Suspensor PC

[Luke288]

zdravím. mám takové hloupé tušení, že i mě se chytnul Suspenzor. zkusil jsem jak jsem se zde dočetl použít program SuperAntiSpyWare po aktualizaci v nouzovém režimu, zkusil jsem Ad-Aware, mám NOD32 v kombinaci s Keriem. nic nepomáhá, stále občas vyběhne suspenzor, názorně to poznám na strance dsl.cz kdy mi místo volby otestovat rychlost vyběhne okno bud se suspenzorem nebo nějaká casina. formát systému se mi jeví až jako krajní řešení (hlavně proto, že jsem ho dělal před měsíce po 5ti letech bezproblémového běhu, protože při kombinaci zabezpečení, které používám, se mi nikdy nic do kompu nedostalo. pak k tomu sedne mladá a během odpoledne je vymalováno, protože prej na ní pořád vyskakovalo něco "povolit/zakázat", tak dávala furt povolit, aniž by si něco četla). přikládám log z HJT, pokud z něho něco vyčtete a budete schopni mě nasměrovat, jak se toho parchanta zbavit, protože mi nefunguje např ani veškeré vyhledávání na internetu, budu vám vděčný.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:52, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BM97223891] Rundll32.exe "C:\WINDOWS\system32\irpwgrmo.dll",s
O4 - HKLM\..\Run: [94110b0d] rundll32.exe "C:\WINDOWS\system32\rkuqmdyp.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5681564687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 9724 bytes

//téma rozděleno
fredik

[Reklama]

[fredik]

Vítej na fóru

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

PS: příště si založ prosím tě vlastní téma, i kdyby jsi měl stejný problém, jako se zde řeší. Dík.

[Luke288]

