Prosim o kontrolu logu PC-mrzne Vyřešeno

[bruno]

prosim o kontrolu asi je tam šmejd
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:00: VIRUS ALERT!, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: TyphoonDesktop.lnk = C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6290450203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7548263984
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pdoskegl - {ADD1B9D1-0AB6-4C2D-880A-86B5A5CEB019} - (no file)
O21 - SSODL: rqbmvpso - {89D19570-8B19-4A89-8023-98C92F146D24} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.bestwallpapers.sk/albums/3d/ ... d_0634.jpg

--
End of file - 5912 bytes

[Reklama]

[bruno]

ješte posilam LOG z MWAVu
Soubor C:\DOCUME~1\BRUNO~1.JA-\LOCALS~1\Temp\79_003.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Application Data\AppSnap\cache\Win32OpenSSL-0_9_8g.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Local Settings\temp\79_003.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Bruno.JA-3A4C675D4C38\My Documents\My Downloads\installer_125.exe indentifikován jako "not-a-virus:FraudTool.Win32.SpywareIsolator.t". Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{78C22B6C-13B8-4490-BE10-3D404E225A00}\RP83\A0004811.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{78C22B6C-13B8-4490-BE10-3D404E225A00}\RP83\A0004812.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{78C22B6C-13B8-4490-BE10-3D404E225A00}\RP83\A0004813.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{78C22B6C-13B8-4490-BE10-3D404E225A00}\RP83\A0004814.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{78C22B6C-13B8-4490-BE10-3D404E225A00}\RP83\A0004820.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.

[fredik]

Chybí ti tam základní zabezpečení, tak si tam doinstaluj minimálně antivir.

Fixni v HJT tyto položky:
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O21 - SSODL: pdoskegl - {ADD1B9D1-0AB6-4C2D-880A-86B5A5CEB019} - (no file)
O21 - SSODL: rqbmvpso - {89D19570-8B19-4A89-8023-98C92F146D24} - (no file)

Otestuj toto na VirusTotal
C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek pokud něco najde.

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknotí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[bruno]

diky moc jsem štastny človek že jsi mne vzal do parady ty osobne!!
Nejde mi to skontrolovat na virus total-nejde se pripojit nevim jak dal

[fredik]

Pokud nejde otestovat tak ten krok přeskoč a pokračuj dál.

[bruno]

Zasilam LOGY

SDFix: Version 1.219
Run by Bruno on st 08/27/2008 at 01:47

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted



Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\Secure Solutions - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 13:58:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0cf1a]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8b,07,0b,71,ba,de,6e,29,27,9b,fc,58,94,f1,c8,82,78,d3,21,17,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8b,07,0b,71,ba,de,6e,29,27,9b,fc,58,94,f1,c8,82,78,d3,21,17,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8b,07,0b,71,ba,de,6e,29,27,9b,fc,58,94,f1,c8,82,78,d3,21,17,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0013eff0cf1a]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8b,07,0b,71,ba,de,6e,29,27,9b,fc,58,94,f1,c8,82,78,d3,21,17,70,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv07.tmp"
Tue 29 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:48 , on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: TyphoonDesktop.lnk = C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6290450203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7548263984
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.bestwallpapers.sk/albums/3d/ ... d_0634.jpg

--
End of file - 5783 bytes

[bruno]

VIRUS TOTALAhnLab-V3 2008.8.27.1 2008.08.27 -
AntiVir 7.8.1.23 2008.08.27 -
Authentium 5.1.0.4 2008.08.27 -
Avast 4.8.1195.0 2008.08.26 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.27 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.27 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.26 Suspicious File
eTrust-Vet 31.6.6050 2008.08.26 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.27 -
Fortinet 3.14.0.0 2008.08.26 -
GData 19 2008.08.27 -
Ikarus T3.1.1.34.0 2008.08.27 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.27 -
McAfee 5370 2008.08.26 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3391 2008.08.27 -
Norman 5.80.02 2008.08.26 -
Panda 9.0.0.4 2008.08.26 -
PCTools 4.4.2.0 2008.08.26 -
Prevx1 V2 2008.08.27 -
Rising 20.59.21.00 2008.08.27 -
Sophos 4.32.0 2008.08.27 Sus/Spy-B
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.27 -
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.27 -
VBA32 3.12.8.4 2008.08.26 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.26 -
Webwasher-Gateway 6.6.2 2008.08.27 -
Rozšiřující informace

