Kontrola logu PC Vyřešeno

[Nero]

Dobrý den. Prosím o kontrolu logu počítače.Už nějakou dobu mi padá internet- Mozilla. Při použití IE se počítač úplně kousne a je potřeba ho restartovat. Asi před třemi dny mi zahlásil NOD 32 : V operační paměti nalezena aplikace Win32/Adware.Virtumonde.FP ! Operační paměť byla infikována ze souboru C:\WINDOWS\system32\efcBQife.dll. Virus nejde smazat,přesunout do karantény, ani léčit. Virový protokol NODu píše : jméno: C:\WINDOWS\system32\efcBQife.dll
virus: Win32/Adware.Virtumonde.FP aplikace
NT informace :Tato skutečnost byla zjištěna při pokusu o přístup k souboru
aplikací: C:\WINDOWS\system32\lsass.exe.

PC jsem čistil CCleanerem.
Děkuji moc za radu.

HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 13:23:31, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Safari\Safari.exe
E:\uTorrent\uTorrent.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\oem\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http:+/dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:+/dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {01021E06-18D0-45D8-97A9-AC9A24F73999} - C:\WINDOWS\system32\efcBQife.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [8955f] C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [8955f] C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "E:\uTorrent\uTorrent.exe"
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download with &Shareaza - res://E:\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online/online2/be ... der_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[Reklama]

[fredik]

Vítej na fóru

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vypni si v nastavení Spyware Terminátora integrovaný ClamAntivirus a pak udělej toto:

Jdi přes Start -> Spustit... otevře se ti okno kde do volného řádku napiš/zkopíruj postupně příkazy označené tučně:
sc config sp_clamsrv start= disabled
klikni buď na tlačítko OK nebo dej Enter
pak tam zkopíruj tento příkaz
sc stop sp_clamsrv
a zase buď klikni na tlačítko OK nebo dej Enter

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

Bylo by také dobré před spuštěním ComboFix vypnout Kerio a NOD po jeho proběhnutí si je zapnout zpět.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Nero]

Vítej na fóru

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vypni si v nastavení Spyware Terminátora integrovaný ClamAntivirus a pak udělej toto:

Jdi přes Start -> Spustit... otevře se ti okno kde do volného řádku napiš/zkopíruj postupně příkazy označené tučně:
sc config sp_clamsrv start= disabled
klikni buď na tlačítko OK nebo dej Enter
pak tam zkopíruj tento příkaz
sc stop sp_clamsrv
a zase buď klikni na tlačítko OK nebo dej Enter

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

Bylo by také dobré před spuštěním ComboFix vypnout Kerio a NOD po jeho proběhnutí si je zapnout zpět.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ahoj,tak jsem to udělal podle Tvých rad.NOD32 zahlásil :Operační paměť je v pořádku.
3 viry ve Windows:C:\WINDOWS\system32\efcBQife.dll - Win32/Adware.Virtumonde.FP aplikace
C:\WINDOWS\system32\hgGyxVPI.dll - Win32/Adware.Virtumonde aplikace
C:\WINDOWS\system32\xxyayXoM.dll - Win32/Adware.Virtumonde aplikace

Combofix:

ComboFix 08-06-05.3 - oem 2008-06-05 22:09:49.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.633 [GMT 2:00]
Running from: C:\Documents and Settings\oem\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\efiQBcfe.ini
C:\WINDOWS\system32\efiQBcfe.ini2
C:\WINDOWS\system32\jcsqdrfx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oehfaybs.dll
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-05 00:01 . 2008-06-05 00:06 50 --a------ C:\WINDOWS\Lic.xxx
2008-06-05 00:00 . 2004-08-10 14:00 146,432 --a------ C:\WINDOWS\R.COM
2008-06-05 00:00 . 2004-08-10 14:00 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-06-04 18:23 . 2008-06-05 08:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 18:23 . 2008-06-04 18:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 21:29 . 2008-06-03 21:29 2,304 --a------ C:\WINDOWS\SmartMapsSJEvropa.INI
2008-06-03 18:21 . 2008-06-03 18:21 <DIR> d-------- C:\Program Files\XviD
2008-06-03 18:18 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2008-06-03 18:17 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2008-06-03 18:17 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2008-06-03 18:17 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-06-03 18:17 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2008-06-03 18:17 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2008-06-03 18:16 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2008-06-03 18:16 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2008-06-03 18:16 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-06-03 18:16 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2008-06-03 18:16 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2008-06-03 18:15 . 2008-06-03 18:15 <DIR> d-------- C:\WINDOWS\system32\RMBin
2008-06-03 18:15 . 2008-06-03 18:18 <DIR> d-------- C:\Program Files\Plato Video Converter
2008-06-03 18:15 . 2001-08-23 03:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-03 18:15 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-06-03 18:15 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2008-06-03 18:15 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-03 18:15 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-06-03 18:15 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2008-06-03 18:15 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2008-06-03 18:15 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-06-01 03:12 . 2008-06-01 03:12 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-31 02:39 . 2008-05-31 02:39 0 --a------ C:\WINDOWS\BM4bfa3bfc.xml
2008-05-29 00:08 . 2008-05-29 00:08 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-05-28 11:30 . 2008-05-28 11:30 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\My Games
2008-05-28 03:13 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-05-28 03:13 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-05-28 02:17 . 2008-05-28 02:17 370,688 --a------ C:\WINDOWS\system32\efcBQife.dll
2008-05-28 02:13 . 2004-08-10 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-28 02:11 . 2008-05-28 02:11 57,344 --a------ C:\WINDOWS\system32\xxyayXoM.dll
2008-05-28 02:11 . 2008-05-28 02:12 57,344 --a------ C:\WINDOWS\system32\hgGyxVPI.dll
2008-05-27 23:40 . 2008-05-28 03:11 <DIR> d-------- C:\Program Files\Xilisoft
2008-05-26 23:31 . 2008-05-26 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-26 11:26 . 2008-05-26 11:26 <DIR> d-------- C:\WINDOWS\Big Island Blends
2008-05-26 10:57 . 2008-05-26 10:57 <DIR> d-------- C:\Documents and Settings\oem\Desktop burger
2008-05-26 10:36 . 2008-05-26 10:36 <DIR> d-------- C:\WINDOWS\Posh Boutique
2008-05-26 10:33 . 2008-05-26 10:33 <DIR> d-------- C:\WINDOWS\Fashion Solitaire
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Documents and Settings\oem\Application Data\Gamelab
2008-05-26 00:37 . 2008-05-26 00:37 <DIR> d-------- C:\Documents and Settings\oem\Application Data\Total Eclipse
2008-05-25 18:36 . 2008-05-25 18:36 <DIR> d-------- C:\Documents and Settings\oem\Application Data\My Games
2008-05-25 17:29 . 2008-05-25 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-05-25 15:55 . 2008-05-26 01:11 <DIR> d-------- C:\My Games
2008-05-25 15:54 . 2008-05-25 15:54 <DIR> d-------- C:\users
2008-05-25 15:52 . 2008-05-26 22:37 <DIR> d-------- C:\Program Files\RealArcade
2008-05-25 11:59 . 2008-05-25 11:59 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\vlc
2008-05-22 20:53 . 2008-05-22 20:53 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Shareaza
2008-05-21 12:41 . 2008-05-21 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Fotky
2008-05-21 12:32 . 2005-03-07 02:51 32,768 --a------ C:\Documents and Settings\Verunka\AcroRd32.exe
2008-05-21 11:33 . 2008-05-21 11:36 8,974 --a------ C:\WINDOWS\CI_SearchHistory.INI
2008-05-19 11:42 . 2008-06-05 06:40 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\OpenOffice.org2
2008-05-15 20:38 . 2008-06-05 22:23 <DIR> d-------- C:\Documents and Settings\oem\Application Data\uTorrent
2008-05-14 19:49 . 2008-05-14 20:10 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\uTorrent
2008-05-14 06:09 . 2008-05-14 06:09 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\ICQ Toolbar
2008-05-14 01:28 . 2008-05-14 02:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-05-14 01:28 . 2008-06-04 23:09 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-05-14 01:28 . 2008-05-14 01:28 32 --a------ C:\WINDOWS\go
2008-05-13 06:01 . 2008-05-13 06:01 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\ViquaSoft
2008-05-13 00:24 . 2008-05-13 00:24 <DIR> d-------- C:\Program Files\rajce
2008-05-08 23:50 . 2008-05-08 23:50 <DIR> d-------- C:\Documents and Settings\oem\Application Data\ViquaSoft
2008-05-08 07:25 . 2008-05-08 07:25 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Apple Computer
2008-05-08 06:31 . 2008-05-08 06:31 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Ahead