ahoj, předem se omlouvám za špatné zatřídění příspěvku. děkuji za odpověď a přikládám log z combofixu
ComboFix 08-05-29.1 - PC 2008-05-30 7:34:37.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.434 [GMT 2:00]
Running from: C:\Documents and Settings\PC\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM97223891.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\HhjQBJlm.ini
C:\WINDOWS\system32\HhjQBJlm.ini2
C:\WINDOWS\system32\irpwgrmo.dll
C:\WINDOWS\system32\jkkHATjK.dll
C:\WINDOWS\system32\jPsvxyxx.ini
C:\WINDOWS\system32\jPsvxyxx.ini2
C:\WINDOWS\system32\ljJBqnKe.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pydmqukr.ini
C:\WINDOWS\system32\qqkxqhdk.dll
C:\WINDOWS\system32\rkuqmdyp.dll
C:\WINDOWS\system32\spwugati.ini
C:\WINDOWS\system32\vbvsihow.ini
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wohisvbv.dll
C:\WINDOWS\system32\xxyvvWop.dll
C:\WINDOWS\system32\xxyxvsPj.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 20:32 . 2008-03-16 14:44 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-05-29 20:32 . 2008-05-29 20:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-05-29 20:32 . 2008-05-29 20:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-29 20:26 . 2008-05-29 20:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-29 20:26 . 2008-05-29 20:26 780 --a------ C:\SUPERAntiSpyware Free Edition.lnk
2008-05-29 20:25 . 2008-05-29 20:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 19:56 . 2008-05-30 07:38 4,958,588 --------- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000008-10211102}.BAK
2008-05-29 17:50 . 2008-05-29 17:57 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-29 17:20 . 2008-05-29 17:20 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 17:19 . 2008-05-29 17:21 <DIR> d-------- C:\Program Files\CCleaner
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\mon
2008-05-29 12:42 . 2008-05-29 12:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-29 12:41 . 2008-05-29 12:41 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-29 12:41 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-29 12:32 . 2008-05-29 12:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-28 19:53 . 2008-05-28 19:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-28 17:32 . 2008-05-28 17:32 <DIR> d-------- C:\Program Files\Webteh
2008-05-28 16:58 . 2008-05-28 16:58 32,256 --a------ C:\WINDOWS\system32\winjrs32.dll
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-28 16:45 . 2004-08-18 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-27 19:55 . 2004-08-18 14:00 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-05-27 19:00 . 2008-05-27 19:00 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-27 15:30 . 2008-05-27 15:31 <DIR> d-------- C:\Program Files\Opera 9.5 beta
2008-05-26 12:26 . 2008-05-26 12:26 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-26 12:20 . 2007-03-08 01:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-05-26 12:20 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 12:20 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 15:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-22 15:09 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-22 15:09 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-05-22 15:09 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-22 15:09 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-05-22 15:09 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-22 15:09 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-22 15:09 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-21 22:11 . 2008-05-21 22:11 <DIR> d-------- C:\Program Files\Java
2008-05-21 22:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-21 22:08 . 2008-05-21 22:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-21 19:06 . 2008-05-21 19:06 <DIR> d-------- C:\Program Files\IrfanView
2008-05-19 18:36 . 2008-05-19 18:37 <DIR> d-------- C:\Program Files\uTorrent
2008-05-19 18:32 . 2008-05-19 18:32 <DIR> d-------- C:\Program Files\QIP
2008-05-19 18:23 . 2008-05-19 18:23 <DIR> d-------- C:\Program Files\QIP Infium
2008-05-19 01:00 . 2008-05-19 01:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-19 00:44 . 2008-05-19 00:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 23:35 . 2008-05-18 23:35 <DIR> d-------- C:\Program Files\NetLimiter 2 Monitor
2008-04-25 14:52 . 2008-04-25 14:52 0 --a------ C:\WINDOWS\msicpl.ini
2008-04-25 14:38 . 2008-05-22 15:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-25 14:27 . 2008-04-25 14:27 <DIR> d-------- C:\Program Files\Activision
2008-04-25 14:21 . 2008-04-25 14:21 <DIR> d-------- C:\Program Files\D-Tools
2008-04-25 14:21 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-04-25 14:21 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-04-25 14:14 . 2008-04-25 14:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 13:54 . 2008-04-25 13:54 <DIR> d-------- C:\Program Files\SBSH
2008-04-25 13:53 . 2008-05-28 17:06 <DIR> d-------- C:\totalcmd
