Prosím o kontrolu Vyřešeno

[Blaža]

Ahoj, prosím o kontrolu logu. Počítač je dost pomalý. Aktualizace W se mi sami vypínají. Isass.exe mi v systému běží pořád kolem 60-70 CPU. Dík za pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:12, on 14.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Záloha C\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {356F58C8-E915-4DC7-88CC-773EA696A17B} - C:\WINDOWS\system32\ddcAstrs.dll
O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\opnkjKDS.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [e0039c4b] rundll32.exe "C:\WINDOWS\system32\sawnlesd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Záloha C\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Download Commander - c:/program files/heitmeijer/download commander version 2.2/IE\DownloadCommander.html
O8 - Extra context menu item: Download with Download Commander - c:/program files/heitmeijer/download commander version 2.2/IE\DownloadCommander2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56301CFB-8B4A-4B8C-AB44-BF6CC0A272F7}: NameServer = 192.168.200.5,192.168.20.20
O20 - Winlogon Notify: opnkjKDS - C:\WINDOWS\SYSTEM32\opnkjKDS.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - H:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6513 bytes

[Reklama]

[fredik]

Před použitím ComboFix vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

Po jeho proběhnutí si ho zapni zpět.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Blaža]

COMBOFIX log :

ComboFix 08-07-12.2 - INTEL 2008-07-14 12:37:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.505 [GMT 2:00]
Running from: C:\Documents and Settings\INTEL\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\INTEL\Data aplikací\macromedia\Flash Player\#SharedObjects\8URQTPZV\iforex.com
C:\Documents and Settings\INTEL\Data aplikací\macromedia\Flash Player\#SharedObjects\8URQTPZV\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\INTEL\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\INTEL\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\INTEL\Data aplikací\WinAntiSpyware 2006
C:\Documents and Settings\INTEL\Data aplikací\WinAntiSpyware 2006\Logs\update.log
C:\Program Files\winantispyware 2006 free
C:\Program Files\winantispyware 2006 free\sr.log
C:\WINDOWS\system32\dselnwas.ini
C:\WINDOWS\system32\gayoyqut.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ofhwusdg.ini
C:\WINDOWS\system32\skmktpae.ini
C:\WINDOWS\system32\srtsAcdd.ini
C:\WINDOWS\system32\srtsAcdd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 11:15 . 2008-07-14 11:15 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-14 11:15 . 2008-07-14 11:16 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 11:52 . 2008-07-11 11:52 318,720 --a------ C:\WINDOWS\system32\ddcAstrs.dll
2008-07-10 21:50 . 2008-07-10 21:50 29,568 --a------ C:\WINDOWS\system32\opnkjKDS.dll
2008-07-10 21:50 . 2008-07-10 21:50 29,568 --a------ C:\WINDOWS\system32\khffFVnN.dll
2008-07-09 21:56 . 2008-07-09 21:56 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-09 21:40 . 2008-07-09 21:40 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 21:40 . 2008-07-09 21:40 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-09 21:40 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-08 22:07 . 2008-07-08 22:07 <DIR> d-------- C:\Program Files\RelevantKnowledge
2008-07-08 22:06 . 2008-07-08 22:06 <DIR> d-------- C:\Program Files\OneStepSearch
2008-07-08 22:04 . 2008-07-08 22:06 <DIR> d-------- C:\Program Files\FileSubmit
2008-07-08 22:03 . 2008-07-08 22:03 <DIR> d-------- C:\WINDOWS\icons
2008-07-04 21:49 . 2008-07-04 21:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 21:49 . 2008-07-04 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-30 21:45 . 2008-06-30 23:03 <DIR> d-------- C:\Program Files\IKEA HomePlanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:20 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-09 19:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 20:26 --------- d-----w C:\Program Files\QuickTime
2008-07-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 20:17 --------- d-----w C:\Program Files\CyberLink
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 18:04 --------- d-----w C:\Program Files\FDRLab
2008-06-08 17:42 --------- d-----w C:\Program Files\DownloadToolz
2008-06-08 15:19 --------- d-----w C:\Program Files\Heitmeijer
2008-06-08 15:03 --------- d-----w C:\Program Files\WMR11
2008-06-08 15:02 --------- d-----w C:\Program Files\WinPcap
2008-06-08 14:21 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-06-08 14:21 --------- d-----w C:\Program Files\AVSMedia
2008-06-08 13:49 --------- d-----w C:\Program Files\ffdshow
2008-06-08 13:35 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-06-08 13:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-26 19:30 --------- d-----w C:\Program Files\Eurekr.com
2008-05-26 16:51 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-24 19:46 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-05-24 19:45 --------- d-----w C:\Program Files\GameShadow
2008-05-23 18:26 --------- d-----w C:\Program Files\GameSpy
2008-05-23 18:24 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-23 18:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-23 18:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 18:24 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-22 13:51 --------- d-----w C:\Program Files\Software2000
2008-05-18 17:06 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-20 16:26 56 --sh--r C:\WINDOWS\system32\D319AAAADE.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-03-20 16:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356F58C8-E915-4DC7-88CC-773EA696A17B}]
2008-07-11 11:52 318720 --a------ C:\WINDOWS\system32\ddcAstrs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-10 21:50 29568 --a------ C:\WINDOWS\system32\opnkjKDS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-07 10:29 1817600]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2008-02-21 22:22 453936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\opnkjKDS.dll" [2008-07-10 21:50 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Data aplikací\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjKDS]
2008-07-10 21:50 29568 C:\WINDOWS\system32\opnkjKDS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.yv12"= yv12vfw.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.mjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Hry\\Sierra\\Empire Earth\\Empire Earth.exe"=
"D:\\Hry\\MOHAA\\MOHAA.exe"=
"D:\\Hry\\CS 1.6\\hl.exe"=
"D:\\Hry\\CS 1.6\\hlds.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"D:\\Hry\\Counter-Strike Source\\hl2.exe"=
"D:\\Hry\\CS 1.6\\hltv.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"H:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"H:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"H:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"H:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Heitmeijer\\Download Commander version 2.2\\Download Commander.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-05-01 18:05]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-07 10:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-10 07:26]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-09 21:40]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e16d5f43-d6f3-11db-9279-806d6172696f}]
\Shell\AutoRun\command - G:\Setup.exe
\Shell\setup\command - G:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 10:44:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Skype - D:\Záloha C\Program Files\Skype\Phone\Skype.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 12:45:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnkjKDS.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-14 12:55:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 10:53:44

