Prosim o kontrolu logu mam mensi problem

[TTT_111]

COMBOFIX LOG
ComboFix 08-07-08.9 - Tran 2008-07-09 19:17:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.195 [GMT 2:00]
Running from: C:\Documents and Settings\Tran\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\Tby38.sys
C:\WINDOWS\system32\ntload.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TBY38
-------\Legacy_TCPSR
-------\Service_Tby38
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 19:09 . 2008-07-09 19:09 61,440 --a------ C:\WINDOWS\system32\drivers\zrywv.sys
2008-07-09 18:28 . 2008-07-09 18:40 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-09 18:28 . 2008-07-09 18:40 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 18:27 . 2008-07-09 18:27 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-09 18:17 . 2008-07-09 19:26 5,046,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 18:17 . 2008-07-09 19:22 70,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 18:17 . 2008-07-09 19:25 11,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 18:17 . 2008-07-09 19:22 3,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:10 . 2008-07-08 18:10 <DIR> d-------- C:\Deckard
2008-07-08 18:01 . 2008-07-08 18:01 <DIR> d-------- C:\WINDOWS\system32\repository
2008-07-07 23:20 . 2008-07-07 23:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-06 23:23 . 2004-08-18 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-06 22:09 . 2008-07-06 22:09 29 --a------ C:\WINDOWS\system32\itsefgwo.tmp
2008-06-24 09:26 . 2008-06-24 09:26 <DIR> d-------- C:\Documents and Settings\Tran\dwhelper
2008-06-20 08:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-20 08:10 . 2008-06-20 08:11 <DIR> d-------- C:\Program Files\Java
2008-06-20 08:10 . 2008-06-20 08:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-18 08:17 . 2008-07-07 09:17 <DIR> d-------- C:\fixwareout
2008-06-14 10:34 . 2008-06-14 10:34 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-06-14 10:34 . 2008-06-14 10:34 1,905 --a------ C:\WINDOWS\diagerr.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 17:10 --------- d-----w C:\Program Files\FlashGet
2008-07-09 16:41 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-18 17:22 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-10 20:04 --------- d-----w C:\Program Files\ICQ6
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-06 22:10 335872]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"CHotkey"="mHotkey.exe" [2002-07-29 12:54 473088 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2002-10-04 10:05 532992 C:\WINDOWS\CNYHKey.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"C:\\Program Files\\ADPHONE3\\ADPHONE.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2006-05-10 19:38]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);C:\WINDOWS\system32\Drivers\hpzs2k12.sys [2003-11-23 17:07]

.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4D5C8C2A-D075-11D0-B416-00C04FB90376} - %SystemRoot%\system32\browseui.dll
HKLM-Run-SpeedOptimizer - C:\PROGRA~1\SPEEDO~1\SPO.EXE
HKLM-Run-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 19:25:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
.
**************************************************************************
.
Completion time: 2008-07-09 19:28:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 17:28:48

Adresářů: 16, Volných bajtů: 3,857,149,952
Adres ý…: 18, Volněch bajt…: 3,935,621,120

123 --- E O F --- 2008-07-09 09:04:55

[Reklama]

[TTT_111]

