Prosím o kontrolu logu

[vurx]

Prosím o kontrolu logu mám vytížení procesoru na 100% pravděpodobně to dělá services.exe, pokoušel jsem se ho povypínat v registrech, ale stále se vrací.

děkuji za odpověď


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:42, on 26.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Milánek\Nabídka Start\Programy\Po spuštění\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Milánek\svchost.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Milánek\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: userinit.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB0F46-A856-4E7C-B927-E525411AA33F}: NameServer = 10.254.254.254,10.254.254.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2BDDE84-EF94-4FF3-862B-0BFA51C67AD9}: NameServer = 10.254.254.254,1.1.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Plánovač úloh (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

--
End of file - 6258 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT

[vurx]

Děkuji za pomoc žřejmě to vyšlo


SDFix: Version 1.197
Run by Administrator on źt 26.06.2008 at 13:02

Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\LocalService\svchost.exe - Deleted
C:\Documents and Settings\Administrator\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\services.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 13:05:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:17fbb13c
"s2"=dword:d5f34c2b
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:bd,3b,f8,60,16,db,43,e4,a2,33,3f,b9,1d,0a,38,41,75,42,27,12,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,95,12,5e,bc,20,08,a7,e5,91,f2,ab,74,44,ad,79,98,8f,4b,39,e1,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d7,06,c8,5b,0d,9b,de,f4,23,af,36,62,89,45,f7,e5,89,..
"khjeh"=hex:24,0a,97,c9,44,79,25,df,a1,3b,a8,05,99,fc,e4,3a,b1,44,17,ab,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c1,f6,18,51,06,d2,45,d6,4d,2c,2a,25,16,1b,3a,42,5c,a4,8f,87,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:bd,3b,f8,60,16,db,43,e4,a2,33,3f,b9,1d,0a,38,41,75,42,27,12,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,95,12,5e,bc,20,08,a7,e5,91,f2,ab,74,44,ad,79,98,8f,4b,39,e1,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d7,06,c8,5b,0d,9b,de,f4,23,af,36,62,89,45,f7,e5,89,..
"khjeh"=hex:24,0a,97,c9,44,79,25,df,a1,3b,a8,05,99,fc,e4,3a,b1,44,17,ab,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c1,f6,18,51,06,d2,45,d6,4d,2c,2a,25,16,1b,3a,42,5c,a4,8f,87,3f,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000004f

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Documents and Settings\\Mil nek\\Local Settings\\Temp\\eqqK.exe"="C:\\Documents and Settings\\Mil nek\\Local Settings\\Temp\\eqqK.exe:*:Enabled:sys"
"C:\\WINDOWS\\system32\\drivers\\services.exe"="C:\\WINDOWS\\system32\\drivers\\services.exe:*:Enabled:sys"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:41, on 26.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: userinit.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB0F46-A856-4E7C-B927-E525411AA33F}: NameServer = 10.254.254.254,10.254.254.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2BDDE84-EF94-4FF3-862B-0BFA51C67AD9}: NameServer = 10.254.254.254,1.1.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Plánovač úloh (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

--
End of file - 6588 bytes

[vurx]

Tak jsem se radoval předčasně po restartu je to zpět

[fredik]

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - Startup: userinit.exe
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Před použitím ComboFix udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)

- zavři program
Restartuj PC.

#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[vurx]

Tak po vypnutí residentu se mi tam objevil ještě nějaký Antivirus 2008 a cosi skenoval.