[fredik]

Zkus poslat ještě log z CF:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[bruno]

ahoj zdravim.zasilamlog z kombofixu doufa že to bude dobre kaspersky antivirus to dedekoval jako trojana ale dal jsem povolit všechny ikony se zobrazili ale kaspersky ne(na spodni lište)
ComboFix 08-08-26.03 - Bruno 2008-08-27 17:57:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.142 [GMT 2:00]
Running from: C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Adobe\crc.dat
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\inst.exe
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\macromedia\Flash Player\#SharedObjects\QBC2PNSM\bin.clearspring.com
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\macromedia\Flash Player\#SharedObjects\QBC2PNSM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\BHNnmUvw.ini
C:\WINDOWS\system32\BHNnmUvw.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-27 14:51 . 2008-08-27 18:22 1,851,168 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-27 14:51 . 2008-08-27 15:03 96,976 --a--c--- C:\WINDOWS\system32\drivers\klin.dat
2008-08-27 14:51 . 2008-08-27 15:03 87,855 --a--c--- C:\WINDOWS\system32\drivers\klick.dat
2008-08-27 14:51 . 2008-08-27 18:22 27,884 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-27 14:50 . 2008-08-27 14:50 <DIR> d----c--- C:\Program Files\Kaspersky Lab
2008-08-27 14:50 . 2008-08-27 15:07 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-27 14:50 . 2008-08-27 18:25 12,320 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-27 14:50 . 2008-08-27 18:22 2,156 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-27 13:45 . 2008-08-27 13:59 <DIR> d----c--- C:\SDFix
2008-08-27 13:01 . 2008-08-27 13:01 <DIR> d----c--- C:\WINDOWS\erunt
2008-08-27 07:41 . 2008-08-27 07:41 0 --a--c--- C:\23990098.$$$
2008-08-27 05:21 . 2008-08-27 05:27 52 --a--c--- C:\WINDOWS\Lic.xxx
2008-08-27 05:20 . 2008-08-27 05:20 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\MicroWorld
2008-08-27 05:20 . 2004-08-04 01:56 146,432 --a--c--- C:\WINDOWS\R.COM
2008-08-27 05:20 . 2004-08-04 01:56 135,680 --a--c--- C:\WINDOWS\system32\T.COM
2008-08-27 01:34 . 2008-08-27 15:07 <DIR> d----c--- C:\WINDOWS\system32\CatRoot2
2008-08-26 23:17 . 2008-08-26 23:17 <DIR> d----c--- C:\Program Files\Trend Micro
2008-08-26 18:26 . 2008-08-26 18:26 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\services
2008-08-26 18:26 . 2008-08-26 19:57 12,288 --a--c--- C:\WINDOWS\system32\tdssserf.dll
2008-08-26 18:24 . 2008-08-26 17:57 86,016 --a--c--- C:\WINDOWS\rvoelbxt.exe
2008-08-26 18:03 . 2008-08-26 18:03 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Thinstall
2008-08-26 11:59 . 2008-08-26 11:59 491,520 --a--c--- C:\WINDOWS\WebIE.dll
2008-08-26 11:56 . 2008-08-26 12:23 <DIR> d----c--- C:\TRANSLAT
2008-08-26 11:56 . 2008-08-26 18:15 4,562 --a--c--- C:\WINDOWS\WTRAN32.INI
2008-08-26 11:56 . 2008-08-26 19:15 2,497 --a--c--- C:\WINDOWS\TRNCOM.INI
2008-08-26 11:56 . 2008-08-26 14:39 1,854 --a--c--- C:\WINDOWS\WDICT32.INI
2008-08-26 11:56 . 2008-08-27 17:50 1,802 --a--c--- C:\WINDOWS\MAILTRAN.INI
2008-08-26 10:56 . 2008-08-26 10:56 356,352 --a--c--- C:\WINDOWS\TrnOutl.dll
2008-08-26 10:56 . 2008-08-26 10:56 294,912 --a--c--- C:\WINDOWS\TrnWord.dll
2008-08-26 10:56 . 2008-08-26 10:56 45,056 --a--c--- C:\WINDOWS\TRNOEH.DLL
2008-08-26 10:56 . 2008-08-26 12:14 42 --a--c--- C:\WINDOWS\WTRDCTM.INI
2008-08-26 10:54 . 2008-08-26 11:57 516,096 --a--c--- C:\WINDOWS\UN32.EXE
2008-08-26 10:54 . 2008-08-26 11:57 2,753 --a--c--- C:\WINDOWS\UN32P.INI
2008-08-25 18:48 . 2008-08-25 18:48 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-08-24 16:43 . 2008-08-24 16:43 <DIR> d----c--- C:\Program Files\ReflexiveArcade
2008-08-23 23:22 . 2008-08-23 23:22 <DIR> d----c--- C:\users
2008-08-23 23:22 . 2008-08-24 16:33 <DIR> d----c--- C:\My Games
2008-08-23 23:21 . 2008-08-24 17:36 <DIR> d----c--- C:\Program Files\RealArcade
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-21 16:27 . 2008-08-21 17:53 <DIR> d----c--- C:\Program Files\PC Connectivity Solution
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\drivers\bthpan.sys
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\irftp.exe
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\wshirda.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\drivers\bthenum.sys
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-08-19 15:10 . 2005-07-30 03:55 90,624 --a--c--- C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-08-19 15:10 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\drivers\kstvtune.ax
2008-08-19 15:10 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-08-19 15:10 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\drivers\ksxbar.ax
2008-08-19 15:10 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\drivers\vidcap.ax
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Ludia
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-08-18 22:08 . 2008-08-18 22:08 <DIR> d----c--- C:\WINDOWS\Hell's Kitchen
