15:19 . 2008-05-22 15:19 3,042 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 22:44 . 2008-05-21 23:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-21 22:44 . 2008-05-21 22:44 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\SUPERAntiSpyware.com
2008-05-21 22:44 . 2008-05-21 22:44 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\SUPERAntiSpyware.com
2008-05-21 22:44 . 2008-05-21 22:44 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\SUPERAntiSpyware.com
2008-05-21 22:44 . 2008-05-21 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací
2008-05-21 19:32 . 2008-05-21 22:32 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Program Files\Crawler
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\Spyware Terminator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\Spyware Terminator
2008-05-21 17:51 . 2008-05-21 22:32 <DIR> d-------- C:\Documents and Settings\Decimus\Data aplikací\Spyware Terminator
2008-05-20 22:01 . 2008-05-20 22:01 42,852 --a------ C:\Soumrak_dne.jpg
2008-05-19 16:25 . 2008-05-19 16:25 79,225 --a------ C:\zámek.jpg
2008-05-17 16:05 . 2008-05-17 16:05 <DIR> d-------- C:\Program Files\CCleaner
2008-05-16 14:20 . 2000-06-08 17:00 5,532 --------- C:\WINDOWS\system32\Stdole.tlb
2008-05-16 14:20 . 2008-05-16 14:22 3,126 --------- C:\WINDOWS\system32\tempimg.tmp
2008-05-16 14:19 . 2008-05-16 14:19 <DIR> d-------- C:\WINDOWS\system32\ac
2008-05-16 14:19 . 2008-05-16 14:20 <DIR> d-------- C:\Program Files\AudioConvert
2008-05-16 14:19 . 2001-09-27 10:51 299,008 --------- C:\WINDOWS\system32\IGTabs40.ocx
2008-05-16 14:19 . 2001-11-06 07:57 233,472 --------- C:\WINDOWS\system32\SmartMenuXP.ocx
2008-05-16 14:19 . 2002-09-06 12:36 233,472 --------- C:\WINDOWS\system32\lame_enc.dll
2008-05-16 14:19 . 2002-03-15 17:36 180,224 --------- C:\WINDOWS\system32\ListbarControl.ocx
2008-05-16 14:19 . 2002-01-15 00:36 172,032 --------- C:\WINDOWS\system32\MP2enc.dll
2008-05-16 14:19 . 2001-06-26 15:10 69,632 --------- C:\WINDOWS\system32\arflatbutton.ocx
2008-05-16 14:19 . 2002-04-03 00:00 65,536 --------- C:\WINDOWS\system32\fltcmb.ocx
2008-05-16 14:19 . 2001-10-13 23:48 28,672 --------- C:\WINDOWS\system32\SmartMenuXP.dll
2008-05-15 22:32 . 2008-05-15 22:32 16,171 --a------ C:\PUMA.jpg
2008-05-14 22:49 . 2008-05-14 22:49 24,565 --a------ C:\167.jpg
2008-05-14 21:24 . 2008-05-14 21:24 31,356 --a------ C:\12_Opic.jpg
2008-05-07 13:25 . 2005-01-05 13:13 36,864 --------- C:\WINDOWS\system32\APCSnmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 13:56 --------- d-----w C:\Program Files\GetRight
2008-05-22 13:44 --------- d-----w C:\Program Files\Trojan Remover
2008-05-21 21:40 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Azureus
2008-05-21 21:40 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Azureus
2008-05-21 21:40 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Azureus
2008-05-21 20:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 19:23 --------- d-----w C:\Program Files\PowerISO
2008-05-20 18:51 --------- d-----w C:\Program Files\ImTOO
2008-05-17 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 13:59 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-17 13:48 --------- d-----w C:\Program Files\NewTech Infosystems
2008-05-15 12:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-05-10 19:23 6,144 ------w C:\WINDOWS\system32\drivers\NTIDrvr.sys
2008-05-09 10:42 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\DVD Shrink
2008-05-09 10:42 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\DVD Shrink
2008-05-09 10:42 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\DVD Shrink
2008-05-07 11:25 --------- d-----w C:\Program Files\APC
2008-05-01 21:39 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Autodesk
2008-05-01 21:39 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Autodesk
2008-05-01 21:39 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Autodesk
2008-05-01 21:39 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-04-29 20:13 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Skype
2008-04-29 20:13 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Skype
2008-04-29 20:13 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Skype
2008-04-20 20:30 --------- d-----w C:\Program Files\DivX
2008-04-19 09:00 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Simply Super Software
2008-04-19 09:00 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Simply Super Software
2008-04-19 09:00 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Simply Super Software
2008-04-17 17:43 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2008-04-17 15:12 --------- d-----w C:\Program Files\Azureus
2008-04-12 20:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 21:31 --------- d-----w C:\Program Files\KProbe
2008-04-09 21:29 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 10:16 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks
2008-04-09 10:16 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks
2008-04-09 10:16 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks
2008-04-09 10:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\COSMOS Applications
2008-04-09 10:08 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks 2008
2008-04-09 10:08 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks 2008
2008-04-09 10:08 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\SolidWorks 2008
2008-04-09 10:05 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-04-09 10:04 --------- d-----w C:\Program Files\SolidWorks
2008-04-09 10:00 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2008-04-09 10:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SolidWorks
2008-04-09 09:56 --------- d-----w C:\Program Files\MSBuild
2008-04-09 09:53 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-09 09:52 --------- d-----w C:\Program Files\MSECache
2008-04-05 21:52 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SlySoft
2008-04-05 17:53 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\InstallShield
2008-04-05 17:53 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\InstallShield
2008-04-05 17:53 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\InstallShield
2008-03-31 21:25 831,488 ------w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ------w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ------w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ------w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ------w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ------w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 14:10 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Xfire
2008-03-29 14:10 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Xfire
2008-03-29 14:10 --------- d-----w C:\Documents and Settings\Decimus\Data aplikací\Xfire
2008-03-23 22:43 22,328 ------w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-23 22:43 107,832 ------w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-21 20:30 524,288 ------w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ------w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ------w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ------w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ------w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ------w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ------w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ------w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ------w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ------w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ------w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ------w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ------w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2007-11-25 21:58 22,328 ----a-w C:\Documents and Settings\Decimus\Data aplikací\PnkBstrK.sys
2007-11-25 21:58 22,328 ----a-w C:\Documents and Settings\Decimus\Data aplikací\PnkBstrK.sys
2007-11-25 21:58 22,328 ----a-w C:\Documents and Settings\Decimus\Data aplikací\PnkBstrK.sys
.