Tady je požadovaný log:
ComboFix 08-06-20.4 - Milánek 2008-06-27 11:21:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1625 [GMT 2:00]
Running from: C:\Documents and Settings\Milánek\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\userinit.exe
C:\Documents and Settings\Milánek\Nabídka Start\Programy\Po spuštění\userinit.exe
C:\Documents and Settings\Milánek\svchost.exe
C:\WINDOWS\system32\drivers\services.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 11:15 . 2008-06-27 11:15 <DIR> d-------- C:\Program Files\rhcr1vj0enfe
2008-06-27 11:15 . 2008-06-27 11:24 94,208 --a------ C:\WINDOWS\system32\pphcv1vj0enfe.exe
2008-06-27 11:15 . 2008-06-27 11:24 60,928 --a------ C:\WINDOWS\system32\blphcv1vj0enfe.scr
2008-06-27 11:14 . 2008-06-27 11:14 109,056 --a------ C:\WINDOWS\system32\lphcv1vj0enfe.exe
2008-06-27 11:14 . 2008-06-27 11:24 90,838 --a------ C:\WINDOWS\system32\phcv1vj0enfe.bmp
2008-06-26 15:06 . 2008-06-26 15:06 <DIR> d-------- C:\Program Files\TechnoTrend
2008-06-26 15:03 . 2008-06-26 15:03 <DIR> d-------- C:\Program Files\MFC8.0 Runtime
2008-06-26 14:48 . 2008-06-26 14:49 <DIR> d-------- C:\WINDOWS\system32\Codec
2008-06-26 13:36 . 2008-06-26 13:36 4,170 --a------ C:\Documents and Settings\LocalService\mpr2.dat
2008-06-26 13:00 . 2008-06-26 13:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-26 12:57 . 2008-06-26 13:47 <DIR> d-------- C:\SDFix
2008-06-26 12:47 . 2008-06-26 12:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-26 10:07 . 2008-06-26 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 09:06 . 2008-01-24 13:04 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-06-26 09:06 . 2008-06-27 11:24 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-06-26 09:06 . 2008-06-26 13:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-25 20:06 . 2008-06-25 21:03 <DIR> d-------- C:\Program Files\ProgDVB
2008-06-25 19:19 . 2008-06-26 14:34 <DIR> d-------- C:\Program Files\DVBViewer
2008-06-25 14:06 . 2008-06-25 14:06 <DIR> d-------- C:\dvbapp
2008-06-25 13:44 . 2008-06-25 17:01 34 --a------ C:\ProgDVB.ini
2008-06-25 11:23 . 2008-06-25 19:26 <DIR> d-------- C:\AltDVB
2008-06-23 18:13 . 2008-06-23 18:13 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-23 15:12 . 2008-06-23 15:12 5,632 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-19 18:33 . 2008-06-19 19:13 <DIR> d-------- C:\Program Files\VAG-COM
2008-06-16 20:45 . 2008-05-08 15:54 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-15 14:11 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-15 14:11 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-15 14:11 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-15 14:11 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-15 14:11 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-15 14:11 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-15 14:11 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-15 14:11 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-13 15:21 . 2008-06-13 15:21 <DIR> d-------- C:\Program Files\FENG3
2008-06-13 15:10 . 2008-06-19 18:02 0 --ah----- C:\WINDOWS\msds.dat
2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\WinPic800
2008-06-13 15:08 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-06-13 14:28 . 2007-11-20 18:35 49,792 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-30 16:00 . 2008-06-13 15:21 <DIR> d-------- C:\Idownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 11:55 --------- d-----w C:\Program Files\Azureus
2008-06-23 16:10 --------- d-----w C:\Program Files\Electronic Arts
2008-05-14 12:43 6,550,560 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-13 11:32 --------- d-----w C:\Program Files\Protector Suite QL
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\LocalService\ms_tcp.dll
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\Administrator\ms_tcp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"[system]"="C:\WINDOWS\system32\drivers\services.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 12:48 569344]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 18:51 951856]
"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 19:55 190000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-14 14:43 13533184]
"nwiz"="nwiz.exe" [2008-05-14 14:43 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-14 14:43 86016]
"[system]"="C:\WINDOWS\system32\drivers\services.exe" [ ]
"lphcv1vj0enfe"="C:\WINDOWS\system32\lphcv1vj0enfe.exe" [2008-06-27 11:14 109056]
"SMrhcr1vj0enfe"="C:\Program Files\rhcr1vj0enfe\rhcr1vj0enfe.exe" [2008-06-25 22:31 1214976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 20:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Milánek^Nabídka Start^Programy^Po spuštění^userinit.exe]
path=C:\Documents and Settings\Milánek\Nabídka Start\Programy\Po spuštění\userinit.exe
backup=C:\WINDOWS\pss\userinit.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 12:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-17 14:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Documents and Settings\Milánek\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-12-06 19:37 69216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\Documents and Settings\Milánek\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[system]]
C:\WINDOWS\system32\drivers\services.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 13:13]
R3 portio;WinPic800 IO Drivers;C:\WINDOWS\system32\DRIVERS\WP800IO.sys [2007-08-26 10:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys [2007-07-25 17:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cbc31a0-d64d-11dc-9a9d-001de00bf045}]
\Shell\AutoRun\command - F:\TrueCrypt\TrueCrypt.exe /q background /lQ /e /m rm /v "adata.dat"
\Shell\dismount\command - F:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\start\command - F:\TrueCrypt\TrueCrypt.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 11:24:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\pphcv1vj0enfe.exe
.
**************************************************************************
.
Completion time: 2008-06-27 11:26:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 09:26:44