2008-05-06 20:47 . 2008-06-05 01:20 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-05-06 19:49 . 2008-06-04 06:21 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\MEGAUPLOADTOOLBAR
2008-05-06 18:38 . 2008-05-06 18:39 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-06 18:38 . 2008-06-01 02:41 <DIR> d-------- C:\Documents and Settings\oem\Application Data\MegauploadToolbar
2008-05-06 12:59 . 2008-05-06 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-06 11:36 . 2008-05-06 12:51 <DIR> d-------- C:\Program Files\Alice Greenfingers
2008-05-06 09:52 . 2008-05-06 09:52 <DIR> d-------- C:\Program Files\Safari
2008-05-06 09:52 . 2008-05-06 09:52 <DIR> d-------- C:\Program Files\Bonjour
2008-05-06 09:51 . 2008-05-06 09:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-06 09:51 . 2008-05-06 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 20:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:10 --------- d-----w C:\Program Files\GamesBar
2008-06-05 20:02 --------- d-----w C:\Documents and Settings\oem\Application Data\Spyware Terminator
2008-06-05 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-05 19:58 --------- d-----w C:\Program Files\WinClamAVShield
2008-06-05 06:46 --------- d-----w C:\Documents and Settings\oem\Application Data\OpenOffice.org2
2008-06-04 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Program Files\Zylom Games
2008-06-04 20:56 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-04 10:09 --------- d-----w C:\Program Files\IDOS
2008-06-03 09:52 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-03 05:24 6,397 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-31 23:36 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-28 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-28 01:35 --------- d-----w C:\Documents and Settings\oem\Application Data\dvdcss
2008-05-26 21:57 --------- d-----w C:\Documents and Settings\oem\Application Data\Azureus
2008-05-26 08:37 --------- d-----w C:\Documents and Settings\oem\Application Data\Zylom
2008-05-26 05:42 --------- d-----w C:\Program Files\Delicious Deluxe
2008-05-19 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-19 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 11:59 --------- d-----w C:\Program Files\BigPatience
2008-05-06 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-05-06 07:52 --------- d-----w C:\Documents and Settings\oem\Application Data\Apple Computer
2008-05-05 22:48 --------- d-----w C:\Program Files\Gamenext
2008-05-05 22:48 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-05-03 23:05 --------- d-----w C:\Documents and Settings\Verunka\Application Data\PlayFirst
2008-05-03 01:47 --------- d-----w C:\Documents and Settings\Verunka\Application Data\Spyware Terminator
2008-05-02 20:46 --------- d-----w C:\Program Files\MediaInfo
2008-05-02 19:49 --------- d-----w C:\Documents and Settings\Verunka\Application Data\Talkback
2008-05-02 19:42 --------- d-----w C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-05-02 19:42 --------- d-----w C:\Documents and Settings\Guest\Application Data\ATI
2008-05-02 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-02 16:30 --------- d-----w C:\Program Files\CCleaner
2008-05-02 16:29 --------- d-----w C:\Program Files\Yahoo!
2008-05-01 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 22:28 --------- d-----w C:\Documents and Settings\oem\Application Data\PlayFirst
2008-04-29 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-29 14:34 --------- d-----w C:\Program Files\Centauri
2008-04-28 23:22 --------- d--h--r C:\Documents and Settings\oem\Application Data\SecuROM
2008-04-28 20:35 --------- d-----w C:\Program Files\Windows Doctor
2008-04-28 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-04-27 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-04-27 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-25 01:47 --------- d-----w C:\Program Files\Pohadka
2008-04-24 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
2008-04-24 01:18 --------- d-----w C:\Program Files\Aspyr Media, Inc
2008-04-23 22:49 --------- d-----w C:\Program Files\Shareaza Applications
2008-04-23 22:49 --------- d-----w C:\Documents and Settings\oem\Application Data\Shareaza
2008-04-22 22:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-22 22:30 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys.12619903
2008-04-22 22:30 --------- d-----w C:\Documents and Settings\oem\Application Data\DAEMON Tools
2008-04-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-22 21:40 --------- d-----w C:\Documents and Settings\oem\Application Data\DAEMON Tools Pro
2008-04-21 22:45 --------- d-----w C:\Program Files\Sega
2008-04-20 21:23 --------- d-----w C:\Program Files\cake mania
2008-04-20 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-20 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-04-17 10:04 --------- d-----w C:\Documents and Settings\oem\Application Data\yoclient
2008-04-15 00:07 --------- d-----w C:\Documents and Settings\oem\Application Data\BearShare
2008-04-10 20:47 --------- d-----w C:\Program Files\ESET
2008-04-10 09:50 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-04-09 20:11 --------- d-----w C:\Documents and Settings\oem\Application Data\TVU Networks
2008-04-07 12:27 --------- d-----w C:\Program Files\Alawar
2008-03-16 22:32 87,608 ----a-w C:\Documents and Settings\oem\Application Data\inst.exe
2008-03-16 22:32 47,360 -c--a-w C:\Documents and Settings\oem\Application Data\pcouffin.sys
2007-11-19 18:18 22,328 -c--a-w C:\Documents and Settings\oem\Application Data\PnkBstrK.sys
2007-10-26 19:59 12 -c--a-w C:\Documents and Settings\oem\USERDATA.DAT
2006-05-21 02:16 370,176 ----a-w C:\Documents and Settings\oem\samp.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-10-22 01:08 80 --sh--r C:\WINDOWS\system32\0D0B51DE08.dll
.

