prosim o prohlidnuti logu SDFIX,Smitfraudfix Vyřešeno

[Yelkinson]

Pri stahovani souboru na me vyskocil nod z nejakym trojanem nebo co tak jsem to projel Superantispyware,SDfix a Smidfraudfix ale stejne mi porad vyskakuje na liste You have a securiti problem! a ikonu to ma jako kdyz jsou vypnuty aktualizace!


SDFix: Version 1.229
Run by Administrator on p  26.09.2008 at 16:51

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\Program Files\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 16:54:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:90,0c,1a,49,67,d3,2b,c4,d6,7a,f4,04,08,cb,22,e7,da,85,b2,81,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,1e,7a,2e,7e,fd,62,cb,8a,aa,fd,0d,c6,cc,06,f1,98,..
"khjeh"=hex:5c,b4,15,e7,ae,45,aa,45,0e,ca,88,ca,d9,b7,8f,91,33,9b,8e,6d,b0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c6,a9,4f,f2,af,6a,28,73,95,b2,d0,45,26,0a,95,a8,de,58,81,0b,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:90,0c,1a,49,67,d3,2b,c4,d6,7a,f4,04,08,cb,22,e7,da,85,b2,81,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,1e,7a,2e,7e,fd,62,cb,8a,aa,fd,0d,c6,cc,06,f1,98,..
"khjeh"=hex:5c,b4,15,e7,ae,45,aa,45,0e,ca,88,ca,d9,b7,8f,91,33,9b,8e,6d,b0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c6,a9,4f,f2,af,6a,28,73,95,b2,d0,45,26,0a,95,a8,de,58,81,0b,88,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Counter-Strike\\hl.exe"="C:\\Program Files\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Counter-Strike Source\\srcds.exe"="C:\\Program Files\\Counter-Strike Source\\srcds.exe:*:Enabled:Counter-Strike Source Server"
"C:\\Program Files\\Counter-Strike\\cstrike.exe"="C:\\Program Files\\Counter-Strike\\cstrike.exe:*:Enabled:Counter-Strike 1.6"
"C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe"="C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe:*:Enabled:ConvertXtoDVD 3"
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"="C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Ashampoo\\Ashampoo Burning Studio 7\\burningstudio.exe"="C:\\Program Files\\Ashampoo\\Ashampoo Burning Studio 7\\burningstudio.exe:*:Enabled:Ashampoo Burning Studio 7"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Documents and Settings\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Documents and Settings\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :


Finished!

________________________________________________________________________________________________________________________


ty ostatni logy nemuzu najit ani ve svych slozkach kde maji byt!tak sem dam jeste log z HJT!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:08, on 26.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\FIX\LOCALS~1\Temp\video207.cfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\FIX\LOCALS~1\Temp\b.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\FIX\LOCALS~1\Temp\video207.cfg.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4621 bytes

[Reklama]

[Yelkinson]

A ted jak sem to napsal tak na me jeste vyskocil Suspenzor PC

[jaro3]

No to je pěkný, použití SDFix a Smitfraud je na Tvoje riziko...Jestli budeš mít něco popřeházené nebo něco pryč( ikony ,soubory), tak upozorňuji, že to nedám už zpět, restore umí tak Fredik, já ne..
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Yelkinson]

tohle sou obrazky

jo a uz du na ten combo!zatim dik a nic se mi zatim nemazlo!

[jaro3]

Na nic neklikej a spusť ComboFix.

[Yelkinson]

