Prosím o kontrolu... Vyřešeno

[Zbyna1]

Ta 017 se zase objevila. Když ji fixnu v HJT, tak tam chvíli není a já vložím adresu poskytovatele internetu, tak internet začne fungovat a za nějaký čas, když použiju HJT, tak tam zase ta 017 je. Co stím mám dělat ?

[Reklama]

[fredik]

Ta položka O17 tam bude, pokud si nastavíš ručně IP adresy DNS. Pokud tedy pod tou položkou budou zobrazeny IP adresy tvého poskytovatele tak jak jsi je nastavil, je to v pořádku. Před tím se ta položka fixla, protože ty IP patří k wareoutu.

Zobrazuje se ti ještě to okno co jsi zmiňoval?

[Zbyna1]

Ano, zobrazuje se mi i když jen tak 2x za den. Já to vždy vypnu křížkem a nic jiného s tím nedělám. Dnes se mi to okno zase zobrazilo a to zrovna když jsem měl zapnuto toto fórum. Vypadá to takto:

[fredik]

Zobrazí se ti samo od sebe, nebo jen když surfuješ po internetu?

Můžeš zkusit poslat log z Combofixu:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Zbyna1]

Zobrazí se pokaždé jinde (myslím pokažde na jiných stránkách internetu). Tam kde se okno objevilo se při dalším navštívení stejné stránky nezobrazí, tak nevím jak ti to popsat ?! Tady je ten log z ComboFixu :

ComboFix 08-07-29.1 - Vlastník 2008-07-30 21:31:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.675 [GMT 2:00]
Running from: C:\Documents and Settings\Vlastník\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\config.ini
C:\WINDOWS\system32\kdooy.exe
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\systeminfo3.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-29 22:46 . 2008-07-29 22:46 88 --a------ C:\WINDOWS\wininit.ini
2008-07-29 20:14 . 2008-07-29 23:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 11:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 11:22 . 2008-07-28 11:23 <DIR> d-------- C:\Program Files\Java
2008-07-28 01:26 . 2008-07-28 11:06 <DIR> d-------- C:\Program Files\Java(2)
2008-07-27 23:59 . 2008-07-28 22:09 <DIR> d-------- C:\fixwareout
2008-07-27 23:48 . 2008-07-27 23:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-27 22:38 . 2008-07-27 22:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 00:32 . 2008-07-27 00:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-26 22:28 . 2008-07-26 22:32 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-26 07:36 . 2008-07-26 20:48 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\ArCon
2008-07-12 12:09 . 1996-01-12 00:00 722,192 --------- C:\WINDOWS\system32\VB40032.DLL
2008-07-12 12:09 . 1996-12-02 23:44 582,144 -ra------ C:\WINDOWS\system32\DAO350.DLL
2008-07-12 12:09 . 1997-02-17 18:24 519,680 --------- C:\WINDOWS\system32\DBGRID32.OCX
2008-07-12 12:09 . 1997-07-19 17:00 204,048 --------- C:\WINDOWS\system32\DBLIST32.OCX
2008-07-12 12:09 . 1996-12-02 17:27 73,184 -ra------ C:\WINDOWS\system32\DAO2535.TLB
2008-07-12 08:20 . 2008-07-12 08:22 <DIR> d-------- C:\Program Files\Architektura
2008-07-12 08:16 . 1998-04-24 19:09 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2008-07-11 18:15 . 2008-07-11 18:15 445 --a------ C:\WINDOWS\EntPack.dat
2008-07-06 12:23 . 2008-07-11 15:02 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-04 23:45 . 2008-07-06 12:25 <DIR> d-------- C:\Program Files\Glary Utilities
2008-07-04 17:28 . 2008-07-04 17:28 <DIR> d-------- C:\Program Files\Zoner
2008-07-02 11:51 . 2008-07-02 11:51 <DIR> d-------- C:\Program Files\ESET
2008-06-30 19:53 . 2008-06-30 19:58 <DIR> d-------- C:\Program Files\CloneDVD
2008-06-29 09:55 . 2008-07-09 20:10 <DIR> d-------- C:\Program Files\ICQToolbar
2008-06-29 09:52 . 2008-06-29 09:59 <DIR> d-------- C:\Program Files\ICQ6
2008-06-28 21:52 . 2008-06-29 09:51 <DIR> d-------- C:\Program Files\ICQLite
2008-06-11 12:20 . 2008-06-11 12:20 <DIR> d-------- C:\Program Files\Xvid
2008-06-11 12:07 . 2008-06-11 12:12 <DIR> d-------- C:\Program Files\CCleaner
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-03 17:15 . 2008-06-03 17:15 0 --a------ C:\WINDOWS\mpegableX4live.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 19:26 --------- d-----w C:\Program Files\FlashGet
2008-07-26 23:13 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-07-26 22:31 --------- d-----w C:\Program Files\Torrent Harvester
2008-07-26 22:26 --------- d-----w C:\Program Files\RapidSpool
2008-07-04 15:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 17:53 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-29 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 12:56 --------- d-----w C:\Program Files\Google
2008-06-11 12:32 --------- d-----w C:\Program Files\EKucharka
2008-06-11 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-03 06:51 --------- d-----w C:\Program Files\Seznam Listicka
2008-06-03 06:16 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2007-04-16 10:26 56 --sh--r C:\WINDOWS\system32\580E464349.sys
2007-04-16 10:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 23:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008012820080129\index.dat
.