------- Sigcheck -------

2006-03-06 17:04 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01021E06-18D0-45D8-97A9-AC9A24F73999}]
2008-05-28 02:17 370688 --a------ C:\WINDOWS\system32\efcBQife.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 12:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2007-12-23 12:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8955f"="C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe" [2006-10-15 18:45 1431242]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"uTorrent"="E:\uTorrent\uTorrent.exe" [2008-05-15 21:14 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"8955f"="C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe" [2006-10-15 18:45 1431242]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 18:50 949376]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 14:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\Verunka\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-09-28 20:47:52 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-03-06 14:42:52 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.CDVC"= cdvccodc.dll
"vids.CDVC"= cdvccodc.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 20:12 3142236 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-12 23:47 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"E:\\emule\\emule.exe"=
"E:\\dc++\\CZDC.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"=
"C:\\Program Files\\Rockstar Games\\GTA San Andreas\\gta_sa.exe"=
"C:\\Program Files\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Screamer Radio\\screamer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27074:TCP"= 27074:TCP:BitComet 27074 TCP
"27074:UDP"= 27074:UDP:BitComet 27074 UDP
"22103:TCP"= 22103:TCP:BitComet 22103 TCP
"22103:UDP"= 22103:UDP:BitComet 22103 UDP

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-01 01:36]
R2 mp3m2pls;mp3m2pls;C:\WINDOWS\system32\drivers\mp3m2pls.sys [2003-12-07 00:50]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-10 14:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 12:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:21:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_9028.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\msxun8er2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-05 22:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 20:30:03

Pre-Run: 14,538,547,200 bytes free
Post-Run: 14,973,480,960 bytes free

322 --- E O F --- 2008-05-03 02:58:47

[fredik]

Doporučil bych ti odinstalovat přes Přidat nebo odebrat programy:
Shareaza MediaBar

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\BM4bfa3bfc.xml
C:\WINDOWS\system32\efcBQife.dll
C:\WINDOWS\system32\xxyayXoM.dll
C:\WINDOWS\system32\hgGyxVPI.dll
C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe

FileLook::
C:\WINDOWS\system32\beep.sys

DirLook::
C:\Program Files\8955f426ff9-xxx

Suspect::
C:\WINDOWS\system32\msxun8er2.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01021E06-18D0-45D8-97A9-AC9A24F73999}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8955f"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8955f"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.

[Nero]

Pokračuju ve Tvých radách


ComboFix 08-06-05.3 - oem 2008-06-06 21:29:40.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.586 [GMT 2:00]
Running from: C:\Documents and Settings\oem\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\oem\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe
C:\WINDOWS\BM4bfa3bfc.xml
C:\WINDOWS\system32\efcBQife.dll
C:\WINDOWS\system32\hgGyxVPI.dll
C:\WINDOWS\system32\xxyayXoM.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\oem\Application Data\inst.exe
C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe
C:\WINDOWS\BM4bfa3bfc.xml

