Automatické aktualizace - ŠEDÉ OKNO - HELP

[jaro3]

No můžeš ho poslat..
Odinstaluj AskTBar
Toto otestuj na Virustotal
c:\windows\system32\Smab0.dll
Vlož sem pak výsledek.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9606c6f8-ac22-11dd-968d-00016c36ea2f}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

+log z SDFix.

[Reklama]

[mmiriboy]

Soubor Smab0.dll přijatý 2008.11.12 21:02:07 (CET)
Současný stav: Dokončeno
Výsledek: 1/34 (2.94%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
ViRobot - - -
VirusBuster - - -
Rozšiřující informace
MD5: 2cdfdd3019e885d32c0d7c47ec33f8b3
SHA1: fa2c7ec1478056ba921c10b433359ef302b3eddd
SHA256: d4ceed9eeecab9ec14b0bbe3bff53285719295d2c6ba235496c7526890b0a6d2
SHA512: 5f4c9b451d8f2329465e61bbdb9b51fa7ac7207174595cbd16af6709cd36ea9265270b58249b1cf1060c70c04ac8fb534580fbb28e5a38a61d0e3402e73dce5a

[jaro3]

Soubor je O.K. Pošli log z CF po scriptu.

[mmiriboy]

ComboFix 08-11-18.02 - Ludka 2008-11-18 21:37:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.297 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-18 do 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-18 21:05 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-17 08:52 . 2008-11-03 20:19 70,129 --------- c:\windows\hpoins05.dat.temp
2008-11-17 08:52 . 2004-12-14 20:04 19,696 --------- c:\windows\hpomdl05.dat.temp
2008-11-17 08:22 . 2008-11-17 08:24 <DIR> d-------- c:\program files\Magic Video Converter
2008-11-17 08:22 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2008-11-17 08:22 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2008-11-17 08:21 . 2008-11-17 08:21 <DIR> d-------- c:\program files\Avidemux 2.4
2008-11-15 09:55 . 2008-11-15 09:55 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\DVDFab
2008-11-13 21:14 . 2008-11-13 21:23 <DIR> d-------- C:\Nová složka (2)
2008-11-12 18:51 . 2008-11-12 18:51 118 --a------ c:\windows\system32\MRT.INI
2008-11-12 18:45 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:43 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:36 . 2008-11-12 17:36 221,979 ---h----- C:\treeinfo.wc
2008-11-12 17:25 . 2008-11-13 21:35 1,503 --a------ c:\windows\wincmd.ini
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF
2008-11-11 18:58 . 2008-11-11 19:14 <DIR> d-------- c:\program files\Ashampoo
2008-11-08 19:58 . 2008-11-08 19:58 <DIR> d-------- c:\program files\Windows Defender
2008-11-08 18:14 . 2008-11-08 18:15 <DIR> d-------- c:\program files\Opera
2008-11-08 09:05 . 2008-11-08 09:05 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Sonic
2008-11-04 20:18 . 2008-11-04 20:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nokia Multimedia Player
2008-11-03 16:56 . 2008-11-03 16:56 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Sonic
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-02 20:23 . 2008-11-02 20:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sonic
2008-11-02 20:18 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Roxio
2008-11-02 18:20 . 2008-11-02 18:20 <DIR> d-------- c:\program files\Conduit
2008-11-02 18:19 . 2008-11-02 20:12 <DIR> d-------- c:\program files\P2P_Energy
2008-11-02 18:19 . 2008-11-02 18:20 <DIR> d-------- c:\program files\P2P Rocket
2008-11-02 18:19 . 2008-11-02 18:19 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Shareaza
2008-11-02 16:54 . 2008-11-02 16:54 <DIR> d-------- c:\program files\DivX
2008-11-02 16:09 . 2008-11-02 16:09 <DIR> d-------- c:\program files\MagicISO
2008-11-01 20:33 . 2008-11-01 20:33 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\Roxio
2008-11-01 19:42 . 2008-11-17 19:01 69 --a------ c:\windows\NeroDigital.ini
2008-11-01 19:11 . 2008-11-01 19:11 <DIR> d-------- c:\program files\Sun
2008-11-01 19:10 . 2008-11-01 19:10 <DIR> d-------- c:\program files\Java
2008-11-01 19:10 . 2008-11-01 19:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-01 19:10 . 2008-11-01 19:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-01 18:48 . 2008-11-16 22:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Roxio
2008-11-01 18:48 . 2008-11-01 18:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield
2008-11-01 18:48 . 2008-11-02 20:24 440 --a------ c:\windows\wininit.ini
2008-11-01 18:44 . 2008-11-02 09:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Roxio
2008-11-01 18:42 . 2008-11-02 20:23 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-01 17:38 . 2008-11-01 17:38 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\program files\Nero
2008-11-01 17:30 . 2008-11-01 17:35 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-01 11:35 . 2008-11-01 11:37 3,230 --a------ c:\windows\WTRAN32.INI
2008-11-01 09:07 . 2008-11-08 20:59 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-01 09:06 . 2008-11-01 09:06 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-01 09:06 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-31 20:11 . 2008-10-31 20:11 <DIR> d-------- c:\program files\Kerio
2008-10-31 17:24 . 2008-10-31 17:24 <DIR> d-------- c:\program files\Common Files\LightScribe
2008-10-30 23:07 . 2008-10-30 23:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LightScribe
2008-10-27 19:20 . 2008-10-27 19:20 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Thinstall
2008-10-27 19:14 . 2008-10-27 20:02 <DIR> d-------- c:\program files\DVDFab Platinum 4
2008-10-27 19:13 . 2008-11-17 08:23 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Vso
2008-10-27 19:13 . 2008-11-17 08:23 47,360 --a------ c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-10-24 22:10 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 17:40 . 2008-10-25 10:23 <DIR> d--hs---- c:\documents and settings\Ludka\Phone Browser
2008-10-22 20:02 . 2008-05-06 15:49 428,904 --a------ c:\windows\system32\Incinerator.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 13:32 --------- d-----w c:\program files\AskTBar
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-16 16:07 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-13 22:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2008-11-12 17:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-11 18:57 --------- d-----w c:\program files\Settings
2008-11-11 18:57 --------- d-----w c:\program files\FlashGet
2008-11-11 18:57 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2008-11-11 05:56 --------- d-----w c:\program files\WinTV
2008-11-08 17:09 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Avant Browser
2008-11-04 19:17 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-11-03 16:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2008-11-02 19:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 08:11 --------- d-----w c:\program files\MSBuild
2008-10-28 15:05 --------- d-----w c:\program files\fdrlab
2008-10-25 09:14 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-10-25 08:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-17 17:50 --------- d-----w c:\program files\Passware
2008-10-09 16:23 --------- d-----w c:\documents and settings\Ludka\Data aplikací\avidemux
2008-10-01 19:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\GeoVid
2008-10-01 18:40 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Sony
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 16:43 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PVC
2008-09-27 10:58 --------- d-----w c:\program files\Directory Lister
2008-09-20 20:11 --------- d-----w c:\program files\Smart Projects
2008-09-20 11:29 97,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-09-20 11:29 --------- d-----w c:\program files\Common Files\Acronis
2008-09-20 11:28 --------- d-----w c:\program files\Acronis
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 18:26 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-02 20:12 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=stkhost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-16 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-16 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9606c6f8-ac22-11dd-968d-00016c36ea2f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2008-11-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 21:40:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Celkový čas: 2008-11-18 21:44:00
ComboFix-quarantined-files.txt 2008-11-18 20:43:09
ComboFix2.txt 2008-11-18 19:45:22