2008-08-18 18:13 . 2008-08-18 18:13 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
2008-08-18 18:08 . 2008-08-18 18:08 <DIR> d----c--- C:\WINDOWS\Fairy Jewels 2
2008-08-14 21:13 . 2008-08-14 21:13 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Vso
2008-08-14 21:13 . 2008-08-14 21:13 47,360 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\pcouffin.sys
2008-08-14 16:23 . 2008-08-14 16:23 <DIR> d----c--- C:\WINDOWS\Bloom Busters
2008-08-10 15:19 . 2008-08-10 15:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\iWin
2008-08-10 09:27 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-08-10 09:24 . 2008-08-10 09:24 <DIR> d----c--- C:\Program Files\DIFX
2008-08-10 09:21 . 2008-08-21 16:25 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-08-09 23:44 . 2008-08-21 16:51 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Nokia
2008-08-09 23:44 . 2008-08-09 23:44 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\DataLayer
2008-08-09 23:30 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\PC Suite
2008-08-09 23:29 . 2008-08-10 09:23 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-08-09 23:27 . 2008-08-09 23:27 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Leadertech
2008-08-09 23:25 . 2008-08-10 12:48 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeUM
2008-08-09 23:25 . 2008-08-09 23:25 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeAUM
2008-08-09 23:08 . 2008-08-10 09:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Phone Browser
2008-08-09 23:07 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Common Files\PCSuite
2008-08-09 23:06 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Nokia
2008-08-07 19:30 . 2008-08-07 19:30 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MysteryStudio
2008-08-07 19:30 . 2008-08-07 19:36 311 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\bbbconfig.dat
2008-08-06 23:02 . 2008-08-06 23:02 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-08-06 22:45 . 2008-08-06 22:45 <DIR> d----c--- C:\WINDOWS\16 Big Fish Games
2008-08-05 12:42 . 2008-06-17 15:14 499,712 --a--c--- C:\WINDOWS\system32\msvcp71.dll
2008-08-05 12:42 . 2008-06-17 15:17 348,160 --a--c--- C:\WINDOWS\system32\msvcr71.dll
2008-08-04 18:50 . 2008-08-08 15:57 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Winamp
2008-08-03 06:35 . 2008-08-03 06:35 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TyphoonTools
2008-08-03 06:33 . 2008-08-03 06:34 <DIR> d----c--- C:\Program Files\TyphoonTools
2008-08-02 14:50 . 2008-08-27 18:23 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\OpenOffice.org2
2008-08-02 13:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-01 10:02 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Program Files\Uniblue
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Uniblue
2008-08-01 00:57 . 2008-08-01 01:04 <DIR> d----c--- C:\Program Files\Windows Desktop Search
2008-08-01 00:47 . 2008-08-01 00:47 355,584 --a--c--- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-31 22:18 . 2008-07-31 22:18 <DIR> d---sc--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\UserData
2008-07-31 22:05 . 2008-05-29 09:28 28,416 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-07-31 19:18 . 2008-08-26 23:14 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-07-31 19:18 . 2008-08-26 21:58 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\SUPERAntiSpyware.com
2008-07-31 19:18 . 2008-07-31 19:18 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-31 18:56 . 2008-07-31 19:01 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-07-31 18:56 . 2005-04-15 20:58 1,071,088 --a--c--- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-31 18:56 . 2005-08-25 19:18 118,784 --a--c--- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-31 15:28 . 2008-07-31 15:28 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TuneUp Software
2008-07-31 14:24 . 2008-08-27 18:24 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\skypePM
2008-07-31 14:23 . 2008-08-27 18:24 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Skype
2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-07-31 13:24 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-31 13:23 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-31 13:22 . 2004-08-04 01:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-31 13:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\irclass.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-31 12:36 . 2008-07-31 12:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MiniDm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 13:04 112,144 -c--a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-27 12:49 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-26 21:14 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 17:20 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 12:02 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-08-23 18:18 --------- dc----w C:\Program Files\directx
2008-08-20 10:39 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-08-08 13:57 --------- dc----w C:\Program Files\Winamp