------- Sigcheck -------

2002-09-20 20:05 516608 ff8857d1af59071f172c0fad0fd33e87 C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
2004-08-17 15:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-17 15:49 541696 96112b362a1f419384ce57e5d92c6267 C:\WINDOWS\system32\winlogon.exe
2004-08-17 15:49 502272 221c29ae1b4cc61d11d8b27de78b2307 C:\WINDOWS\VistaMizer\old\winlogon.exe

2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-17 15:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1551872 3ac47eac2bd0b93621b55dcd4c547956 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 15:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-17 15:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 15:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.04.55.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 14:00:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 15:53:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-22 13:32:22 84,116 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-05-22 15:51:59 84,116 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-05-22 13:32:22 72,230 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-22 15:51:59 72,230 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-22 13:32:22 441,046 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-05-22 15:51:59 441,046 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-05-22 13:32:22 441,320 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-22 15:51:59 441,320 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 25088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-21 23:44 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-06 15:15 917504]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 13:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 16:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 25088]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-08-06 15:28:35 221247]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 23:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.uldx"= C:\PROGRA~1\ULEADS~1\ULEADD~1\ULEADD~1\DivX_UL.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"D:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\APC\\PowerChute Business Edition\\agent\\pbeagent.exe"=

S1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05]
S2 APCPBEAgent;APC PBE Agent;C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe [2006-08-22 09:19]
S3 Cap7134;Philips WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-03-07 13:00]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00]
S3 FlyPCI;FlyPCI;C:\PROGRA~1\FLY200~1\FlyPCI.sys [2003-10-10 13:06]
S3 PhTVTune;Philips WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-03-07 13:00]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 12:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 17:55:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-05-22 17:56:11
ComboFix-quarantined-files.txt 2008-05-22 15:55:58

Adresářů: 10, Volných bajtů: 15,785,869,312
Adresářů: 13, Volných bajtů: 15,771,389,952

269 --- E O F --- 2008-05-17 19:17:13







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:14, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\totalcmd1\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7031814437
O17 - HKLM\System\CCS\Services\Tcpip\..\{D86B602B-7640-4E98-BE6B-F16B1CBC04D9}: NameServer = 62.84.129.4,213.155.229.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8997 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Případně můžeš fixnout v HJT tyto položky, není potřeba aby se spouštěly při startu Win.

Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner

Máš ještě problémy?

[Decimus]

PC je podstatne sviznejsi a rychlejsi. Reklamy na internetovych strankach se uz misto obrazku nezobrazuji. Vse zatim funguje jak ma, mozna i neco rychleji . Projel jsem jeste comp SUPERantispywarem, ten nasel nejakej aware a odstranil. TAKZE ZATIM VELKA CHVALA VAM!!! MOC DEKUJI, KRASNY DEN!

[fredik]

Nemáš za co, kdyby byl nějaký problém tak dej vědět