Před spuštěním: Volných bajtů: 35 569 418 240
Po spuštění: Volných bajtů: 35,554,496,512

226 --- E O F --- 2008-11-17 13:37:17

[mmiriboy]

Kam ti mám poslať ten súbor - soft SDfix?

[jaro3]

Ne nic neposílej..
Ten klíč se ale nesmazal...Zkus to ještě jednou( ten script výše) a pošli i nový log z HJT.

[mmiriboy]

AHOJ!
Posielam výpis z SDfix, ComboFix a HJT
Takže SDfix:


SDFix: Version 1.240
Run by Ludka on 2008-11-19 at 20:07

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Ludka\Oblíbené položky\Info WEB\links\Cheap Pharmacy Online.url - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 20:13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000141
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"="C:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe:*:Enabled:Sony Vegas Network Render Service Control"
"C:\\Program Files\\StrongDC.exe"="C:\\Program Files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\P2P Rocket\\P2P Rocket.exe"="C:\\Program Files\\P2P Rocket\\P2P Rocket.exe:*:Enabled:P2P Rocket"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sat 30 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 1 Jul 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 11 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"

Finished!

[mmiriboy]

Toto je výpis z ComboFix:

ComboFix 08-11-18.A2 - Ludka 2008-11-19 20:20:36.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.344 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-19 do 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 20:05 . 2008-11-19 20:05 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-19 20:03 . 2008-11-19 20:03 <DIR> d-------- c:\windows\ERUNT
2008-11-19 19:22 . 2008-11-19 19:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-19 19:22 . 2008-11-19 19:22 1,409 --a------ c:\windows\QTFont.for
2008-11-18 21:54 . 2002-07-17 08:20 45,056 --a------ c:\windows\system32\wnaspi32.BAK
2008-11-18 21:54 . 2002-07-17 07:53 16,877 --a------ c:\windows\system32\drivers\aspi32.BAK
2008-11-18 21:54 . 2002-07-17 15:22 5,600 --a------ c:\windows\system\winaspi.BAK
2008-11-18 21:54 . 2002-07-17 15:22 4,672 --a------ c:\windows\system\wowpost.BAK
2008-11-18 21:05 . 2008-11-19 20:16 <DIR> d-------- C:\SDFix
2008-11-17 08:52 . 2008-11-03 20:19 70,129 --------- c:\windows\hpoins05.dat.temp
2008-11-17 08:52 . 2004-12-14 20:04 19,696 --------- c:\windows\hpomdl05.dat.temp
2008-11-17 08:22 . 2008-11-17 08:24 <DIR> d-------- c:\program files\Magic Video Converter
2008-11-17 08:22 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2008-11-17 08:22 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2008-11-17 08:21 . 2008-11-17 08:21 <DIR> d-------- c:\program files\Avidemux 2.4
2008-11-15 09:55 . 2008-11-15 09:55 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\DVDFab
2008-11-13 21:14 . 2008-11-13 21:23 <DIR> d-------- C:\Nová složka (2)
2008-11-12 18:51 . 2008-11-12 18:51 118 --a------ c:\windows\system32\MRT.INI
2008-11-12 18:45 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:43 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:36 . 2008-11-12 17:36 221,979 ---h----- C:\treeinfo.wc
2008-11-12 17:25 . 2008-11-13 21:35 1,503 --a------ c:\windows\wincmd.ini
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF
2008-11-11 18:58 . 2008-11-11 19:14 <DIR> d-------- c:\program files\Ashampoo
2008-11-08 19:58 . 2008-11-08 19:58 <DIR> d-------- c:\program files\Windows Defender
2008-11-08 18:14 . 2008-11-08 18:15 <DIR> d-------- c:\program files\Opera
2008-11-08 09:05 . 2008-11-08 09:05 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Sonic
2008-11-04 20:18 . 2008-11-04 20:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nokia Multimedia Player
2008-11-03 16:56 . 2008-11-03 16:56 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Sonic
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-02 20:23 . 2008-11-02 20:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sonic
2008-11-02 20:18 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Roxio