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\UC.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-25 13:53 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-25 13:53 . 2008-05-29 16:48 393 --a------ C:\WINDOWS\wincmd.ini
2008-04-11 00:25 . 2008-04-11 00:25 <DIR> d-------- C:\Program Files\PSCS2Updater
2008-04-11 00:22 . 2008-04-11 00:22 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-11 00:18 . 2008-05-14 15:29 <DIR> d-------- C:\Documents and Settings\PC\Phone Browser
2008-04-08 18:38 . 2008-04-11 00:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-08 16:29 . 2008-04-08 16:29 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-04-08 16:27 . 2008-04-08 16:29 <DIR> d-------- C:\Program Files\SlySoft
2008-04-08 15:34 . 2008-05-29 17:39 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-07 22:17 . 2007-03-08 01:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-04-07 22:16 . 2008-05-26 12:27 <DIR> d-------- C:\Program Files\Winamp
2008-04-07 22:14 . 2008-04-07 22:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-07 22:12 . 2008-04-07 22:12 <DIR> d-------- C:\pdf995
2008-04-07 22:12 . 2008-04-07 22:12 110,642 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-07 22:12 . 2008-04-07 22:12 45,244 --a------ C:\WINDOWS\system32\pdfmon.dll
2008-04-07 22:03 . 2008-04-07 22:03 <DIR> d-------- C:\Program Files\Nero
2008-04-07 22:03 . 2008-04-07 22:05 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 21:49 . 2008-04-07 21:49 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-04-07 21:49 . 2008-04-07 21:49 <DIR> d-------- C:\Program Files\ACD Systems
2008-04-07 19:45 . 2008-04-11 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikac
2008-04-07 19:44 . 2008-04-07 19:44 37 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-04-07 19:43 . 2008-04-07 19:44 <DIR> d-------- C:\Program Files\DivX
2008-04-07 19:43 . 2008-04-07 19:45 455 --a------ C:\WINDOWS\VFO.VST
2008-04-07 19:31 . 2008-04-07 19:31 <DIR> d-------- C:\Program Files\Steinberg
2008-04-07 19:31 . 2008-04-07 19:31 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-04-07 19:31 . 2008-04-07 19:31 2,019 --a------ C:\WINDOWS\NewRecorder.reg
2008-04-07 19:30 . 2008-04-07 19:30 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-07 19:28 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-04-07 19:24 . 2008-04-07 19:24 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-07 19:23 . 2003-11-25 06:02 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-04-07 19:23 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-04-07 19:23 . 2003-11-25 06:02 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-04-07 19:23 . 2003-11-25 06:02 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-04-07 19:23 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-04-07 19:23 . 2003-11-25 06:02 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-04-07 19:23 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-04-07 19:23 . 2003-11-25 06:02 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-04-07 19:23 . 2008-04-11 13:10 1,194 --a------ C:\WINDOWS\VFO.INI
2008-04-07 19:17 . 2008-04-07 19:31 <DIR> d-------- C:\Program Files\Pinnacle
2008-04-07 19:17 . 2005-02-09 12:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-04-07 19:14 . 2008-04-07 19:14 <DIR> d-------- C:\Program Files\Kerio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 16:00 --------- d-----w C:\Program Files\Eset
2008-05-29 10:42 --------- d-----w C:\Program Files\MSBuild
2008-05-27 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 21:24 --------- d-----w C:\Program Files\Opera
2008-04-07 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 22:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D262391A-7662-49DC-9BF5-69F7B40EAC17}]
C:\WINDOWS\system32\mlJBQjhH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:50 1289000]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 11:34 1346560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-19 12:56 7315456]
"nwiz"="nwiz.exe" [2005-12-19 12:56 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-06 17:19 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-06 17:20 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-19 12:56 86016]
"CTHelper"="CTHELPER.EXE" [2005-12-08 13:06 16384 C:\WINDOWS\CTHELPER.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-16 20:16 917504]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-04-08 16:30 454144]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Documents and Settings\\PC\\Plocha\\utorrent-lite\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 14:50]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2005-02-10 11:55]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b7aae86-f383-11dc-8f86-0011095dbcc9}]
\Shell\AutoRun\command - J:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 07:40:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-05-30 7:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 05:43:35