------- Sigcheck -------

2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 16:49 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-23 16:49 86016]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-05-16 15:02 1974345 C:\Program Files\FlashGet\flashget.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S30.tmp"
"LClock"=C:\Program Files\LClock\LClock.exe
"ViStart"=C:\Program Files\ViStart\ViStart.exe
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"EPSON Stylus C48 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
"EPSON Stylus C48 Series (kopie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P33 "EPSON Stylus C48 Series (kopie 1)" /O6 "USB002" /M "Stylus C48"
"InstallRunTimeAccess2000"=
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 19:24]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-28 02:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-07-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]

2008-07-30 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AnyDVD - C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\Rar$EX00.031\AnyDVD.v6.1.2.5-crack.exe-RES\AnyDVD.exe
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.seznam.cz/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{90F7AD47-2E1B-4E4E-830D-AC85036A67A3}: NameServer = 85.255.113.140,85.255.112.93


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 21:50:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-30 21:55:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 19:55:22

Pre-Run: 9,293,885,440
Post-Run: Volněch bajt…: 12,741,529,600

195

[Zbyna1]

Prosim, jak jsem dopadl s tím ComboFixem

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InstallRunTimeAccess2000"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fixp.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fixp.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Můžeš případně pročisti Pc od dočasných souborů pomocí některého programu:
CCleaner případně ATF-Cleaner
Stáhni si ATF-Cleaner (by Atribune) a spusť ho

Pod položkou Main zatrhni možnost: Select All
Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč FireFox:

- Zvol nahoře možnost Firefox
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Firefoxu, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč Operu:

- Zvol nahoře možnost Opera
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Opery, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pak můžeš program zavřít.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Když už tam máš ten Spybot, tak pokud jsi ještě nepoužil tak proveď imunizaci. Případně bych ti jako prevenci doporučil ještě tento program:
SpywareBlaster
- návod je sice sepsaný na předchozí verzi, ale kromě změny GUI je vše podstatné stejné.

Dej pak vědět jak to vypadá.

[Zbyna1]

Tak teď to vypadá takto:

ComboFix 08-07-31.06 - Vlastník 2008-08-02 10:01:55.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.639 [GMT 2:00]
Running from: C:\Documents and Settings\Vlastník\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-30 21:55 . 2008-07-30 21:55 <DIR> d-------- C:\Documents and Settings\ZbynýŔek
2008-07-30 21:55 . 2008-07-30 21:55 <DIR> d-------- C:\Documents and Settings\VlastnÝk
2008-07-29 22:46 . 2008-07-29 22:46 88 --a------ C:\WINDOWS\wininit.ini
2008-07-29 20:14 . 2008-07-29 23:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-29 20:14 . 2008-07-29 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-07-28 11:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 11:22 . 2008-07-28 11:23 <DIR> d-------- C:\Program Files\Java
2008-07-28 01:26 . 2008-07-28 11:06 <DIR> d-------- C:\Program Files\Java(2)
2008-07-27 23:59 . 2008-07-28 22:09 <DIR> d-------- C:\fixwareout
2008-07-27 23:48 . 2008-07-27 23:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-27 22:38 . 2008-07-27 22:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 00:32 . 2008-07-27 00:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-26 22:28 . 2008-07-26 22:32 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-26 07:36 . 2008-07-26 20:48 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\ArCon
2008-07-12 12:09 . 1996-01-12 00:00 722,192 --------- C:\WINDOWS\system32\VB40032.DLL
2008-07-12 12:09 . 1996-12-02 23:44 582,144 -ra------ C:\WINDOWS\system32\DAO350.DLL
2008-07-12 12:09 . 1997-02-17 18:24 519,680 --------- C:\WINDOWS\system32\DBGRID32.OCX
2008-07-12 12:09 . 1997-07-19 17:00 204,048 --------- C:\WINDOWS\system32\DBLIST32.OCX
2008-07-12 12:09 . 1996-12-02 17:27 73,184 -ra------ C:\WINDOWS\system32\DAO2535.TLB
2008-07-12 08:20 . 2008-07-12 08:22 <DIR> d-------- C:\Program Files\Architektura
2008-07-12 08:16 . 1998-04-24 19:09 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2008-07-11 18:15 . 2008-07-11 18:15 445 --a------ C:\WINDOWS\EntPack.dat
2008-07-06 12:23 . 2008-07-11 15:02 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-05 00:01 . 2008-07-05 00:01 <DIR> d-------- C:\Documents and Settings\Vlastník\Data aplikací\GlarySoft
2008-07-04 23:45 . 2008-07-06 12:25 <DIR> d-------- C:\Program Files\Glary Utilities
2008-07-04 17:29 . 2008-07-04 17:29 <DIR> d-------- C:\Documents and Settings\Vlastník\Data aplikací\Zoner
2008-07-04 17:28 . 2008-07-04 17:28 <DIR> d-------- C:\Program Files\Zoner
2008-07-02 11:51 . 2008-07-02 11:51 <DIR> d-------- C:\Program Files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 20:05 --------- d-----w C:\Program Files\FlashGet
2008-07-31 10:10 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-07-26 22:31 --------- d-----w C:\Program Files\Torrent Harvester
2008-07-26 22:26 --------- d-----w C:\Program Files\RapidSpool
2008-07-24 18:18 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\Vso
2008-07-23 14:59 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\gtk-2.0
2008-07-11 13:01 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\uTorrent
2008-07-09 18:10 --------- d-----w C:\Program Files\ICQToolbar
2008-07-04 15:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 17:58 --------- d-----w C:\Program Files\CloneDVD
2008-06-30 17:53 81,920 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\ezpinst.exe
2008-06-30 17:53 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-30 17:53 47,360 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\pcouffin.sys
2008-06-30 06:12 --------- d-----w C:\Documents and Settings\Zbyněček\Data aplikací\ICQ
2008-06-29 07:59 --------- d-----w C:\Program Files\ICQ6
2008-06-29 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 07:51 --------- d-----w C:\Program Files\ICQLite
2008-06-28 19:51 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\ICQ
2008-06-28 18:38 --------- d-----w C:\Documents and Settings\Michalka\Data aplikací\ICQ
2008-06-25 12:56 --------- d-----w C:\Program Files\Google
2008-06-12 11:42 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\My Battle for Middle-earth(tm) II Files
2008-06-11 16:45 24,768 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\GDIPFONTCACHEV1.DAT
2008-06-11 12:32 --------- d-----w C:\Program Files\EKucharka
2008-06-11 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 10:20 --------- d-----w C:\Program Files\Xvid
2008-06-11 10:12 --------- d-----w C:\Program Files\CCleaner
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-08 19:04 24,768 ----a-w C:\Documents and Settings\Michalka\Data aplikací\GDIPFONTCACHEV1.DAT
2008-06-03 06:51 --------- d-----w C:\Program Files\Seznam Listicka
2008-06-03 06:16 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-06-02 13:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ashampoo
2008-01-30 15:05 24,256 ----a-w C:\Documents and Settings\Zbyněček\Data aplikací\GDIPFONTCACHEV1.DAT
2007-04-16 10:26 56 --sh--r C:\WINDOWS\system32\580E464349.sys
2007-04-16 10:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 23:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008012820080129\index.dat
.