Adresářů: 7, Volných bajtů: 9,453,092,864
Adres ý…: 9, Volněch bajt…: 9,498,206,208

213 --- E O F --- 2008-07-10 18:02:43

[Blaža]

Pomůže mi prosím někdo ???

[fredik]

Podívej se a doinstaluj pokud tam bude přes Přidat nebo odebrat programy:
RelevantKnowledge
OneStep Search 1.0 build 120 (čísla se mohou lišit)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\ddcAstrs.dll
C:\WINDOWS\system32\opnkjKDS.dll
C:\WINDOWS\system32\khffFVnN.dll

Folder::
C:\Program Files\RelevantKnowledge
C:\Program Files\OneStepSearch

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356F58C8-E915-4DC7-88CC-773EA696A17B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjKDS]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Blaža]

Nové logy :

ComboFix 08-07-12.2 - INTEL 2008-07-14 19:21:35.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.620 [GMT 2:00]
Running from: C:\Documents and Settings\INTEL\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\INTEL\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ddcAstrs.dll
C:\WINDOWS\system32\khffFVnN.dll
C:\WINDOWS\system32\opnkjKDS.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\OneStepSearch
C:\Program Files\RelevantKnowledge
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\WINDOWS\system32\khffFVnN.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 14:18 . 2008-07-14 19:13 <DIR> d-------- C:\Program Files\Crawler
2008-07-14 14:06 . 2008-07-14 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\fssg
2008-07-14 13:23 . 2008-07-14 13:25 <DIR> d-------- C:\Program Files\AusLogics Registry Defrag
2008-07-14 11:16 . 2008-07-14 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-07-14 11:15 . 2008-07-14 11:15 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-14 11:15 . 2008-07-14 11:16 <DIR> d-------- C:\Program Files\CCleaner
2008-07-09 21:56 . 2008-07-09 21:56 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-09 21:40 . 2008-07-09 21:40 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 21:40 . 2008-07-09 21:40 <DIR> d-------- C:\Documents and Settings\INTEL\Data aplikací\TuneUp Software
2008-07-09 21:40 . 2008-07-09 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-07-09 21:40 . 2008-07-09 21:40 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-09 21:40 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-08 22:04 . 2008-07-08 22:06 <DIR> d-------- C:\Program Files\FileSubmit
2008-07-08 22:03 . 2008-07-08 22:03 <DIR> d-------- C:\WINDOWS\icons
2008-07-04 21:49 . 2008-07-04 21:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 21:49 . 2008-07-04 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-30 21:45 . 2008-06-30 23:03 <DIR> d-------- C:\Program Files\IKEA HomePlanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 12:15 --------- d-----w C:\Documents and Settings\INTEL\Data aplikací\Spyware Terminator
2008-07-14 11:24 --------- d-----w C:\Documents and Settings\INTEL\Data aplikací\Skype
2008-07-14 09:20 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-07-09 19:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 20:26 --------- d-----w C:\Program Files\QuickTime
2008-07-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 20:17 --------- d-----w C:\Program Files\CyberLink
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 18:04 --------- d-----w C:\Program Files\FDRLab
2008-06-08 17:42 --------- d-----w C:\Program Files\DownloadToolz
2008-06-08 15:19 --------- d-----w C:\Program Files\Heitmeijer
2008-06-08 15:03 --------- d-----w C:\Program Files\WMR11
2008-06-08 15:02 --------- d-----w C:\Program Files\WinPcap
2008-06-08 14:21 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-06-08 14:21 --------- d-----w C:\Program Files\AVSMedia
2008-06-08 13:49 --------- d-----w C:\Program Files\ffdshow
2008-06-08 13:35 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-06-08 13:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-29 17:24 --------- d-----w C:\Documents and Settings\INTEL\Data aplikací\Vso
2008-05-26 19:30 --------- d-----w C:\Program Files\Eurekr.com
2008-05-26 16:51 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-24 19:46 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-05-24 19:45 --------- d-----w C:\Program Files\GameShadow
2008-05-23 18:26 --------- d-----w C:\Program Files\GameSpy
2008-05-23 18:24 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-23 18:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-23 18:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 18:24 22,328 ----a-w C:\Documents and Settings\INTEL\Data aplikací\PnkBstrK.sys
