prosim o kontrolu, seká se mi počítač

[Iwet]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:29, on 24.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [b444d5c8] rundll32.exe "C:\WINDOWS\system32\ewlcvrkk.dll",b
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6571 bytes

[Reklama]

[jaro3]

Stáhni si SDFix
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[Iwet]

Já nemůžu stáhnout tenhle program. Pořád mi to vyhazuje prohlížeč. A nemůžu to i jinde stáhnout.

[jaro3]

Zkus toto:
Vypni rez. ochranu u NOD32 a rez.štít u ST.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Iwet]

ComboFix 08-10-24.02 - Iwet 2008-10-25 11:36:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.158 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Iwet\Dokumenty\My Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfvdknhs.ini
C:\WINDOWS\system32\iqbbdfmi.ini
C:\WINDOWS\system32\iymcyahu.ini
C:\WINDOWS\system32\kbcvdohx.ini
C:\WINDOWS\system32\mlJAtstR.dll
C:\WINDOWS\system32\RtstAJlm.ini
C:\WINDOWS\system32\RtstAJlm.ini2
C:\WINDOWS\system32\sxgfngkm.ini
C:\WINDOWS\system32\uhaycmyi.dll
C:\WINDOWS\system32\ukgqivdr.ini
C:\WINDOWS\system32\vtUlMedD.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-25 do 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-24 11:33 . 2008-10-25 11:25 <DIR> d-------- C:\Program Files\Crawler
2008-10-24 11:11 . 2008-10-25 10:53 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-10-24 11:09 . 2008-10-25 10:53 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Spyware Terminator
2008-10-24 11:09 . 2008-10-24 11:09 142,592 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-24 11:08 . 2008-10-25 10:53 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-24 11:08 . 2008-10-24 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-16 14:35 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 14:33 . 2008-08-14 15:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 14:33 . 2008-08-14 15:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 14:33 . 2008-08-14 15:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 14:33 . 2008-08-14 15:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 14:33 . 2008-09-15 17:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-09 23:19 . 2008-10-09 23:19 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Malwarebytes
2008-10-09 23:19 . 2008-10-09 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-10-08 20:31 . 2008-10-08 20:31 50 --a------ C:\WINDOWS\MegaManager.INI
2008-10-08 19:54 . 2008-10-08 19:54 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Megaupload
2008-10-08 19:53 . 2008-10-08 19:53 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\EmailNotifier
2008-10-08 19:53 . 2008-10-08 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Megaupload
2008-10-08 19:53 . 2008-10-08 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EmailNotifier
2008-10-06 23:22 . 2008-10-06 23:22 <DIR> d-------- C:\WINDOWS\system32\cs
2008-10-06 23:22 . 2008-10-06 23:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-06 23:22 . 2008-10-06 23:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 23:18 . 2008-10-06 23:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-06 23:08 . 2008-10-06 23:08 <DIR> d-------- C:\WINDOWS\EHome
2008-10-06 22:44 . 2004-08-03 22:29 25,471 --a------ C:\WINDOWS\system32\drivers\watv10nt.sys
2008-10-06 22:44 . 2004-08-03 22:29 22,271 --a------ C:\WINDOWS\system32\drivers\watv06nt.sys
2008-10-06 22:44 . 2004-08-03 22:29 11,935 --a------ C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-10-06 22:44 . 2004-08-03 22:29 11,871 --a------ C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-10-06 22:44 . 2004-08-03 22:29 11,807 --a------ C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-10-06 22:44 . 2004-08-03 22:29 11,295 --a------ C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-10-06 22:39 . 2004-08-17 15:43 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-29 23:07 . 2008-09-29 23:07 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-29 22:34 . 2008-09-29 22:34 <DIR> d-------- C:\Program Files\Firefly Studios
2008-09-27 09:57 . 2008-09-27 09:57 <DIR> d-------- C:\Program Files\7-Zip
2008-09-26 11:54 . 2008-09-26 11:54 49 --a------ C:\WINDOWS\cgminivw.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-10-08 18:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 17:57 --------- d-----w C:\Program Files\Eset
2008-09-25 16:42 --------- d-----w C:\Program Files\MultiRes
2008-09-24 21:16 --------- d-----w C:\Program Files\Realtek AC97
2008-09-22 19:18 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-22 15:40 --------- d-----w C:\Program Files\ICQ6
2008-09-22 11:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-22 11:05 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-21 17:03 --------- d-----w C:\Program Files\directx 9
2008-09-21 15:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-09-17 16:21 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-09-15 21:50 --------- d-----w C:\Program Files\Longman
2008-09-15 19:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-15 19:09 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-15 15:36 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 20:08 --------- d-----w C:\Program Files\GT Interactive
2008-09-13 08:42 --------- d-----w C:\Program Files\MagicISO
2008-09-11 13:14 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\ICQ
2008-09-11 11:27 31,944 ----a-w C:\Documents and Settings\Iwet\Data aplikací\GDIPFONTCACHEV1.DAT
2008-09-09 17:33 --------- d-----w C:\Program Files\Sun
2008-09-09 17:33 --------- d-----w C:\Program Files\Java
2008-09-08 10:51 --------- d-----w C:\Program Files\Webteh
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 19:59 --------- d-----w C:\Program Files\GoBit Games
2008-09-07 19:59 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\GoBit Games
2008-09-05 21:42 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\Pogo Games
2008-09-02 21:04 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\XnView
2008-08-31 14:44 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\Corel
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Corel
2008-08-30 22:52 --------- d-----w C:\Program Files\Common Files\Corel
2008-08-30 22:50 --------- d-----w C:\Program Files\Corel
2008-08-30 22:41 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\InstallShield
2008-08-26 15:46 --------- d-----w C:\Program Files\Trend Micro
2008-08-26 11:38 --------- d-----w C:\Program Files\ICQ6Toolbar
2008-08-26 11:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-08-26 11:35 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\ICQLite
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-25 14:03 --------- d-----w C:\Program Files\BitLord
2008-08-14 19:29 0 ----a-w C:\Documents and Settings\Iwet\Data aplikací\wklnhst.dat
2008-08-14 17:05 532,558 ----a-w C:\WINDOWS\system32\odGinaLibrary.dll
2008-08-14 17:05 139,330 ----a-w C:\WINDOWS\system32\odyGina.dll
2008-08-14 17:05 106,496 ----a-w C:\WINDOWS\system32\odyEvent.dll
2008-08-14 13:26 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 08:15 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-14 921600]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-24 2158592]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 05:22 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-24 142592]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\vtUlMedD.dll
BHO-{9FDC1386-2962-44DA-8C92-3CF625139929} - C:\WINDOWS\system32\mlJAtstR.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-b444d5c8 - C:\WINDOWS\system32\uhaycmyi.dll
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\vtUlMedD.dll