------- Sigcheck -------

2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 16:49 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-23 16:49 86016]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-05-16 15:02 1974345 C:\Program Files\FlashGet\flashget.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S30.tmp"
"LClock"=C:\Program Files\LClock\LClock.exe
"ViStart"=C:\Program Files\ViStart\ViStart.exe
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"EPSON Stylus C48 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
"EPSON Stylus C48 Series (kopie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P33 "EPSON Stylus C48 Series (kopie 1)" /O6 "USB002" /M "Stylus C48"
"InstallRunTimeAccess2000"=
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 19:24]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-28 02:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-07-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\v11jca43.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.cz


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 10:07:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-02 10:09:45
ComboFix-quarantined-files.txt 2008-08-02 08:09:38
ComboFix2.txt 2008-08-02 07:31:04
ComboFix3.txt 2008-07-30 19:55:34

Pre-Run: Volných bajtů: 15,180,021,760
Post-Run: Volných bajtů: 15,168,593,920

174

[fredik]

Ten log z Combofix jsi dělal před provedením předchozích kroků co jsem psal? Jinak jsem myslel tím jako to vypadá, jestli se se po provedení příslušných kroků bude ještě to okno objevovat.

[Zbyna1]

Tak ten poslední log jsem dělal po provedení těch posledních kroků co jsi mi doporučil. Teď jsem nějakou dobu měl zapnutý internet a zatím se to okno neobjevilo. Ale těsně před tím než jsem začal plnit tvá doporučení se ukázalo.
Když by se zase ukázalo, tak bych dal vědět a jinak Ti moc děkuji za pomoc a hlavně za trpělivost se mnou...Díky

[Zbyna1]

Zasílám nový log pro kontrolu:

ComboFix 08-07-31.06 - Vlastník 2008-08-03 11:41:14.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.647 [GMT 2:00]
Running from: C:\Documents and Settings\Vlastník\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vlastník\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-07-30 21:55 . 2008-07-30 21:55 <DIR> d-------- C:\Documents and Settings\ZbynýŔek
2008-07-30 21:55 . 2008-07-30 21:55 <DIR> d-------- C:\Documents and Settings\VlastnÝk
2008-07-29 22:46 . 2008-07-29 22:46 88 --a------ C:\WINDOWS\wininit.ini
2008-07-29 20:14 . 2008-08-03 11:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-29 20:14 . 2008-08-03 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-07-28 11:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 11:22 . 2008-07-28 11:23 <DIR> d-------- C:\Program Files\Java
2008-07-28 01:26 . 2008-07-28 11:06 <DIR> d-------- C:\Program Files\Java(2)
2008-07-27 23:59 . 2008-07-28 22:09 <DIR> d-------- C:\fixwareout
2008-07-27 23:48 . 2008-07-27 23:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-27 22:38 . 2008-07-27 22:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 00:32 . 2008-07-27 00:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-26 22:28 . 2008-07-26 22:32 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-26 07:36 . 2008-07-26 20:48 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\ArCon
2008-07-12 12:09 . 1996-01-12 00:00 722,192 --------- C:\WINDOWS\system32\VB40032.DLL
2008-07-12 12:09 . 1996-12-02 23:44 582,144 -ra------ C:\WINDOWS\system32\DAO350.DLL
2008-07-12 12:09 . 1997-02-17 18:24 519,680 --------- C:\WINDOWS\system32\DBGRID32.OCX
2008-07-12 12:09 . 1997-07-19 17:00 204,048 --------- C:\WINDOWS\system32\DBLIST32.OCX
2008-07-12 12:09 . 1996-12-02 17:27 73,184 -ra------ C:\WINDOWS\system32\DAO2535.TLB
2008-07-12 08:20 . 2008-07-12 08:22 <DIR> d-------- C:\Program Files\Architektura
2008-07-12 08:16 . 1998-04-24 19:09 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2008-07-11 18:15 . 2008-07-11 18:15 445 --a------ C:\WINDOWS\EntPack.dat
2008-07-06 12:23 . 2008-07-11 15:02 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-05 00:01 . 2008-07-05 00:01 <DIR> d-------- C:\Documents and Settings\Vlastník\Data aplikací\GlarySoft
2008-07-04 23:45 . 2008-07-06 12:25 <DIR> d-------- C:\Program Files\Glary Utilities
2008-07-04 17:29 . 2008-07-04 17:29 <DIR> d-------- C:\Documents and Settings\Vlastník\Data aplikací\Zoner
2008-07-04 17:28 . 2008-07-04 17:28 <DIR> d-------- C:\Program Files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 18:14 --------- d-----w C:\Program Files\FlashGet
2008-07-31 10:10 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-07-26 22:31 --------- d-----w C:\Program Files\Torrent Harvester
2008-07-26 22:26 --------- d-----w C:\Program Files\RapidSpool
2008-07-24 18:18 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\Vso
2008-07-23 14:59 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\gtk-2.0
2008-07-11 13:01 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\uTorrent
2008-07-09 18:10 --------- d-----w C:\Program Files\ICQToolbar
2008-07-04 15:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 09:51 --------- d-----w C:\Program Files\ESET
2008-06-30 17:58 --------- d-----w C:\Program Files\CloneDVD
2008-06-30 17:53 81,920 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\ezpinst.exe
2008-06-30 17:53 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-30 17:53 47,360 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\pcouffin.sys
2008-06-30 06:12 --------- d-----w C:\Documents and Settings\Zbyněček\Data aplikací\ICQ
2008-06-29 07:59 --------- d-----w C:\Program Files\ICQ6
2008-06-29 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 07:51 --------- d-----w C:\Program Files\ICQLite
2008-06-28 19:51 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\ICQ
2008-06-28 18:38 --------- d-----w C:\Documents and Settings\Michalka\Data aplikací\ICQ
2008-06-25 12:56 --------- d-----w C:\Program Files\Google
2008-06-12 11:42 --------- d-----w C:\Documents and Settings\Vlastník\Data aplikací\My Battle for Middle-earth(tm) II Files
2008-06-11 16:45 24,768 ----a-w C:\Documents and Settings\Vlastník\Data aplikací\GDIPFONTCACHEV1.DAT
2008-06-11 12:32 --------- d-----w C:\Program Files\EKucharka
2008-06-11 10:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 10:20 --------- d-----w C:\Program Files\Xvid
2008-06-11 10:12 --------- d-----w C:\Program Files\CCleaner
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-08 19:04 24,768 ----a-w C:\Documents and Settings\Michalka\Data aplikací\GDIPFONTCACHEV1.DAT
2008-06-03 06:51 --------- d-----w C:\Program Files\Seznam Listicka
2008-06-03 06:16 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-01-30 15:05 24,256 ----a-w C:\Documents and Settings\Zbyněček\Data aplikací\GDIPFONTCACHEV1.DAT
2007-04-16 10:26 56 --sh--r C:\WINDOWS\system32\580E464349.sys
2007-04-16 10:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 23:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008012820080129\index.dat
.

------- Sigcheck -------

2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 16:49 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-23 16:49 86016]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-23 16:49 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-05-16 15:02 1974345 C:\Program Files\FlashGet\flashget.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S30.tmp"
"LClock"=C:\Program Files\LClock\LClock.exe
"ViStart"=C:\Program Files\ViStart\ViStart.exe
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"EPSON Stylus C42 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"EPSON Stylus C48 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
"EPSON Stylus C48 Series (kopie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P33 "EPSON Stylus C48 Series (kopie 1)" /O6 "USB002" /M "Stylus C48"
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 19:24]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-28 02:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-07-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 11:46:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-03 11:48:59
ComboFix-quarantined-files.txt 2008-08-03 09:48:52
ComboFix2.txt 2008-08-02 08:09:49
ComboFix3.txt 2008-08-02 07:31:04
ComboFix4.txt 2008-07-30 19:55:34

Pre-Run: Volných bajtů: 14,905,278,464
Post-Run: Volných bajtů: 14,962,716,672

166

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Pokud chceš tak si můžeš opačným postupem zapnout u Spybota zpět TeaTimer.