2008-05-23 18:24 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-22 13:51 --------- d-----w C:\Program Files\Software2000
2008-05-19 18:24 --------- d-----w C:\Documents and Settings\INTEL\Data aplikací\DNA
2008-05-18 17:06 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-20 16:26 56 --sh--r C:\WINDOWS\system32\D319AAAADE.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-03-20 16:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_12.52.02.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 10:43:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 16:32:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 12:08:08 18,718 ----a-r C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\ARPPRODUCTICON.exe
+ 2008-07-14 12:08:08 18,718 ----a-r C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-07-14 12:08:08 18,718 ----a-r C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-02-20 11:34:02 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-02-20 11:34:08 71,088 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2008-07-14 16:32:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-07 10:29 1817600]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2008-02-21 22:22 453936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Data aplikací\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.yv12"= yv12vfw.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.mjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Hry\\Sierra\\Empire Earth\\Empire Earth.exe"=
"D:\\Hry\\MOHAA\\MOHAA.exe"=
"D:\\Hry\\CS 1.6\\hl.exe"=
"D:\\Hry\\CS 1.6\\hlds.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"D:\\Hry\\Counter-Strike Source\\hl2.exe"=
"D:\\Hry\\CS 1.6\\hltv.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"H:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"H:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"H:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"H:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Heitmeijer\\Download Commander version 2.2\\Download Commander.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-05-01 18:05]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-07 10:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-10 07:26]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-09 21:40]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e16d5f43-d6f3-11db-9279-806d6172696f}]
\Shell\AutoRun\command - G:\Setup.exe
\Shell\setup\command - G:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 17:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 19:26:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-14 19:30:11
ComboFix-quarantined-files.txt 2008-07-14 17:29:03
ComboFix2.txt 2008-07-14 10:55:09

Adresářů: 7, Volných bajtů: 8,592,191,488
Adresářů: 9, Volných bajtů: 8,589,021,184

199 --- E O F --- 2008-07-10 18:02:43

Log z HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:21, on 14.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\CF6176.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all with Download Commander - c:/program files/heitmeijer/download commander version 2.2/IE\DownloadCommander.html
O8 - Extra context menu item: Download with Download Commander - c:/program files/heitmeijer/download commander version 2.2/IE\DownloadCommander2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56301CFB-8B4A-4B8C-AB44-BF6CC0A272F7}: NameServer = 192.168.200.5,192.168.20.20
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - H:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7067 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
Pokud by ti na podruhé vyhodil chybovou hlášku tak udělej toto:

Spusť Avast a až se ti objeví okno aplikace tak vlevo nahoře klikni na ikonu šipky směřující nahoru (Menu) tam zvol Nastavení...
- v nově otevřeném okně zvol poslední možnost dole Řešení problémů tam zatrhni možnost: Vypnout sebeobranné mechanismy programu Avast! a potvrď přes Ok
- ukáže se ti hláška Avastu tak zvol Ano
- zavři Avast
Pak použij znovu ten soubor fix.reg a mělo by to proběhnout všechno v pořádku. Restartuj Pc a po najetí zpět do Win. si opačným postupem zapni sebeobranu v Avastu.

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

Mrkni se pak do TaskManegeru jestli tam máš ještě tento soubor: CF6176.exe
Máš ještě nějaké problémy?

[Blaža]

Udělal jsem všechno co jsi mi napsal. V Taskmanageru to neběží. Problém už snad neni žádný a doufám, že nebude. Děkuju moc. Ahoj

[fredik]

Holt jsi byl moc rychlý s posledním logem z HJT

Nemáš za co