2008-08-02 12:26 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-25 07:20 --------- dc----w C:\Program Files\Yahoo! Games
2008-07-24 19:40 --------- dc----w C:\Program Files\PopCap Games
2008-07-24 19:29 --------- dc----w C:\Program Files\TryMedia
2008-07-24 01:45 --------- dc----w C:\Program Files\Xvid CZ
2008-07-23 17:26 --------- dc----w C:\Program Files\Oberon Media
2008-07-23 04:57 --------- dc----w C:\Program Files\Codec Pack - All In 1
2008-07-23 03:18 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-23 02:30 717,296 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-18 23:10 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-07-18 23:01 --------- dc----w C:\Program Files\Webteh
2008-07-18 16:26 --------- dc----w C:\Program Files\Java
2008-07-18 00:51 --------- dc----w C:\Program Files\Common Files\Oberon Media
2008-07-17 16:43 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-07-17 10:52 --------- dc----w C:\Program Files\OpenOffice.org 2.4
2008-07-17 10:13 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-17 09:58 --------- dc----w C:\Program Files\Realtek AC97
2008-07-17 08:36 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org2
2008-07-17 08:27 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Skype
2008-07-17 08:22 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\skypePM
2008-07-16 05:25 --------- dc----w C:\Program Files\Common Files\BOONTY Shared
2008-07-16 04:18 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Winamp
2008-07-15 07:38 --------- dc----w C:\Program Files\MSXML 6.0
2008-07-15 07:36 --------- dc----w C:\Program Files\MSXML 4.0
2008-07-15 07:15 --------- dc----w C:\Program Files\readmes
2008-07-15 07:15 --------- dc----w C:\Program Files\licenses
2008-07-15 07:00 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org3
2008-07-15 02:40 --------- dc----w C:\Program Files\BitLord
2008-07-14 22:54 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\TuneUp Software
2008-07-12 20:19 --------- dc----w C:\Program Files\Support Tools
2008-07-12 14:55 --------- dc----w C:\Program Files\Application Compatibility Toolkit
2008-07-12 07:42 --------- dc----w C:\Program Files\Vimicro
2008-07-11 13:38 --------- dc----w C:\Program Files\ATI Technologies
2008-07-08 13:48 --------- dc----w C:\Documents and Settings\admin\Application Data\Skype
2008-07-08 09:12 --------- dc----w C:\Documents and Settings\admin\Application Data\skypePM
2008-07-08 06:47 --------- dc----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-07 20:06 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-06 18:26 --------- dc----w C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-02 18:49 --------- dc----w C:\Documents and Settings\admin\Application Data\ESET
2008-07-02 15:08 --------- dc----w C:\Program Files\Common Files\Java
2008-06-30 13:40 --------- dc----w C:\Documents and Settings\admin\Application Data\Winamp
2008-06-30 12:12 --------- dc----w C:\Documents and Settings\admin\Application Data\MusicIP
2008-06-28 09:24 --------- dc----w C:\Program Files\Common Files\DFX
2008-06-24 16:28 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:12 667,136 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 245,248 -c--a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 04:05 593,920 -c--a-w C:\WINDOWS\system32\ati2sgag.exe
2008-06-03 03:46 10,276,864 -c--a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 -c--a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 -c--a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 -c--a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 -c--a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 -c--a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 -c--a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 -c--a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 -c--a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 -c--a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 -c--a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 -c--a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 -c--a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 -c--a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 -c--a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 -c--a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 -c--a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 -c--a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-11 09:44 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys
2007-08-18 11:17 20,344 -c--a-w C:\Documents and Settings\admin\Application Data\Pamela_Crash_46C6D53C.zip
2006-10-13 16:29 93 -c--a-w C:\Program Files\FICS.INI
2006-10-12 21:18 93 -c--a-w C:\Program Files\ITCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\RUCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\GRCS.INI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-07-01 08:06 148480]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 20:37 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]