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-06-05 00:06 . 2008-06-05 00:06 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-06-05 00:01 . 2008-06-05 00:06 50 --a------ C:\WINDOWS\Lic.xxx
2008-06-05 00:00 . 2004-08-10 14:00 146,432 --a------ C:\WINDOWS\R.COM
2008-06-05 00:00 . 2004-08-10 14:00 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-06-04 18:23 . 2008-06-05 08:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 18:23 . 2008-06-04 18:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 21:29 . 2008-06-03 21:29 2,304 --a------ C:\WINDOWS\SmartMapsSJEvropa.INI
2008-06-03 18:21 . 2008-06-03 18:21 <DIR> d-------- C:\Program Files\XviD
2008-06-03 18:18 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2008-06-03 18:17 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2008-06-03 18:17 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2008-06-03 18:17 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-06-03 18:17 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2008-06-03 18:17 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2008-06-03 18:16 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2008-06-03 18:16 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2008-06-03 18:16 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-06-03 18:16 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2008-06-03 18:16 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2008-06-03 18:15 . 2008-06-03 18:15 <DIR> d-------- C:\WINDOWS\system32\RMBin
2008-06-03 18:15 . 2008-06-03 18:18 <DIR> d-------- C:\Program Files\Plato Video Converter
2008-06-03 18:15 . 2001-08-23 03:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-03 18:15 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-06-03 18:15 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2008-06-03 18:15 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-03 18:15 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-06-03 18:15 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2008-06-03 18:15 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2008-06-03 18:15 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-06-01 03:12 . 2008-06-01 03:12 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-29 00:08 . 2008-05-29 00:08 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-05-28 11:30 . 2008-05-28 11:30 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\My Games
2008-05-28 03:13 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-05-28 03:13 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-05-28 02:13 . 2004-08-10 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-27 23:40 . 2008-05-28 03:11 <DIR> d-------- C:\Program Files\Xilisoft
2008-05-26 23:31 . 2008-05-26 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-26 11:26 . 2008-05-26 11:26 <DIR> d-------- C:\WINDOWS\Big Island Blends
2008-05-26 10:57 . 2008-05-26 10:57 <DIR> d-------- C:\Documents and Settings\oem\Desktop burger
2008-05-26 10:36 . 2008-05-26 10:36 <DIR> d-------- C:\WINDOWS\Posh Boutique
2008-05-26 10:33 . 2008-05-26 10:33 <DIR> d-------- C:\WINDOWS\Fashion Solitaire
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Documents and Settings\oem\Application Data\Gamelab
2008-05-26 00:37 . 2008-05-26 00:37 <DIR> d-------- C:\Documents and Settings\oem\Application Data\Total Eclipse
2008-05-25 18:36 . 2008-05-25 18:36 <DIR> d-------- C:\Documents and Settings\oem\Application Data\My Games
2008-05-25 17:29 . 2008-05-25 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-05-25 15:55 . 2008-05-26 01:11 <DIR> d-------- C:\My Games
2008-05-25 15:54 . 2008-05-25 15:54 <DIR> d-------- C:\users
2008-05-25 15:52 . 2008-05-26 22:37 <DIR> d-------- C:\Program Files\RealArcade
2008-05-25 11:59 . 2008-05-25 11:59 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\vlc
2008-05-22 20:53 . 2008-05-22 20:53 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Shareaza
2008-05-21 12:41 . 2008-05-21 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Fotky
2008-05-21 12:32 . 2005-03-07 02:51 32,768 --a------ C:\Documents and Settings\Verunka\AcroRd32.exe
2008-05-21 11:33 . 2008-05-21 11:36 8,974 --a------ C:\WINDOWS\CI_SearchHistory.INI
2008-05-19 11:42 . 2008-06-06 14:38 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\OpenOffice.org2
2008-05-15 20:38 . 2008-06-06 00:59 <DIR> d-------- C:\Documents and Settings\oem\Application Data\uTorrent
2008-05-14 19:49 . 2008-05-14 20:10 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\uTorrent
2008-05-14 06:09 . 2008-05-14 06:09 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\ICQ Toolbar
2008-05-14 01:28 . 2008-05-14 02:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-05-14 01:28 . 2008-06-04 23:09 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-05-14 01:28 . 2008-05-14 01:28 32 --a------ C:\WINDOWS\go
2008-05-13 06:01 . 2008-05-13 06:01 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\ViquaSoft
2008-05-13 00:24 . 2008-05-13 00:24 <DIR> d-------- C:\Program Files\rajce
2008-05-08 23:50 . 2008-05-08 23:50 <DIR> d-------- C:\Documents and Settings\oem\Application Data\ViquaSoft
2008-05-08 07:25 . 2008-05-08 07:25 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Apple Computer
2008-05-08 06:31 . 2008-05-08 06:31 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\Ahead
2008-05-06 20:47 . 2008-06-05 01:20 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-05-06 19:49 . 2008-06-04 06:21 <DIR> d-------- C:\Documents and Settings\Verunka\Application Data\MEGAUPLOADTOOLBAR
2008-05-06 18:38 . 2008-05-06 18:39 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-06 18:38 . 2008-06-01 02:41 <DIR> d-------- C:\Documents and Settings\oem\Application Data\MegauploadToolbar
2008-05-06 12:59 . 2008-05-06 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-06 11:36 . 2008-05-06 12:51 <DIR> d-------- C:\Program Files\Alice Greenfingers