GMER LOG 1 část-



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-09 19:56:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xB2E2A370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB2E28420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xB2E1B7A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB2E2A0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB2E2A210]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xB2E2AE70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB2E2A940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB2E2B7B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xB2E1B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xB2E1B920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB2E2A510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB2E1B9B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB2E1BA60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB2E1BB10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB2E1BB90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xB2E27FD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB2E1C590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB2E1BBB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB2E1BC80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF8566030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB2E1BD60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB2E29E90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB2E2ACA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB2E1BE30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB2E1BEE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB2E2B460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB2E1BF90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB2E1C040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB2E28A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB2E1C0D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB2E2B760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB2E1C2D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB2E2BAE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB2E2C0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB2E1C360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB2E26C20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB2E2AB20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xB2E1C400]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB2E2B710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB2E282E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xB2E2B300]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB2E1C550]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB2E2A3D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [ D0, 7F, E2, B2, 90, C5, E1, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP B2E2C9C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP B2E2C4C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\crypserv.exe[124] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[304] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[436] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\SOUNDMAN.EXE[448] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Mozilla Firefox\firefox.exe[584] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Mozilla Firefox\firefox.exe[584] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Mozilla Firefox\firefox.exe[584] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[584] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [ F0, 00, 1E, 7D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[584] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [ 60, 01, 1E, 7D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[584] SHELL32.dll!StrStrW + FFE2D515 7C9C68E0 4 Bytes [ 40, 02, 1E, 7D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[584] SHELL32.dll!StrStrW + FFE2D55D 7C9C6928 4 Bytes [ D0, 01, 1E, 7D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[584] SHELL32.dll!StrStrW + FFE32DD9 7C9CC1A4 4 Bytes [ B0, 02, 1E, 7D ]
? C:\Program Files\Skype\Phone\Skype.exe[596] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Skype\Phone\Skype.exe[596] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Skype\Phone\Skype.exe[596] C:\WINDOWS\system32\shell32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[656] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[656] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\wscntfy.exe[908] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[932] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[956] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\services.exe[1000] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1012] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1012] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[1012] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\LightSurf\Color Indicator\TICIcon.exe[1084] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\wuauclt.exe[1148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\LightSurf\Colorific\hgcctl95.exe[1176] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1184] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\alg.exe[1204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\LightSurf\Common\IconMgr.exe[1256] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1336] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1336] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1336] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\WINDOWS\System32\svchost.exe[1424] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1468] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1468] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1468] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\WINDOWS\mHotkey.exe[1476] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\CNYHKey.exe[1540] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\HP\HP Software Update\HPWuSchd.exe[1544] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1600] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1600] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1600] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\WinZip\WZQKPICK.EXE[1672] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\WinZip\WZQKPICK.EXE[1672] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\WinZip\WZQKPICK.EXE[1672] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1720] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\spoolsv.exe[1884] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[2036] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[2036] USER32.dll!VRipOutput + FFFA5010 77D32A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\WINDOWS\explorer.exe[2432] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\explorer.exe[2432] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\explorer.exe[2432] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [ F0, 00, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [ 60, 01, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!StrStrW + FFE2C555 7C9C5920 4 Bytes [ E0, 0B, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!StrStrW + FFE2C651 7C9C5A1C 4 Bytes [ B0, 02, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!StrStrW + FFE2C66D 7C9C5A38 4 Bytes [ 50, 0C, 1E, 7D ]
.text ...
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFree + 24F 7C9E2B50 4 Bytes [ 50, 0C, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHLoadOLE + 5F 7C9E305C 4 Bytes [ B0, 09, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!IsNetDrive + D01 7C9EAD40 4 Bytes [ 10, 0E, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFindChild + 195 7C9EB96C 4 Bytes [ F0, 00, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFindChild + E7D 7C9EC654 4 Bytes [ 80, 00, 5D, 03 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFindChild + E99 7C9EC670 4 Bytes [ 10, 00, 5D, 03 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFindChild + EE1 7C9EC6B8 4 Bytes [ 60, 0F, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ILFindChild + 1355 7C9ECB2C 4 Bytes [ D0, 08, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHCreateShellFolderView + 460E 7C9F4C7C 4 Bytes [ 50, 05, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHCreateShellFolderView + 462E 7C9F4C9C 4 Bytes [ 30, 06, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHCreateShellFolderView + 4666 7C9F4CD4 4 Bytes [ C0, 05, 1E, 7D ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DllCanUnloadNow + 7F7 7CA01DB0 4 Bytes [ 60, 08, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHGetMalloc + 340 7CA02324 4 Bytes [ 40, 09, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!ShellExecuteExW + 220A 7CA0F808 4 Bytes [ 30, 06, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!SHTestTokenMembership + E3 7CA11C60 4 Bytes [ F0, 0E, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DragQueryFileAorW + 3A8F 7CA237A0 4 Bytes [ F0, 07, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DragQueryFileAorW + 417F 7CA23E90 4 Bytes [ 60, 0F, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DragQueryFileAorW + 4257 7CA23F68 4 Bytes [ D0, 08, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DragQueryFileAorW + 42FF 7CA24010 4 Bytes [ 10, 00, D1, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!DragQueryFileAorW + 431F 7CA24030 4 Bytes [ 90, 0A, CD, 00 ]
.text ...
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!InternalExtractIconListA + 235F 7CA2B8A8 4 Bytes [ 80, 07, CD, 00 ]
.text C:\WINDOWS\explorer.exe[2432] SHELL32.dll!InternalExtractIconListA + 241B 7CA2B964 4 Bytes [ 60, 08, CD, 00 ]
? C:\Documents and Settings\Tran\Plocha\gmer.exe[3740] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Tran\Plocha\gmer.exe[3740] C:\WINDOWS\system32\USER32.DLL time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 8273FDC0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 8273FDC0
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\STREAM.SYS[NTOSKRNL.EXE!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 8273FD10
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 8273FD10