C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TyphoonDesktop.lnk - C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe [2008-08-03 06:34:36 1093632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Czech\\setup.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-01 00:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

BHO-{851CA37E-5CB1-488A-AB26-3B165BDDF73C} - C:\WINDOWS\system32\wvUmnNHB.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Mozilla\Firefox\Profiles\4ece72qn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.zoznam.sk/?
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 18:24:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-27 18:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 16:29:55

Pre-Run: 14,844,858,368 bytes free
Post-Run: 14,889,951,232 bytes free

336

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\rvoelbxt.exe

Folder::
C:\Program Files\Common Files\BOONTY Shared

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[bruno]

ahoj zdravim te .Zassilam log ComboFix.
Ješte bych se chtel zeptat ,Kaspersky mi tam dedekuje tyto veci ešte neni cely sken
odstraněno: virus EICAR-Test-File Soubor: C:\DOCUME~1\BRUNO~1.JA-\LOCALS~1\Temp\Av-test.txt

zjištěno: Trojský kůň Trojan.Win32.Agent.ynz Adresa URL: http://cokkeren83.googlepages.com/8.595 ... h.UPX//UPX
nebylo nalezeno: virus Heur.Invader (varianta) Soubor: c:\documents and settings\bruno.ja-3a4c675d4c38\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
ComboFix 08-08-27.05 - Bruno 2008-08-28 10:10:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.267 [GMT 2:00]
Running from: C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\tdssserf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\rvoelbxt.exe
C:\WINDOWS\system32\tdssserf.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-27 14:51 . 2008-08-28 10:17 5,657,376 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-27 14:51 . 2008-08-27 15:03 96,976 --a--c--- C:\WINDOWS\system32\drivers\klin.dat
2008-08-27 14:51 . 2008-08-27 15:03 87,855 --a--c--- C:\WINDOWS\system32\drivers\klick.dat
2008-08-27 14:51 . 2008-08-28 10:14 79,928 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-27 14:50 . 2008-08-27 14:50 <DIR> d----c--- C:\Program Files\Kaspersky Lab
2008-08-27 14:50 . 2008-08-28 09:33 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-27 14:50 . 2008-08-28 10:15 25,376 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-27 14:50 . 2008-08-28 10:14 4,424 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-27 13:45 . 2008-08-27 13:59 <DIR> d----c--- C:\SDFix
2008-08-27 13:01 . 2008-08-27 13:01 <DIR> d----c--- C:\WINDOWS\erunt
2008-08-27 07:41 . 2008-08-27 07:41 0 --a--c--- C:\23990098.$$$
2008-08-27 05:21 . 2008-08-27 05:27 52 --a--c--- C:\WINDOWS\Lic.xxx
2008-08-27 05:20 . 2008-08-27 05:20 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\MicroWorld
2008-08-27 05:20 . 2004-08-04 01:56 146,432 --a--c--- C:\WINDOWS\R.COM
2008-08-27 05:20 . 2004-08-04 01:56 135,680 --a--c--- C:\WINDOWS\system32\T.COM
2008-08-27 01:34 . 2008-08-28 09:33 <DIR> d----c--- C:\WINDOWS\system32\CatRoot2
2008-08-26 23:17 . 2008-08-26 23:17 <DIR> d----c--- C:\Program Files\Trend Micro
2008-08-26 18:26 . 2008-08-26 18:26 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\services
2008-08-26 18:03 . 2008-08-26 18:03 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Thinstall
2008-08-26 11:59 . 2008-08-26 11:59 491,520 --a--c--- C:\WINDOWS\WebIE.dll
2008-08-26 11:56 . 2008-08-26 12:23 <DIR> d----c--- C:\TRANSLAT
2008-08-26 11:56 . 2008-08-26 18:15 4,562 --a--c--- C:\WINDOWS\WTRAN32.INI
2008-08-26 11:56 . 2008-08-28 10:05 2,529 --a--c--- C:\WINDOWS\TRNCOM.INI
2008-08-26 11:56 . 2008-08-26 14:39 1,854 --a--c--- C:\WINDOWS\WDICT32.INI
2008-08-26 11:56 . 2008-08-28 09:59 1,802 --a--c--- C:\WINDOWS\MAILTRAN.INI
2008-08-26 10:56 . 2008-08-26 10:56 356,352 --a--c--- C:\WINDOWS\TrnOutl.dll
2008-08-26 10:56 . 2008-08-26 10:56 294,912 --a--c--- C:\WINDOWS\TrnWord.dll
2008-08-26 10:56 . 2008-08-26 10:56 45,056 --a--c--- C:\WINDOWS\TRNOEH.DLL
2008-08-26 10:56 . 2008-08-26 12:14 42 --a--c--- C:\WINDOWS\WTRDCTM.INI
2008-08-26 10:54 . 2008-08-26 11:57 516,096 --a--c--- C:\WINDOWS\UN32.EXE
2008-08-26 10:54 . 2008-08-26 11:57 2,753 --a--c--- C:\WINDOWS\UN32P.INI
2008-08-25 18:48 . 2008-08-25 18:48 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-08-24 16:43 . 2008-08-24 16:43 <DIR> d----c--- C:\Program Files\ReflexiveArcade
2008-08-23 23:22 . 2008-08-23 23:22 <DIR> d----c--- C:\users
2008-08-23 23:22 . 2008-08-24 16:33 <DIR> d----c--- C:\My Games
2008-08-23 23:21 . 2008-08-24 17:36 <DIR> d----c--- C:\Program Files\RealArcade
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 16:36 . 2008-08-21 16:36 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-21 16:27 . 2008-08-21 17:53 <DIR> d----c--- C:\Program Files\PC Connectivity Solution
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\drivers\bthpan.sys
2008-08-20 12:34 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\irftp.exe
2008-08-20 12:33 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-08-20 12:33 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\wshirda.dll
2008-08-20 12:33 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\drivers\bthenum.sys
2008-08-19 21:39 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-08-19 15:13 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-08-19 15:10 . 2005-07-30 03:55 90,624 --a--c--- C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-08-19 15:10 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\drivers\kstvtune.ax