ComboFix 08-09-25.07 - FIX 2008-09-26 17:51:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.339 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\FIX\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\FIX\Data aplikacˇ\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-26 do 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-26 17:09 . 2008-09-26 17:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 16:50 . 2008-09-26 16:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-26 16:49 . 2008-09-25 04:31 <DIR> d-------- C:\SDFix
2008-09-26 16:44 . 2008-09-26 16:44 2,266 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-26 16:37 . 2008-09-26 16:56 <DIR> d-------- C:\Program Files\SDFix
2008-09-26 16:15 . <DIR> C:\Documents and Settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2008-09-26 16:01 . 2008-09-26 16:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 16:01 . <DIR> C:\Documents and Settings\FIX\Data aplikací\SUPERAntiSpyware.com
2008-09-26 16:00 . 2008-09-26 16:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 15:48 . 2008-08-16 20:25 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-09-26 15:48 . 2008-08-22 20:22 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-09-26 15:48 . 2008-08-16 22:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-09-26 15:48 . 2008-08-16 22:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-09-26 15:48 . 2008-09-26 16:26 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-09-26 15:48 . 2008-08-16 22:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-09-26 15:48 . 2008-08-16 22:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-09-26 15:48 . <DIR> C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2008-09-26 15:48 . 2008-09-26 16:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-09-26 15:48 . 2008-09-26 15:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-26 11:54 . 2008-09-26 12:12 <DIR> d-------- C:\Program Files\HyperSnap 6
2008-09-26 03:08 . 2008-09-26 03:08 <DIR> d-------- C:\Program Files\Belarc
2008-09-26 03:08 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-09-24 12:33 . 2008-09-25 12:32 <DIR> d-------- C:\Program Files\SysMetrix
2008-09-24 12:09 . 2008-09-24 12:09 <DIR> d-------- C:\Program Files\Lavalys
2008-09-24 11:33 . 2008-09-24 11:34 <DIR> d-------- C:\zkouska
2008-09-22 16:49 . 2008-09-22 16:49 <DIR> d-------- C:\Program Files\VS Revo Group
2008-09-21 16:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 16:53 . 2008-09-21 16:53 <DIR> d-------- C:\Program Files\MSBuild
2008-09-20 17:53 . 2008-09-26 01:39 <DIR> d-------- C:\Program Files\Counter-Strike Source
2008-09-18 04:07 . 2008-09-18 04:07 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-18 04:07 . <DIR> C:\Documents and Settings\FIX\Data aplikací\skypePM
2008-09-18 04:07 . 2008-09-18 04:07 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-14 12:34 . 2008-09-14 12:36 <DIR> d-------- C:\Program Files\Video Convert Master
2008-09-14 12:34 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-09-14 12:34 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-09-14 12:03 . 2008-09-14 12:03 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-13 17:47 . 2008-09-13 17:47 <DIR> d-------- C:\Documents and Settings\FIX\Saved Games
2008-09-13 17:46 . <DIR> C:\Documents and Settings\FIX\Data aplikací\iWin
2008-09-09 01:38 . 2008-09-09 01:38 <DIR> d-------- C:\Program Files\ESET
2008-09-09 01:03 . 2008-09-09 01:03 <DIR> d-------- C:\Program Files\CCleaner
2008-09-07 17:32 . 2008-09-07 17:32 <DIR> d-------- C:\Program Files\AvRack
2008-09-07 17:32 . 2008-09-07 17:32 <DIR> d-------- C:\Program Files\Avance Sound Manager
2008-09-07 17:32 . 2002-03-21 12:41 544,768 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-09-07 17:32 . 2002-03-25 22:13 303,948 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-09-07 17:32 . 2002-04-19 13:30 208,896 --------- C:\WINDOWS\alcupd.exe
2008-09-07 17:32 . 2002-02-05 15:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-09-07 17:32 . 2002-04-19 13:30 135,168 --------- C:\WINDOWS\alcrmv.exe
2008-09-07 17:32 . 2002-03-21 12:23 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-09-07 17:32 . 2008-09-14 12:12 164 --a------ C:\WINDOWS\avrack.ini
2008-09-07 17:30 . 2002-04-22 00:00 93,594 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-09-07 17:30 . 2002-04-22 00:00 46,414 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-09-07 17:30 . 2002-04-22 00:00 13,782 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-09-07 17:26 . 2008-09-07 17:30 <DIR> d-------- C:\Program Files\Intel
2008-09-07 17:24 . 2000-03-29 16:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-09-07 17:24 . 2008-09-07 17:34 3,467 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-09-06 23:55 . 2008-09-20 18:19 <DIR> d-------- C:\Program Files\DesetiPrsty
2008-09-06 19:57 . 2008-09-06 19:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-06 19:50 . 2008-09-06 19:50 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-06 19:46 . 2008-09-06 19:46 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-06 19:45 . <DIR> C:\Documents and Settings\FIX\Data aplikací\DAEMON Tools
2008-09-06 15:11 . 2008-09-06 15:11 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-06 15:06 . 2008-09-20 13:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-06 15:05 . 2008-09-06 15:05 <DIR> dr-h----- C:\MSOCache
2008-09-05 23:07 . 2008-09-05 23:07 <DIR> d-------- C:\Program Files\Hyperballoid
2008-09-05 23:04 . 2008-09-05 23:05 <DIR> d-------- C:\Program Files\Hyperballoid 2
2008-09-05 23:04 . 2008-09-05 23:04 <DIR> d-------- C:\Program Files\Hoteis Jewels
2008-09-05 23:01 . 2008-09-05 23:03 <DIR> d-------- C:\Program Files\Holiday Gift
2008-09-05 23:00 . 2008-09-05 23:00 17 --a------ C:\WINDOWS\popcinfo.dat
2008-09-05 22:59 . 2008-09-05 23:00 <DIR> d-------- C:\Program Files\Heavy Weapon
2008-09-05 22:53 . 2008-09-05 23:13 <DIR> d-------- C:\Program Files\Holiday Bonus
2008-09-03 23:29 . <DIR> C:\Documents and Settings\FIX\Data aplikací\Macromedia
2008-09-03 23:11 . 2008-09-03 23:11 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-09-02 11:36 . 2008-09-02 11:36 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-09-02 10:25 . <DIR> C:\Documents and Settings\FIX\Data aplikací\Ice Age 2