Adresářů: 15, Volných bajtů: 28,597,538,816
Adres ý…: 19, Volněch bajt…: 28,605,464,576

205

[vurx]

Dle rady ostatním zoufalím přikládám další log

Malwarebytes' Anti-Malware 1.18
Database version: 895

12:12:25 27.6.2008
mbam-log-6-27-2008 (12-12-19).txt

Scan type: Quick Scan
Objects scanned: 42549
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\WINDOWS\system32\pphcv1vj0enfe.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
C:\Program Files\rhcr1vj0enfe\rhcr1vj0enfeSkin.Dll (Rogue.AntivirusXP2008) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\rhcr1vj0enfe\rhcr1vj0enfeSkin.Dll (Rogue.AntivirusXP2008) -> No action taken.
C:\WINDOWS\system32\pphcv1vj0enfe.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Milánek\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Milánek\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.

[fredik]

Otestuj jeden z těchto dvou souborů na VirusTotal
C:\Documents and Settings\LocalService\ms_tcp.dll
C:\Documents and Settings\Administrator\ms_tcp.dll
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\system32\pphcv1vj0enfe.exe
C:\WINDOWS\system32\blphcv1vj0enfe.scr
C:\WINDOWS\system32\lphcv1vj0enfe.exe
C:\WINDOWS\system32\phcv1vj0enfe.bmp
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk
C:\Documents and Settings\Milánek\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Milánek\Local Settings\Temp\.tt4.tmp

Folder::
C:\Program Files\rhcr1vj0enfe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"[system]"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"[system]"=-
"lphcv1vj0enfe"=-
"SMrhcr1vj0enfe"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Milánek^Nabídka Start^Programy^Po spuštění^userinit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[system]]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=-
"NoDispBackgroundPage"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix (Pc se ti pak restartuje tak se nelekni)
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[vurx]

Výsledek ve VirusTotal


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.27 TR/Spy.Gen
Authentium 5.1.0.4 2008.06.27 -
Avast 4.8.1195.0 2008.06.27 -
AVG 7.5.0.516 2008.06.27 -
BitDefender 7.2 2008.06.27 -
CAT-QuickHeal 9.50 2008.06.26 -
ClamAV 0.93.1 2008.06.27 -
DrWeb 4.44.0.09170 2008.06.27 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 W32/Virtumonde.Q.gen!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.27 -
GData 2.0.7306.1023 2008.06.27 -
Ikarus T3.1.1.26.0 2008.06.27 Trojan-Spy
Kaspersky 7.0.0.125 2008.06.27 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.27 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.26 -
Panda 9.0.0.4 2008.06.26 -
Prevx1 V2 2008.06.27 -
Rising 20.50.42.00 2008.06.27 -
Sophos 4.30.0 2008.06.27 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.27 -
TheHacker 6.2.96.362 2008.06.27 -
TrendMicro 8.700.0.1004 2008.06.27 PAK_Generic.001
VBA32 3.12.6.8 2008.06.27 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.27 Trojan.Spy.Gen
Rozšiřující informace

[vurx]

tak asi úspěch

logy:
ComboFix 08-06-20.4 - Milánek 2008-06-27 20:23:53.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1692 [GMT 2:00]
Running from: C:\Documents and Settings\Milánek\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Milánek\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk
C:\Documents and Settings\Milánek\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Milánek\Local Settings\Temp\.tt4.tmp
C:\WINDOWS\system32\blphcv1vj0enfe.scr
C:\WINDOWS\system32\lphcv1vj0enfe.exe
C:\WINDOWS\system32\phcv1vj0enfe.bmp
C:\WINDOWS\system32\pphcv1vj0enfe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\blphcv1vj0enfe.scr
C:\WINDOWS\system32\lphcv1vj0enfe.exe
C:\WINDOWS\system32\phcv1vj0enfe.bmp