[TTT_111]

GMER LOG JE PRILIS DLOUHY MA PRES 60 STRANEK TAK TO POSILAM JAKO PRILOHU VE WORDU JE TO ROZDELENY DO 2 CASTI

[TTT_111]

2 CAST GMER LOGU

[fredik]

Opět pozastav KIS po dobu použití ComboFixu:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\zrywv.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[TTT_111]

novy COMBOFIX LOG


ComboFix 08-07-09.5 - Tran 2008-07-10 20:48:52.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.191 [GMT 2:00]
Running from: C:\Documents and Settings\Tran\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tran\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\zrywv.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tran\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\zrywv.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 19:41 . 2008-07-10 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 19:41 . 2008-07-10 19:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 19:36 . 2008-07-09 19:47 250 --a------ C:\WINDOWS\gmer.ini
2008-07-09 18:28 . 2008-07-09 18:40 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-09 18:28 . 2008-07-09 18:40 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 18:27 . 2008-07-09 18:27 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-09 18:17 . 2008-07-10 21:09 9,766,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 18:17 . 2008-07-10 20:59 133,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 18:17 . 2008-07-10 21:08 25,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 18:17 . 2008-07-10 20:59 4,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-08 18:10 . 2008-07-08 18:10 <DIR> d-------- C:\Deckard
2008-07-08 18:01 . 2008-07-08 18:01 <DIR> d-------- C:\WINDOWS\system32\repository
2008-07-07 23:20 . 2008-07-07 23:20 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-06 23:23 . 2004-08-18 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-06 22:09 . 2008-07-06 22:09 29 --a------ C:\WINDOWS\system32\itsefgwo.tmp
2008-06-24 09:26 . 2008-06-24 09:26 <DIR> d-------- C:\Documents and Settings\Tran\dwhelper
2008-06-20 08:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-20 08:10 . 2008-06-20 08:11 <DIR> d-------- C:\Program Files\Java
2008-06-20 08:10 . 2008-06-20 08:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-18 08:17 . 2008-07-07 09:17 <DIR> d-------- C:\fixwareout
2008-06-14 10:34 . 2008-06-14 10:34 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-06-14 10:34 . 2008-06-14 10:34 1,905 --a------ C:\WINDOWS\diagerr.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 18:59 --------- d-----w C:\Program Files\FlashGet
2008-07-09 16:41 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-18 17:22 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-10 20:04 --------- d-----w C:\Program Files\ICQ6
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_19.28.08.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 17:23:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 19:00:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 17:36:32 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-07-09 17:23:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-10 19:01:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-09 17:23:31 163,840 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-10 19:01:04 163,840 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-09 17:23:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-10 19:01:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-09 17:36:32 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-07-10 19:08:55 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-06 22:10 335872]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"CHotkey"="mHotkey.exe" [2002-07-29 12:54 473088 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2002-10-04 10:05 532992 C:\WINDOWS\CNYHKey.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"C:\\Program Files\\ADPHONE3\\ADPHONE.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S3 CapFilt;CapFilt;C:\WINDOWS\system32\drivers\CapFilt.sys [2006-05-10 19:38]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);C:\WINDOWS\system32\Drivers\hpzs2k12.sys [2003-11-23 17:07]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 21:09:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-10 21:14:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 19:13:40
ComboFix2.txt 2008-07-09 17:28:59

Adresářů: 15, Volných bajtů: 3,671,113,728
Adres ý…: 18, Volněch bajt…: 3,742,973,952

125 --- E O F --- 2008-07-10 15:36:57

[TTT_111]

NOVY HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16, on 10.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HK FILM\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1157582203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} (EMSIP Class) - https://break.viphone.cz/SIPEyePPhone.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6999 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

Máš ještě nějaké problémy?

[TTT_111]

diky vse uz je v poradku

[fredik]

nemáš za co