2008-08-19 15:10 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-08-19 15:10 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\drivers\ksxbar.ax
2008-08-19 15:10 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\drivers\vidcap.ax
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Ludia
2008-08-18 22:09 . 2008-08-18 22:09 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-08-18 22:08 . 2008-08-18 22:08 <DIR> d----c--- C:\WINDOWS\Hell's Kitchen
2008-08-18 18:13 . 2008-08-18 18:13 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
2008-08-18 18:08 . 2008-08-18 18:08 <DIR> d----c--- C:\WINDOWS\Fairy Jewels 2
2008-08-14 21:13 . 2008-08-14 21:13 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Vso
2008-08-14 21:13 . 2008-08-14 21:13 47,360 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\pcouffin.sys
2008-08-14 16:23 . 2008-08-14 16:23 <DIR> d----c--- C:\WINDOWS\Bloom Busters
2008-08-10 15:19 . 2008-08-10 15:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\iWin
2008-08-10 09:27 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-08-10 09:24 . 2008-08-10 09:24 <DIR> d----c--- C:\Program Files\DIFX
2008-08-10 09:21 . 2008-08-21 16:25 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-08-09 23:44 . 2008-08-21 16:51 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Nokia
2008-08-09 23:44 . 2008-08-09 23:44 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\DataLayer
2008-08-09 23:30 . 2008-08-21 16:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\PC Suite
2008-08-09 23:29 . 2008-08-10 09:23 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-08-09 23:27 . 2008-08-09 23:27 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Leadertech
2008-08-09 23:25 . 2008-08-10 12:48 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeUM
2008-08-09 23:25 . 2008-08-09 23:25 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\AdobeAUM
2008-08-09 23:08 . 2008-08-10 09:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Phone Browser
2008-08-09 23:07 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Common Files\PCSuite
2008-08-09 23:06 . 2008-08-26 11:36 <DIR> d----c--- C:\Program Files\Nokia
2008-08-07 19:30 . 2008-08-07 19:30 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MysteryStudio
2008-08-07 19:30 . 2008-08-07 19:36 311 --a--c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\bbbconfig.dat
2008-08-06 23:02 . 2008-08-06 23:02 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-08-06 22:45 . 2008-08-06 22:45 <DIR> d----c--- C:\WINDOWS\16 Big Fish Games
2008-08-05 12:42 . 2008-06-17 15:14 499,712 --a--c--- C:\WINDOWS\system32\msvcp71.dll
2008-08-05 12:42 . 2008-06-17 15:17 348,160 --a--c--- C:\WINDOWS\system32\msvcr71.dll
2008-08-04 18:50 . 2008-08-08 15:57 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Winamp
2008-08-03 06:35 . 2008-08-03 06:35 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TyphoonTools
2008-08-03 06:33 . 2008-08-03 06:34 <DIR> d----c--- C:\Program Files\TyphoonTools
2008-08-02 14:50 . 2008-08-28 10:15 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\OpenOffice.org2
2008-08-02 13:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-01 10:02 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Program Files\Uniblue
2008-08-01 01:19 . 2008-08-01 01:19 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Uniblue
2008-08-01 00:57 . 2008-08-01 01:04 <DIR> d----c--- C:\Program Files\Windows Desktop Search
2008-08-01 00:47 . 2008-08-01 00:47 355,584 --a--c--- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-31 22:18 . 2008-07-31 22:18 <DIR> d---sc--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\UserData
2008-07-31 22:05 . 2008-05-29 09:28 28,416 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-07-31 19:18 . 2008-08-26 23:14 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-07-31 19:18 . 2008-08-26 21:58 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\SUPERAntiSpyware.com
2008-07-31 19:18 . 2008-07-31 19:18 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-31 18:56 . 2008-07-31 19:01 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-07-31 18:56 . 2005-04-15 20:58 1,071,088 --a--c--- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-31 18:56 . 2005-08-25 19:18 118,784 --a--c--- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-31 15:28 . 2008-07-31 15:28 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\TuneUp Software
2008-07-31 14:24 . 2008-08-28 09:32 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\skypePM
2008-07-31 14:23 . 2008-08-28 10:16 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\Skype
2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-07-31 13:24 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-31 13:23 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-31 13:22 . 2004-08-04 01:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-31 13:18 . 2008-07-31 13:18 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-31 13:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\irclass.dll
2008-07-31 13:02 . 2004-08-04 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-31 12:36 . 2008-07-31 12:36 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\MiniDm
2008-07-31 12:34 . 2008-07-31 12:34 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Application Data\IEPro
2008-07-31 12:31 . 2008-08-27 09:22 <DIR> d----c--- C:\Documents and Settings\Bruno.JA-3A4C675D4C38