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 14:48 . 2008-06-27 15:00 <DIR> d-------- C:\!KillBox
2008-06-27 12:08 . 2008-06-27 12:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 12:08 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 12:08 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:06 . 2008-06-26 15:06 <DIR> d-------- C:\Program Files\TechnoTrend
2008-06-26 15:03 . 2008-06-26 15:03 <DIR> d-------- C:\Program Files\MFC8.0 Runtime
2008-06-26 14:48 . 2008-06-26 14:49 <DIR> d-------- C:\WINDOWS\system32\Codec
2008-06-26 13:36 . 2008-06-26 13:36 4,170 --a------ C:\Documents and Settings\LocalService\mpr2.dat
2008-06-26 13:00 . 2008-06-26 13:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-26 12:57 . 2008-06-27 12:04 <DIR> d-------- C:\SDFix
2008-06-26 12:47 . 2008-06-26 12:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-26 10:07 . 2008-06-26 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 09:06 . 2008-01-24 13:04 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-06-26 09:06 . 2008-06-27 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-06-26 09:06 . 2008-06-26 13:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-25 20:06 . 2008-06-25 21:03 <DIR> d-------- C:\Program Files\ProgDVB
2008-06-25 19:19 . 2008-06-26 14:34 <DIR> d-------- C:\Program Files\DVBViewer
2008-06-25 14:06 . 2008-06-25 14:06 <DIR> d-------- C:\dvbapp
2008-06-25 13:44 . 2008-06-25 17:01 34 --a------ C:\ProgDVB.ini
2008-06-25 11:23 . 2008-06-25 19:26 <DIR> d-------- C:\AltDVB
2008-06-23 18:13 . 2008-06-23 18:13 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-23 15:12 . 2008-06-23 15:12 5,632 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-19 18:33 . 2008-06-19 19:13 <DIR> d-------- C:\Program Files\VAG-COM
2008-06-16 20:45 . 2008-05-08 15:54 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-15 14:11 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-15 14:11 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-15 14:11 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-15 14:11 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-15 14:11 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-15 14:11 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-15 14:11 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-15 14:11 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-13 15:21 . 2008-06-13 15:21 <DIR> d-------- C:\Program Files\FENG3
2008-06-13 15:10 . 2008-06-19 18:02 0 --ah----- C:\WINDOWS\msds.dat
2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\WinPic800
2008-06-13 15:08 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-06-13 14:28 . 2007-11-20 18:35 49,792 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-30 16:00 . 2008-06-13 15:21 <DIR> d-------- C:\Idownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 11:55 --------- d-----w C:\Program Files\Azureus
2008-06-23 16:10 --------- d-----w C:\Program Files\Electronic Arts
2008-05-14 12:43 6,550,560 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-13 11:32 --------- d-----w C:\Program Files\Protector Suite QL
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\LocalService\ms_tcp.dll
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\Administrator\ms_tcp.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_11.26.36.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 09:23:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 18:26:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-26 11:40:27 520,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-27 09:57:12 520,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-06-26 11:40:27 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-27 09:57:12 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2008-06-27 09:19:16 73,614 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-06-27 18:17:32 73,614 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-06-27 09:19:16 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-27 18:17:32 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-27 09:19:16 398,984 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-06-27 18:17:32 398,984 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-06-27 09:19:16 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-27 18:17:32 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-27 18:26:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_68c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 12:48 569344]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 18:51 951856]
"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 19:55 190000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-14 14:43 13533184]
"nwiz"="nwiz.exe" [2008-05-14 14:43 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-14 14:43 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 20:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 12:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-17 14:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv1vj0enfe]
C:\WINDOWS\system32\lphcv1vj0enfe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-12-06 19:37 69216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr1vj0enfe]
C:\Program Files\rhcr1vj0enfe\rhcr1vj0enfe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 13:13]
R3 portio;WinPic800 IO Drivers;C:\WINDOWS\system32\DRIVERS\WP800IO.sys [2007-08-26 10:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys [2007-07-25 17:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cbc31a0-d64d-11dc-9a9d-001de00bf045}]
\Shell\AutoRun\command - F:\TrueCrypt\TrueCrypt.exe /q background /lQ /e /m rm /v "adata.dat"
\Shell\dismount\command - F:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\start\command - F:\TrueCrypt\TrueCrypt.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 20:26:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
.
**************************************************************************
.
Completion time: 2008-06-27 20:27:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 18:27:53
ComboFix2.txt 2008-06-27 09:26:47