Adresářů: 8, Volných bajtů: 48,258,801,664
Adres ý…: 11, Volněch bajt…: 49,433,112,576

264 --- E O F --- 2008-05-28 12:16:06

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\mlJBQjhH.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D262391A-7662-49DC-9BF5-69F7B40EAC17}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Luke288]

ahoj, tak jsem udělal a tady je výsledek
combofix
ComboFix 08-05-29.1 - PC 2008-06-01 20:12:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.554 [GMT 2:00]
Running from: C:\Documents and Settings\PC\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\PC\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mlJBQjhH.dll
C:\WINDOWS\system32\winjrs32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winjrs32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-30 14:20 . 2008-05-30 14:21 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 20:33 . 2008-05-29 20:33 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-05-29 20:32 . 2008-03-16 14:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-05-29 20:32 . 2008-03-16 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-05-29 20:32 . 2008-05-29 20:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-05-29 20:32 . 2008-05-29 20:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-29 20:26 . 2008-05-29 20:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-29 20:26 . 2008-05-29 20:26 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\SUPERAntiSpyware.com
2008-05-29 20:26 . 2008-05-29 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-05-29 20:26 . 2008-05-29 20:26 780 --a------ C:\SUPERAntiSpyware Free Edition.lnk
2008-05-29 20:25 . 2008-05-29 20:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 19:56 . 2008-06-01 20:01 4,958,588 --a------ C:\WINDOWS\{00000003-00000000-00000000-00001102-00000008-10211102}.BAK
2008-05-29 17:50 . 2008-05-29 17:57 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-29 17:47 . 2008-05-29 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-05-29 17:20 . 2008-05-29 17:20 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 17:19 . 2008-05-29 17:21 <DIR> d-------- C:\Program Files\CCleaner
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\mon
2008-05-29 12:42 . 2008-05-29 12:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-29 12:41 . 2008-05-29 12:41 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-29 12:41 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-29 12:32 . 2008-05-29 12:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-28 19:53 . 2008-05-28 19:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-28 17:32 . 2008-05-28 17:32 <DIR> d-------- C:\Program Files\Webteh
2008-05-28 16:45 . 2008-05-28 16:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-28 16:45 . 2004-08-18 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-27 19:55 . 2004-08-18 14:00 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-05-27 19:00 . 2008-05-27 19:00 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-27 15:30 . 2008-05-27 15:31 <DIR> d-------- C:\Program Files\Opera 9.5 beta
2008-05-26 12:26 . 2008-05-26 12:26 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-26 12:26 . 2008-05-26 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-05-26 12:20 . 2007-03-08 01:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-05-26 12:20 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-26 12:20 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 15:21 . 2008-05-22 15:22 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Off Road
2008-05-22 15:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-22 15:09 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-22 15:09 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-05-22 15:09 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-22 15:09 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-05-22 15:09 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-22 15:09 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-05-22 15:09 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-21 22:11 . 2008-05-21 22:11 <DIR> d-------- C:\Program Files\Java
2008-05-21 22:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-21 22:08 . 2008-05-21 22:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-21 19:06 . 2008-05-21 19:06 <DIR> d-------- C:\Program Files\IrfanView
2008-05-19 18:36 . 2008-05-19 18:37 <DIR> d-------- C:\Program Files\uTorrent
2008-05-19 18:36 . 2008-06-01 20:01 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\uTorrent
2008-05-19 18:32 . 2008-05-19 18:32 <DIR> d-------- C:\Program Files\QIP
2008-05-19 18:24 . 2008-05-19 18:24 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\QIP
2008-05-19 18:23 . 2008-05-19 18:23 <DIR> d-------- C:\Program Files\QIP Infium
2008-05-19 01:00 . 2008-05-19 01:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-19 00:44 . 2008-05-19 00:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 23:44 . 2008-05-18 23:44 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Locktime
2008-05-18 23:35 . 2008-05-18 23:35 <DIR> d-------- C:\Program Files\NetLimiter 2 Monitor
2008-05-18 23:35 . 2008-05-18 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Locktime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 16:00 --------- d-----w C:\Program Files\Eset
2008-05-29 10:42 --------- d-----w C:\Program Files\MSBuild
2008-05-27 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 10:27 --------- d-----w C:\Program Files\Winamp
2008-05-22 13:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 23:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-05-18 21:24 --------- d-----w C:\Program Files\Opera
2008-04-25 12:27 --------- d-----w C:\Program Files\Activision
2008-04-25 12:21 --------- d-----w C:\Program Files\D-Tools
2008-04-25 11:54 --------- d-----w C:\Program Files\SBSH
2008-04-10 22:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-10 22:25 --------- d-----w C:\Program Files\PSCS2Updater
2008-04-10 22:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-10 22:22 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-08 14:29 --------- d-----w C:\Program Files\SlySoft
2008-04-08 14:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-08 11:32 --------- d-----w C:\Documents and Settings\PC\Data aplikací\ACD Systems
2008-04-07 20:15 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Lavasoft
2008-04-07 20:14 --------- d-----w C:\Program Files\Lavasoft
2008-04-07 20:12 45,244 ----a-w C:\WINDOWS\system32\pdfmon.dll
2008-04-07 20:12 110,642 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-04-07 20:10 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Ahead
2008-04-07 20:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-07 20:03 --------- d-----w C:\Program Files\Nero
2008-04-07 20:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2008-04-07 19:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-07 19:49 --------- d-----w C:\Program Files\ACD Systems
2008-04-07 19:49 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-04-07 17:44 --------- d-----w C:\Program Files\DivX
2008-04-07 17:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2008-04-07 17:31 2,019 ----a-w C:\WINDOWS\NewRecorder.reg
2008-04-07 17:31 --------- d-----w C:\Program Files\Steinberg
2008-04-07 17:31 --------- d-----w C:\Program Files\Pinnacle
2008-04-07 17:31 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-04-07 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 17:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-04-07 17:30 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-07 17:24 --------- d-----w C:\Program Files\SmartSound Software
2008-04-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2008-04-07 17:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
2008-04-07 17:14 --------- d-----w C:\Program Files\Kerio
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 22:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-16 18:16 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_ 7.42.19.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 05:39:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 18:02:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-01-05 18:55:34 316,416 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 13:31:34 317,952 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-08-18 12:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 13:34:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-18 12:00:00 54,784 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 13:34:41 54,784 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-18 12:00:00 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 13:34:43 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2004-08-18 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:39:21 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2007-01-05 18:55:34 316,416 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 13:31:34 317,952 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-18 12:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 13:34:42 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2006-10-18 19:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-11 21:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-18 12:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 13:34:43 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-08-18 12:00:00 54,784 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 13:34:41 54,784 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-18 12:00:00 216,064 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 13:34:43 216,064 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-18 12:00:00 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:39:21 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-18 12:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 13:34:42 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2008-05-30 05:40:08 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-06-01 18:02:52 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-05-30 05:40:08 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-06-01 18:02:52 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-05-30 05:40:08 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 18:02:52 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:50 1289000]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 11:34 1346560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-19 12:56 7315456]
"nwiz"="nwiz.exe" [2005-12-19 12:56 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-06 17:19 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-06 17:20 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-19 12:56 86016]
"CTHelper"="CTHELPER.EXE" [2005-12-08 13:06 16384 C:\WINDOWS\CTHELPER.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-16 20:16 917504]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-04-08 16:30 454144]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-16 17:01:27 2297856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Documents and Settings\\PC\\Plocha\\utorrent-lite\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 14:50]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2005-02-10 11:55]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b7aae86-f383-11dc-8f86-0011095dbcc9}]
\Shell\AutoRun\command - J:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 20:14:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-06-01 20:15:18
ComboFix-quarantined-files.txt 2008-06-01 18:15:10
ComboFix2.txt 2008-05-30 05:43:47