2008-05-06 09:52 . 2008-05-06 09:52 <DIR> d-------- C:\Program Files\Safari
2008-05-06 09:52 . 2008-05-06 09:52 <DIR> d-------- C:\Program Files\Bonjour
2008-05-06 09:51 . 2008-05-06 09:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-06 09:51 . 2008-05-06 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 19:30 --------- d--h--w C:\Program Files\8955f426ff9-xxx
2008-06-06 19:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-06-06 16:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:45 --------- d-----w C:\Program Files\WinClamAVShield
2008-06-05 20:45 --------- d-----w C:\Documents and Settings\oem\Application Data\Spyware Terminator
2008-06-05 20:10 --------- d-----w C:\Program Files\GamesBar
2008-06-05 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-05 06:46 --------- d-----w C:\Documents and Settings\oem\Application Data\OpenOffice.org2
2008-06-04 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:49 --------- d-----w C:\Program Files\Zylom Games
2008-06-04 20:56 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-04 10:09 --------- d-----w C:\Program Files\IDOS
2008-06-03 09:52 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-03 05:24 6,397 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-31 23:36 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-28 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-28 01:35 --------- d-----w C:\Documents and Settings\oem\Application Data\dvdcss
2008-05-26 21:57 --------- d-----w C:\Documents and Settings\oem\Application Data\Azureus
2008-05-26 08:37 --------- d-----w C:\Documents and Settings\oem\Application Data\Zylom
2008-05-26 05:42 --------- d-----w C:\Program Files\Delicious Deluxe
2008-05-19 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-19 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 11:59 --------- d-----w C:\Program Files\BigPatience
2008-05-06 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-05-06 07:52 --------- d-----w C:\Documents and Settings\oem\Application Data\Apple Computer
2008-05-05 22:48 --------- d-----w C:\Program Files\Gamenext
2008-05-05 22:48 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-05-03 23:05 --------- d-----w C:\Documents and Settings\Verunka\Application Data\PlayFirst
2008-05-03 01:47 --------- d-----w C:\Documents and Settings\Verunka\Application Data\Spyware Terminator
2008-05-02 20:46 --------- d-----w C:\Program Files\MediaInfo
2008-05-02 19:49 --------- d-----w C:\Documents and Settings\Verunka\Application Data\Talkback
2008-05-02 19:42 --------- d-----w C:\Documents and Settings\Guest\Application Data\Spyware Terminator
2008-05-02 19:42 --------- d-----w C:\Documents and Settings\Guest\Application Data\ATI
2008-05-02 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-02 16:30 --------- d-----w C:\Program Files\CCleaner
2008-05-02 16:29 --------- d-----w C:\Program Files\Yahoo!
2008-05-01 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 22:28 --------- d-----w C:\Documents and Settings\oem\Application Data\PlayFirst
2008-04-29 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-29 14:34 --------- d-----w C:\Program Files\Centauri
2008-04-28 23:22 --------- d--h--r C:\Documents and Settings\oem\Application Data\SecuROM
2008-04-28 20:35 --------- d-----w C:\Program Files\Windows Doctor
2008-04-28 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-04-27 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-04-27 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-25 01:47 --------- d-----w C:\Program Files\Pohadka
2008-04-24 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
2008-04-24 01:18 --------- d-----w C:\Program Files\Aspyr Media, Inc
2008-04-23 22:49 --------- d-----w C:\Documents and Settings\oem\Application Data\Shareaza
2008-04-22 22:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-22 22:30 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys.12619903
2008-04-22 22:30 --------- d-----w C:\Documents and Settings\oem\Application Data\DAEMON Tools
2008-04-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-22 21:40 --------- d-----w C:\Documents and Settings\oem\Application Data\DAEMON Tools Pro
2008-04-21 22:45 --------- d-----w C:\Program Files\Sega
2008-04-20 21:23 --------- d-----w C:\Program Files\cake mania
2008-04-20 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-20 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-04-19 19:37 745,984 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-04-19 19:37 56,320 ----a-w C:\WINDOWS\system32\iyvu9_32.dll
2008-04-17 10:04 --------- d-----w C:\Documents and Settings\oem\Application Data\yoclient
2008-04-15 00:07 --------- d-----w C:\Documents and Settings\oem\Application Data\BearShare
2008-04-10 20:47 --------- d-----w C:\Program Files\ESET
2008-04-10 09:50 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-04-09 20:11 --------- d-----w C:\Documents and Settings\oem\Application Data\TVU Networks
2008-04-07 12:27 --------- d-----w C:\Program Files\Alawar
2008-04-04 16:51 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 22:32 47,360 -c--a-w C:\Documents and Settings\oem\Application Data\pcouffin.sys
2007-11-19 18:18 22,328 -c--a-w C:\Documents and Settings\oem\Application Data\PnkBstrK.sys
2007-10-26 19:59 12 -c--a-w C:\Documents and Settings\oem\USERDATA.DAT
2006-05-21 02:16 370,176 ----a-w C:\Documents and Settings\oem\samp.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-10-22 01:08 80 --sh--r C:\WINDOWS\system32\0D0B51DE08.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- C:\WINDOWS\system32\beep.sys ----
Company: Microsoft Corporation
File Description: BEEP Driver
File Version: 5.1.2600.0 (XPClient.010817-1148)
Product Name: MicrosoftR WindowsR Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: beep.sys
MD5: da1f27d85e0d1525f6621372e7b685e9