Adresářů: 16, Volných bajtů: 28,580,941,824
Adres ý…: 20, Volněch bajt…: 28,568,141,824

216


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:07, on 27.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB0F46-A856-4E7C-B927-E525411AA33F}: NameServer = 10.254.254.254,10.254.254.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2BDDE84-EF94-4FF3-862B-0BFA51C67AD9}: NameServer = 10.254.254.254,1.1.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6405 bytes

[fredik]

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale vlož tentokrát do něho toto:

Kód: Vybrat vše

File::
C:\Documents and Settings\LocalService\ms_tcp.dll
C:\Documents and Settings\Administrator\ms_tcp.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv1vj0enfe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr1vj0enfe]

Vlož sem pak log z CF.

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku


Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

Dej sem pak ještě nový log z HJT.

Btw. používáš ten Protector Suite a jak jsi s ním spokojený?

[vurx]

Log z CF

ComboFix 08-06-20.4 - Milánek 2008-06-28 10:53:01.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1646 [GMT 2:00]
Running from: C:\Documents and Settings\Milánek\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Milánek\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Administrator\ms_tcp.dll
C:\Documents and Settings\LocalService\ms_tcp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ms_tcp.dll
C:\Documents and Settings\LocalService\ms_tcp.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-27 14:48 . 2008-06-27 15:00 <DIR> d-------- C:\!KillBox
2008-06-27 12:08 . 2008-06-27 12:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 12:08 . 2008-06-27 12:08 <DIR> d-------- C:\Documents and Settings\Milánek\Data aplikací\Malwarebytes
2008-06-27 12:08 . 2008-06-27 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-06-27 12:08 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 12:08 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:07 . 2008-06-26 15:07 <DIR> d-------- C:\Documents and Settings\Milánek\Data aplikací\TechnoTrend
2008-06-26 15:06 . 2008-06-26 15:06 <DIR> d-------- C:\Program Files\TechnoTrend
2008-06-26 15:03 . 2008-06-26 15:03 <DIR> d-------- C:\Program Files\MFC8.0 Runtime
2008-06-26 14:48 . 2008-06-26 14:49 <DIR> d-------- C:\WINDOWS\system32\Codec
2008-06-26 13:36 . 2008-06-26 13:36 4,170 --a------ C:\Documents and Settings\LocalService\mpr2.dat
2008-06-26 13:00 . 2008-06-26 13:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-26 12:57 . 2008-06-27 12:04 <DIR> d-------- C:\SDFix
2008-06-26 12:47 . 2008-06-26 12:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-26 12:47 . 2008-06-26 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-06-26 10:43 . 2008-06-26 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2008-06-26 10:07 . 2008-06-26 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 09:06 . 2008-06-27 20:26 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-06-26 09:06 . 2008-01-24 13:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-26 09:06 . 2008-01-24 13:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-06-26 09:06 . 2008-06-28 10:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-25 20:56 . 2008-06-27 11:14 4,170 --a------ C:\Documents and Settings\Milánek\mpr2.dat
2008-06-25 20:56 . 2008-06-27 11:14 4,170 --a------ C:\Documents and Settings\Milánek\mpr2.dat
2008-06-25 20:06 . 2008-06-25 21:03 <DIR> d-------- C:\Program Files\ProgDVB
2008-06-25 19:19 . 2008-06-26 14:34 <DIR> d-------- C:\Program Files\DVBViewer
2008-06-25 19:19 . 2008-06-25 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CMUV
2008-06-25 14:06 . 2008-06-25 14:06 <DIR> d-------- C:\dvbapp
2008-06-25 13:44 . 2008-06-25 17:01 34 --a------ C:\ProgDVB.ini
2008-06-25 11:23 . 2008-06-25 19:26 <DIR> d-------- C:\AltDVB
2008-06-23 18:13 . 2008-06-23 18:13 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-23 15:12 . 2008-06-23 15:12 5,632 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-19 18:33 . 2008-06-19 19:13 <DIR> d-------- C:\Program Files\VAG-COM
2008-06-19 16:25 . 2008-06-19 16:25 <DIR> d-------- C:\Documents and Settings\Milánek\Data aplikací\Ubisoft
2008-06-19 16:25 . 2008-06-19 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2008-06-16 20:49 . 2008-06-16 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-06-16 20:45 . 2008-05-08 15:54 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-15 14:11 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-15 14:11 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-15 14:11 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-15 14:11 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-15 14:11 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-15 14:11 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-15 14:11 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-15 14:11 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-15 14:11 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-13 15:21 . 2008-06-13 15:21 <DIR> d-------- C:\Program Files\FENG3