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 13:04 112,144 -c--a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-27 12:49 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-26 21:14 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 17:20 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 12:02 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-08-23 18:18 --------- dc----w C:\Program Files\directx
2008-08-20 10:39 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-08-08 13:57 --------- dc----w C:\Program Files\Winamp
2008-08-02 12:26 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-07-27 18:44 --------- dc----w C:\Program Files\FunPause Atlantis
2008-07-27 12:55 2,277,376 -c--a-w C:\WINDOWS\system32\TUKernel.exe
2008-07-25 07:20 --------- dc----w C:\Program Files\Yahoo! Games
2008-07-24 19:40 --------- dc----w C:\Program Files\PopCap Games
2008-07-24 19:29 --------- dc----w C:\Program Files\TryMedia
2008-07-24 01:45 --------- dc----w C:\Program Files\Xvid CZ
2008-07-23 17:26 --------- dc----w C:\Program Files\Oberon Media
2008-07-23 04:57 --------- dc----w C:\Program Files\Codec Pack - All In 1
2008-07-23 03:18 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-23 02:30 717,296 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-18 23:10 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-07-18 23:01 --------- dc----w C:\Program Files\Webteh
2008-07-18 16:26 --------- dc----w C:\Program Files\Java
2008-07-18 00:51 --------- dc----w C:\Program Files\Common Files\Oberon Media
2008-07-17 16:43 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-07-17 10:52 --------- dc----w C:\Program Files\OpenOffice.org 2.4
2008-07-17 10:13 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-17 09:58 --------- dc----w C:\Program Files\Realtek AC97
2008-07-17 08:36 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org2
2008-07-17 08:27 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Skype
2008-07-17 08:22 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\skypePM
2008-07-16 04:18 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\Winamp
2008-07-15 07:38 --------- dc----w C:\Program Files\MSXML 6.0
2008-07-15 07:36 --------- dc----w C:\Program Files\MSXML 4.0
2008-07-15 07:15 --------- dc----w C:\Program Files\readmes
2008-07-15 07:15 --------- dc----w C:\Program Files\licenses
2008-07-15 07:00 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\OpenOffice.org3
2008-07-15 02:40 --------- dc----w C:\Program Files\BitLord
2008-07-14 22:54 --------- dc----w C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Application Data\TuneUp Software
2008-07-12 20:19 --------- dc----w C:\Program Files\Support Tools
2008-07-12 14:55 --------- dc----w C:\Program Files\Application Compatibility Toolkit
2008-07-12 07:42 --------- dc----w C:\Program Files\Vimicro
2008-07-11 13:38 --------- dc----w C:\Program Files\ATI Technologies
2008-07-08 13:48 --------- dc----w C:\Documents and Settings\admin\Application Data\Skype
2008-07-08 09:12 --------- dc----w C:\Documents and Settings\admin\Application Data\skypePM
2008-07-08 06:47 --------- dc----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-07 20:06 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-07-06 18:26 --------- dc----w C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-02 18:49 --------- dc----w C:\Documents and Settings\admin\Application Data\ESET
2008-07-02 15:08 --------- dc----w C:\Program Files\Common Files\Java
2008-06-30 13:40 --------- dc----w C:\Documents and Settings\admin\Application Data\Winamp
2008-06-30 12:12 --------- dc----w C:\Documents and Settings\admin\Application Data\MusicIP
2008-06-28 09:24 --------- dc----w C:\Program Files\Common Files\DFX
2008-06-24 16:28 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:12 667,136 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 245,248 -c--a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 04:05 593,920 -c--a-w C:\WINDOWS\system32\ati2sgag.exe
2008-06-03 03:46 10,276,864 -c--a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 -c--a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 -c--a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 -c--a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 -c--a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 -c--a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 -c--a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 -c--a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 -c--a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 -c--a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 -c--a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 -c--a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 -c--a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 -c--a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 -c--a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 -c--a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 -c--a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 -c--a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 -c--a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-11 09:44 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys
2007-08-18 11:17 20,344 -c--a-w C:\Documents and Settings\admin\Application Data\Pamela_Crash_46C6D53C.zip
2006-10-13 16:29 93 -c--a-w C:\Program Files\FICS.INI
2006-10-12 21:18 93 -c--a-w C:\Program Files\ITCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\RUCS.INI
2006-10-02 20:11 93 -c--a-w C:\Program Files\GRCS.INI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-07-01 08:06 148480]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 20:37 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Bruno.BRUNO-35CC1FAC6\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]