---- Directory of C:\Program Files\8955f426ff9-xxx ----

2008-06-06 21:29 300798 --a------ C:\Program Files\8955f426ff9-xxx\Log\Text\aiotxt.dat
2008-06-06 21:29 139940118 --a------ C:\Program Files\8955f426ff9-xxx\Log\Visual\06062008.dat
2008-06-06 13:57 28563 --a------ C:\Program Files\8955f426ff9-xxx\Log\Text\aioweb.dat
2008-06-06 00:00 44372533 --a------ C:\Program Files\8955f426ff9-xxx\Log\Visual\06052008.dat
2008-06-04 08:07 18095453 --a------ C:\Program Files\8955f426ff9-xxx\Log\Visual\06042008.dat
2008-02-26 18:45 9416 --a------ C:\Program Files\8955f426ff9-xxx\unins000.dat
2008-02-26 18:44 685056 --a------ C:\Program Files\8955f426ff9-xxx\unins000.exe
2006-10-15 18:45 1431242 --a------ C:\Program Files\8955f426ff9-xxx\ayzbqpa.exe


------- Sigcheck -------

2006-03-06 17:04 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_22.29.08.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 20:18:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 16:56:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-02-27 11:21:51 11,221 -c--a-w C:\WINDOWS\system32\msw-nfo6e.dll
+ 2006-07-11 07:40:25 11,221 -c--a-w C:\WINDOWS\system32\msw-nfo6e.dll
- 2007-04-03 20:21:25 118,784 ----a-w C:\WINDOWS\system32\msxun8er2.dll
+ 2006-12-01 16:58:29 118,784 ----a-w C:\WINDOWS\system32\msxun8er2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 18:50 949376]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-01 01:36 1817600]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-10 14:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\Verunka\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-09-28 20:47:52 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-03-06 14:42:52 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.CDVC"= cdvccodc.dll
"vids.CDVC"= cdvccodc.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 20:12 3142236 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-12 23:47 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEBTRAN]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"E:\\emule\\emule.exe"=
"E:\\dc++\\CZDC.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"=
"C:\\Program Files\\Rockstar Games\\GTA San Andreas\\gta_sa.exe"=
"C:\\Program Files\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Screamer Radio\\screamer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27074:TCP"= 27074:TCP:BitComet 27074 TCP
"27074:UDP"= 27074:UDP:BitComet 27074 UDP
"22103:TCP"= 22103:TCP:BitComet 22103 TCP
"22103:UDP"= 22103:UDP:BitComet 22103 UDP

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-01 01:36]
R2 mp3m2pls;mp3m2pls;C:\WINDOWS\system32\drivers\mp3m2pls.sys [2003-12-07 00:50]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-10 14:00]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 12:19:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 21:35:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_9028.dll
.
Completion time: 2008-06-06 21:38:44
ComboFix-quarantined-files.txt 2008-06-06 19:38:33
ComboFix2.txt 2008-06-05 20:30:17

Pre-Run: 14,750,371,840 bytes free
Post-Run: 14,737,240,064 bytes free

315 --- E O F --- 2008-05-03 02:58:47

//díky z nahráni souboru
fredik

[fredik]

Zkus ještě otestovat tento soubor na VirusTotal a vlož sem pak výsledek.
C:\WINDOWS\system32\0D0B51DE08.dll (přímo zkopíruj cestu do okna)

Pokud používáš Xfire, tak bych ti doporučil ho přeinstalovat (odinstalovat a nainstalovat znovu). Pokud ne tak řekni.