2008-06-13 15:10 . 2008-06-19 18:02 0 --ah----- C:\WINDOWS\msds.dat
2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\WinPic800
2008-06-13 15:08 . 2007-12-19 12:40 53,760 --a------ C:\WINDOWS\system32\drivers\mchpusb.sys
2008-06-13 14:28 . 2007-11-20 18:35 49,792 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys
2008-06-02 12:41 . 2008-06-02 12:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-30 16:00 . 2008-06-13 15:21 <DIR> d-------- C:\Idownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 13:52 --------- d-----w C:\Documents and Settings\Milánek\Data aplikací\OpenOffice.org2
2008-06-26 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 11:55 --------- d-----w C:\Program Files\Azureus
2008-06-25 17:18 --------- d-----w C:\Documents and Settings\Milánek\Data aplikací\Azureus
2008-06-23 16:10 --------- d-----w C:\Program Files\Electronic Arts
2008-06-14 10:36 --------- d-----w C:\Documents and Settings\Efinka\Data aplikací\OpenOffice.org2
2008-06-10 13:58 --------- d-----w C:\Documents and Settings\Milánek\Data aplikací\Skype
2008-05-13 11:32 --------- d-----w C:\Program Files\Protector Suite QL
2008-01-24 14:43 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\Milánek\ms_tcp.dll
2004-08-17 12:49 13,312 ----a-w C:\Documents and Settings\Milánek\ms_tcp.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_11.26.36.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 09:23:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 08:41:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-26 11:40:27 520,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-27 09:57:12 520,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-06-26 11:40:27 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-27 09:57:12 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2008-06-27 09:19:16 73,614 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-06-28 08:46:13 73,614 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-06-27 09:19:16 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-28 08:46:13 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-27 09:19:16 398,984 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-06-28 08:46:13 398,984 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-06-27 09:19:16 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-28 08:46:13 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-28 08:41:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 12:48 569344]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 18:51 951856]
"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 19:55 190000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-14 14:43 13533184]
"nwiz"="nwiz.exe" [2008-05-14 14:43 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-14 14:43 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

C:\Documents and Settings\Efinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 18:32:04 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 13:26:12 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 20:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 12:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-17 14:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-12-06 19:37 69216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 13:13]
R3 portio;WinPic800 IO Drivers;C:\WINDOWS\system32\DRIVERS\WP800IO.sys [2007-08-26 10:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys [2007-07-25 17:20]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cbc31a0-d64d-11dc-9a9d-001de00bf045}]
\Shell\AutoRun\command - F:\TrueCrypt\TrueCrypt.exe /q background /lQ /e /m rm /v "adata.dat"
\Shell\dismount\command - F:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\start\command - F:\TrueCrypt\TrueCrypt.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 10:54:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-28 10:54:53
ComboFix-quarantined-files.txt 2008-06-28 08:54:50
ComboFix2.txt 2008-06-27 18:27:57
ComboFix3.txt 2008-06-27 09:26:47

Adresářů: 16, Volných bajtů: 28,495,007,744
Adresářů: 20, Volných bajtů: 28,483,121,152

209


Jinak jdu na tu javu a pak pošlu další log.

Protector Suite používám od začátku co mám notebook s čtečkou otisku prstů a zatím bez sebemenší závady, užívám ho na přepínání a vstup do profilů a k heslům na web stránky.