2008-09-02 10:14 . 2008-09-02 10:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-02 09:54 . 1999-02-16 08:02 49,664 --a------ C:\WINDOWS\SSMaui Wowee.scr
2008-09-02 09:51 . 2004-09-20 16:00 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr
2008-09-02 09:50 . 2005-01-07 11:39 57,344 --a------ C:\WINDOWS\system32\Big Kahuna Reef.scr
2008-09-02 09:49 . 2008-09-03 23:27 <DIR> d-------- C:\Program Files\GameHouse Games Collection
2008-09-02 09:49 . 2005-08-03 13:48 389,120 --a------ C:\WINDOWS\Adventure Inlay.scr
2008-09-01 13:24 . 2008-09-01 13:42 <DIR> d-------- C:\Program Files\Bomberic 2
2008-09-01 13:08 . 2008-09-01 13:08 <DIR> d-------- C:\Program Files\Samorost2
2008-09-01 12:25 . 2008-09-03 23:12 <DIR> d-------- C:\Program Files\Hidden Wonders of the Depths
2008-08-31 11:05 . 81,920 C:\Documents and Settings\FIX\Data aplikací\ezpinst.exe
2008-08-26 23:14 . 2008-09-16 02:13 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-26 23:14 . 2008-08-26 23:14 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-26 17:37 . 2008-08-26 17:38 <DIR> d-------- C:\WINDOWS\nview
2008-08-26 17:37 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-26 17:37 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-26 17:37 . 2008-09-26 16:56 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-26 17:37 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-26 17:36 . 2008-08-26 17:36 <DIR> d-------- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 13:20 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Skype
2008-09-24 06:53 --------- d-----w C:\Program Files\USDownloader-Lite
2008-09-23 10:04 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Adobe
2008-09-23 08:41 --------- d-----w C:\Program Files\ICQ6
2008-09-22 13:36 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Vso
2008-09-21 15:19 --------- d-s---w C:\Documents and Settings\FIX\Data aplikací\Microsoft
2008-09-20 13:49 --------- d-----w C:\Program Files\Counter-Strike
2008-09-14 10:35 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-14 10:35 47,360 ----a-w C:\Documents and Settings\FIX\Data aplikací\pcouffin.sys
2008-09-07 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 15:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 09:02 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Ashampoo
2008-08-31 09:01 --------- d-----w C:\Program Files\Ashampoo
2008-08-28 08:40 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\ICQ
2008-08-26 14:44 --------- d-----w C:\Program Files\Steam
2008-08-25 20:31 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Teleca
2008-08-25 20:27 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Sony Ericsson
2008-08-25 20:24 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-25 20:24 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-25 20:23 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-22 14:06 --------- d-----w C:\Program Files\VGA USB Camera
2008-08-22 14:06 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\InstallShield
2008-08-20 14:34 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Sun
2008-08-17 00:33 --------- d-----w C:\Program Files\Zaparit
2008-08-16 21:11 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\WinRAR
2008-08-16 20:55 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Zoner
2008-08-16 20:54 --------- d-----w C:\Program Files\Zoner
2008-08-16 20:49 --------- d-----w C:\Program Files\VSO
2008-08-16 20:43 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-16 19:42 --------- d-----w C:\Program Files\totalcmd
2008-08-16 19:42 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Help
2008-08-16 19:25 --------- d-----w C:\Program Files\Java
2008-08-16 19:24 --------- d-----w C:\Program Files\Common Files\Java
2008-08-16 19:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-16 19:05 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Mozilla
2008-08-16 18:38 --------- d-----w C:\Documents and Settings\FIX\Data aplikací\Identities
2008-08-16 18:35 --------- d-s---w C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
2008-08-16 18:35 --------- d-s---w C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
2008-08-16 18:35 --------- d-s---w C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
2008-08-16 18:35 --------- d-s---w C:\Documents and Settings\LocalService\Data aplikací\Microsoft
2008-08-16 18:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-06 13:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 13:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^FIX^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=C:\Documents and Settings\FIX\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=C:\WINDOWS\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-12-14 01:06 495616 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-08-18 15:39 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 12:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe"=
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Documents and Settings\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b2beb11-6bcb-11dd-b75d-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\assetup.exe

*Newly Created Service* - PROCEXP90
.
.
------- Doplňkový sken -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 17:53:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-09-26 17:54:07
ComboFix-quarantined-files.txt 2008-09-26 15:54:04

Před spuštěním: Volněch bajt…: 12˙575˙903˙744
Po spuštění: Volněch bajt…: 12,608,573,440

237

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe

Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Yelkinson]

Malwarebytes' Anti-Malware 1.28
Verze databáze: 1210
Windows 5.1.2600 Service Pack 2

26.9.2008 18:46:25
mbam-log-2008-09-26 (18-46-25).txt

Typ skenu: Rychlý sken
Objektu skenováno: 45847
Uplynulý cas: 3 minute(s), 21 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Jak vypadá comp, je to stejné?
Pošli log z HJT.

[Yelkinson]

Komp vypada ok zatim na me nic nevyskocilo!

Tady je ten log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:11, on 26.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4753 bytes

[jaro3]

Log he čistý, zkus pro jistotu comp restartovat.

[Yelkinson]

Ok tak diky za pomoc,ted to jedte restnu a kdyz bude vse OK tak uz jen oznacim za vyresene.