Dej sem pak ještě nový log z HJT.

[Nero]

Ahoj, Xfire nepoužívám. PC šlape o dost lépe.Problém s prohlížeči už nemám.
Posílám výpis z VirusTotal:

Soubor 0D0B51DE08.dll přijatý 2008.06.08 21:49:20 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/32 (0%)


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.55 2008.06.06 -
Authentium 5.1.0.4 2008.06.08 -
Avast 4.8.1195.0 2008.06.08 -
AVG 7.5.0.516 2008.06.07 -
BitDefender 7.2 2008.06.08 -
CAT-QuickHeal 9.50 2008.06.07 -
ClamAV 0.92.1 2008.06.08 -
DrWeb 4.44.0.09170 2008.06.08 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5855 2008.06.06 -
Ewido 4.0 2008.06.08 -
F-Prot 4.4.4.56 2008.06.08 -
F-Secure 6.70.13260.0 2008.06.08 -
Fortinet 3.14.0.0 2008.06.08 -
GData 2.0.7306.1023 2008.06.08 -
Ikarus T3.1.1.26.0 2008.06.08 -
Kaspersky 7.0.0.125 2008.06.08 -
McAfee 5312 2008.06.06 -
Microsoft 1.3604 2008.06.08 -
NOD32v2 3165 2008.06.06 -
Norman 5.80.02 2008.06.06 -
Panda 9.0.0.4 2008.06.08 -
Prevx1 V2 2008.06.08 -
Rising 20.47.42.00 2008.06.06 -
Sophos 4.30.0 2008.06.08 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.08 -
TheHacker 6.2.92.339 2008.06.07 -
VBA32 3.12.6.7 2008.06.08 -
VirusBuster 4.3.26:9 2008.06.08 -
Webwasher-Gateway 6.6.2 2008.06.08 -
Rozšiřující informace
File size: 80 bytes
MD5...: ef72f91c7c92244a43c674ad770d9825
SHA1..: 4084d2b87290bbc26a9c96833d82ae7b43e20cee
SHA256: cd55cdb46aebe0df6bb4cce762e5b0e832a754c27c771f8efcf4ad3baa919c10
SHA512: 74540c0c33b9b6d4df9b96e75a201f9c50e723f47d5fcce5c807efda146c4be9
42a9a3f8d05cdf83bb3085e1266f5d412452984c4cef51facd3859d0610fe8e6
PEiD..: -
PEInfo: -



Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:11:00, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Documents and Settings\oem\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http:+/dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.16.20.140:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [uTorrent] "E:\uTorrent\uTorrent.exe"
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download with &Shareaza - res://E:\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online/online2/be ... der_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[fredik]

Promiň za delší prodlevu v reakci na poslední příspěvek.

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online/online2/be ... der_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
po zaškrtnutí klikni na tlačítko Fix Checked

Stáhni si pak aktuální verzi HJT zde a tu starou před použitím vymaž, a vlož sem pak log z aktuální verze.

[Nero]

Promiň za delší prodlevu v reakci na poslední příspěvek.

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online/online2/be ... der_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
po zaškrtnutí klikni na tlačítko Fix Checked

Stáhni si pak aktuální verzi HJT zde a tu starou před použitím vymaž, a vlož sem pak log z aktuální verze.

Ahoj,dávám sem další log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:26, on 13.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http:+/dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.16.20.140:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-776561741-1958367476-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Verunka')
O4 - HKUS\S-1-5-21-776561741-1958367476-725345543-1005\..\Run: [48c90860] rundll32.exe "C:\WINDOWS\system32\xfrdqscj.dll",b (User 'Verunka')
O4 - HKUS\S-1-5-21-776561741-1958367476-725345543-1005\..\Run: [BM4bfa3bfc] Rundll32.exe "C:\DOCUME~1\Verunka\LOCALS~1\Temp\aoxtvnac.dll",s (User 'Verunka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-776561741-1958367476-725345543-1005 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Verunka')
O4 - S-1-5-21-776561741-1958367476-725345543-1005 User Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Verunka')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download with &Shareaza - res://E:\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10057 bytes