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Iwet\Data aplikací\Mozilla\Firefox\Profiles\ttlxa71k.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.seznam.cz
FF -: plugin - C:\Program Files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 11:46:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2008-10-25 11:51:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-25 09:51:06

Před spuštěním: 9 283 600 384
Po spuštění: Volných bajtů: 11,590,746,112

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2008-10-16 12:52:46

[jaro3]

Zkus nyní stáhnout ten SDFix a poslat z něho log.

[Iwet]

SDFix: Version 1.237
Run by Iwet on ne 26.10.2008 at 19:52

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 19:58:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 22 Sep 2008 88 A.SHR --- "C:\WINDOWS\system32\14ABD3773E.sys"
Mon 22 Sep 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 14 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 27 Jul 2008 65,024 A..H. --- "C:\Documents and Settings\Iwet\Dokumenty\MO z ekonomiky\~WRL0005.tmp"
Thu 7 Aug 2008 70,656 A..H. --- "C:\Documents and Settings\Iwet\Dokumenty\MO z ekonomiky\~WRL2194.tmp"

Finished!

[jaro3]

Fajn, a teď ještě jednou ten Combofix.Uděláme script.

[Iwet]

ComboFix 08-10-25.01 - Iwet 2008-10-26 20:34:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.150 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Iwet\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 19:51 . 2008-10-26 19:51 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-26 19:49 . 2008-10-26 19:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-26 18:03 . 2008-10-26 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SimCity Societies
2008-10-26 17:06 . 2008-10-26 20:01 <DIR> d-------- C:\SDFix
2008-10-25 11:10 . 2008-10-15 17:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 10:33 . 2008-10-26 20:04 <DIR> d-------- C:\Program Files\Crawler
2008-10-24 10:11 . 2008-10-26 20:02 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-10-24 10:09 . 2008-10-26 20:24 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Spyware Terminator
2008-10-24 10:09 . 2008-10-24 10:09 142,592 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-24 10:08 . 2008-10-25 09:53 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-24 10:08 . 2008-10-24 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-16 13:35 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 13:33 . 2008-08-14 14:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 13:33 . 2008-08-14 14:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 13:33 . 2008-08-14 14:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 13:33 . 2008-08-14 14:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:33 . 2008-09-15 16:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-09 22:19 . 2008-10-09 22:19 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Malwarebytes
2008-10-09 22:19 . 2008-10-09 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-10-08 19:31 . 2008-10-08 19:31 50 --a------ C:\WINDOWS\MegaManager.INI
2008-10-08 18:54 . 2008-10-08 18:54 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\Megaupload
2008-10-08 18:53 . 2008-10-08 18:53 <DIR> d-------- C:\Documents and Settings\Iwet\Data aplikací\EmailNotifier
2008-10-08 18:53 . 2008-10-08 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Megaupload
2008-10-08 18:53 . 2008-10-08 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EmailNotifier
2008-10-06 22:22 . 2008-10-06 22:22 <DIR> d-------- C:\WINDOWS\system32\cs
2008-10-06 22:22 . 2008-10-06 22:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-06 22:22 . 2008-10-06 22:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 22:18 . 2008-10-06 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-06 22:08 . 2008-10-06 22:08 <DIR> d-------- C:\WINDOWS\EHome
2008-10-06 21:44 . 2004-08-03 21:29 25,471 --a------ C:\WINDOWS\system32\drivers\watv10nt.sys
2008-10-06 21:44 . 2004-08-03 21:29 22,271 --a------ C:\WINDOWS\system32\drivers\watv06nt.sys
2008-10-06 21:44 . 2004-08-03 21:29 11,935 --a------ C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-10-06 21:44 . 2004-08-03 21:29 11,871 --a------ C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-10-06 21:44 . 2004-08-03 21:29 11,807 --a------ C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-10-06 21:44 . 2004-08-03 21:29 11,295 --a------ C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-10-06 21:39 . 2004-08-17 14:43 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-29 22:07 . 2008-09-29 22:07 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-29 21:34 . 2008-09-29 21:34 <DIR> d-------- C:\Program Files\Firefly Studios