C:\Documents and Settings\Bruno.JA-3A4C675D4C38\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-31 00:18:42 393216]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TyphoonDesktop.lnk - C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe [2008-08-03 06:34:36 1093632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Czech\\setup.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-01 00:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-28 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 10:15:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-28 10:20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 08:20:38
ComboFix2.txt 2008-08-27 16:30:09

Pre-Run: 14,926,626,816 bytes free
Post-Run: 14,936,088,576 bytes free

320 --- E O F --- 2008-08-28 07:35:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:06 , on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\TyphoonTools\TyphoonWallpaper\TyphoonWallpaper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: TyphoonDesktop.lnk = C:\Program Files\TyphoonTools\TyphoonDesktop\TyphoonDesktop.exe
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6290450203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7548263984
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - http://www.bestwallpapers.sk/albums/3d/ ... d_0634.jpg

--
End of file - 6479 bytes

[fredik]

Ty dva soubory co jsi jmenoval jsou v pořádku:
EICAR - používá CF k testování jestli je aktivní rez. ochrana antiviru
catchme - používá k detekci skrytých položek v registru, na disku ...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Ohledně toho spouštění KIS, zkus udělat toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\""

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
Restartuj Pc a jestli bude po startu ještě problém.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej pak vědět jak to vypadá.