Adresářů: 8, Volných bajtů: 49,019,109,376
Adresářů: 11, Volných bajtů: 49,008,402,432

269 --- E O F --- 2008-06-01 17:42:28

a nový HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:49, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5681564687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 9950 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Máš ještě problémy?

[Luke288]

uninstaled.
už vypadá, že je pryč. děkuju moc chlapi, jediný co mi nefunguje je po vložení flashky takový to automatický přehávání. jakože strčim do čtečky kartu z fotaku a od tý doby co jsem měl suspenzora mi nenaběhne ta nabídka, co chci dělat, i když volbu automatické přehrání mám zaškrtnutou

[fredik]

Doporučil bych ti nechat si tuto funkci vypnutou jako prevenci proti tzv. flash virům, ale pokud chceš, tak si ji můžeš zapnout zpět.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom]
"AutoRun"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=-
"NoDriveAutoRun"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=-
"NoDriveAutoRun"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=-
"NoDriveAutoRun"=-

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

Restartuj Pc a po najetí zpět do Win. by mělo být vše Ok.

Nemáš za co

[Luke288]

až budu u domácího PC zkusím. ono já bych to klidně vypnutý nechal, ale nevim, jak manuálně spustit průvodce fotoaparáty a skenery na přenos a současné přejmenování.
jinak teda děkuju moc za ochotu, to jsem nečekal :)