2008-09-27 08:57 . 2008-09-27 08:57 <DIR> d-------- C:\Program Files\7-Zip
2008-09-26 10:54 . 2008-09-26 10:54 49 --a------ C:\WINDOWS\cgminivw.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:33 --------- d-----w C:\Program Files\Electronic Arts
2008-10-26 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-10-08 17:57 --------- d-----w C:\Program Files\Eset
2008-09-25 16:42 --------- d-----w C:\Program Files\MultiRes
2008-09-24 21:16 --------- d-----w C:\Program Files\Realtek AC97
2008-09-22 19:18 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-22 15:40 --------- d-----w C:\Program Files\ICQ6
2008-09-22 11:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-22 11:05 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-21 17:03 --------- d-----w C:\Program Files\directx 9
2008-09-21 15:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-09-17 16:21 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-09-15 21:50 --------- d-----w C:\Program Files\Longman
2008-09-15 19:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-15 19:09 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-15 15:36 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 20:08 --------- d-----w C:\Program Files\GT Interactive
2008-09-13 08:42 --------- d-----w C:\Program Files\MagicISO
2008-09-11 13:14 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\ICQ
2008-09-11 11:27 31,944 ----a-w C:\Documents and Settings\Iwet\Data aplikací\GDIPFONTCACHEV1.DAT
2008-09-09 17:33 --------- d-----w C:\Program Files\Sun
2008-09-09 17:33 --------- d-----w C:\Program Files\Java
2008-09-08 10:51 --------- d-----w C:\Program Files\Webteh
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 19:59 --------- d-----w C:\Program Files\GoBit Games
2008-09-07 19:59 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\GoBit Games
2008-09-05 21:42 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\Pogo Games
2008-09-02 21:04 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\XnView
2008-08-31 14:44 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\Corel
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Corel
2008-08-30 22:52 --------- d-----w C:\Program Files\Common Files\Corel
2008-08-30 22:50 --------- d-----w C:\Program Files\Corel
2008-08-30 22:41 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\InstallShield
2008-08-26 15:46 --------- d-----w C:\Program Files\Trend Micro
2008-08-26 11:38 --------- d-----w C:\Program Files\ICQ6Toolbar
2008-08-26 11:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-08-26 11:35 --------- d-----w C:\Documents and Settings\Iwet\Data aplikací\ICQLite
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 19:29 0 ----a-w C:\Documents and Settings\Iwet\Data aplikací\wklnhst.dat
2008-08-14 17:05 532,558 ----a-w C:\WINDOWS\system32\odGinaLibrary.dll
2008-08-14 17:05 139,330 ----a-w C:\WINDOWS\system32\odyGina.dll
2008-08-14 17:05 106,496 ----a-w C:\WINDOWS\system32\odyEvent.dll
2008-08-14 13:26 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 08:15 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-14 921600]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-24 2158592]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 04:22 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-24 142592]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Iwet\Data aplikací\Mozilla\Firefox\Profiles\ttlxa71k.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.seznam.cz
FF -: plugin - C:\Program Files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 20:38:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Celkový čas: 2008-10-26 20:40:46
ComboFix-quarantined-files.txt 2008-10-26 19:40:27

Před spuštěním: 9 946 558 464
Po spuštění: 9,947,594,752

170 --- E O F --- 2008-10-25 10:11:51

[jaro3]

Najdi a smaž: C:\SDFix
Log je O.K.
vlož sem ještě log z HJT, podívám se zítra.

[Iwet]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:06, on 26.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6804 bytes

[jaro3]

Log O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u10

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Zapni všechny ochrany u NODu a ST.