2008-11-02 18:20 . 2008-11-02 18:20 <DIR> d-------- c:\program files\Conduit
2008-11-02 18:19 . 2008-11-02 20:12 <DIR> d-------- c:\program files\P2P_Energy
2008-11-02 18:19 . 2008-11-02 18:20 <DIR> d-------- c:\program files\P2P Rocket
2008-11-02 18:19 . 2008-11-02 18:19 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Shareaza
2008-11-02 16:54 . 2008-11-02 16:54 <DIR> d-------- c:\program files\DivX
2008-11-02 16:09 . 2008-11-02 16:09 <DIR> d-------- c:\program files\MagicISO
2008-11-01 20:33 . 2008-11-01 20:33 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\Roxio
2008-11-01 19:42 . 2008-11-17 19:01 69 --a------ c:\windows\NeroDigital.ini
2008-11-01 19:11 . 2008-11-01 19:11 <DIR> d-------- c:\program files\Sun
2008-11-01 19:10 . 2008-11-01 19:10 <DIR> d-------- c:\program files\Java
2008-11-01 19:10 . 2008-11-01 19:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-01 19:10 . 2008-11-01 19:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-01 18:48 . 2008-11-16 22:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Roxio
2008-11-01 18:48 . 2008-11-01 18:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield
2008-11-01 18:48 . 2008-11-02 20:24 440 --a------ c:\windows\wininit.ini
2008-11-01 18:44 . 2008-11-02 09:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Roxio
2008-11-01 18:42 . 2008-11-02 20:23 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-01 17:38 . 2008-11-01 17:38 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\program files\Nero
2008-11-01 17:30 . 2008-11-01 17:35 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-01 11:35 . 2008-11-01 11:37 3,230 --a------ c:\windows\WTRAN32.INI
2008-11-01 09:07 . 2008-11-08 20:59 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-01 09:06 . 2008-11-01 09:06 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-01 09:06 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-31 20:11 . 2008-10-31 20:11 <DIR> d-------- c:\program files\Kerio
2008-10-31 17:24 . 2008-10-31 17:24 <DIR> d-------- c:\program files\Common Files\LightScribe
2008-10-30 23:07 . 2008-10-30 23:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LightScribe
2008-10-27 19:20 . 2008-10-27 19:20 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Thinstall
2008-10-27 19:14 . 2008-10-27 20:02 <DIR> d-------- c:\program files\DVDFab Platinum 4
2008-10-27 19:13 . 2008-11-17 08:23 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Vso
2008-10-27 19:13 . 2008-11-17 08:23 47,360 --a------ c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-10-24 22:10 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 17:40 . 2008-10-25 10:23 <DIR> d--hs---- c:\documents and settings\Ludka\Phone Browser
2008-10-22 20:02 . 2008-05-06 15:49 428,904 --a------ c:\windows\system32\Incinerator.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 13:32 --------- d-----w c:\program files\AskTBar
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-16 16:07 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-13 22:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2008-11-12 17:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-11 18:57 --------- d-----w c:\program files\Settings
2008-11-11 18:57 --------- d-----w c:\program files\FlashGet
2008-11-11 18:57 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2008-11-11 05:56 --------- d-----w c:\program files\WinTV
2008-11-08 17:09 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Avant Browser
2008-11-04 19:17 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-11-03 16:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2008-11-02 19:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 08:11 --------- d-----w c:\program files\MSBuild
2008-10-28 15:05 --------- d-----w c:\program files\fdrlab
2008-10-25 09:14 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-10-25 08:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-17 17:50 --------- d-----w c:\program files\Passware
2008-10-09 16:23 --------- d-----w c:\documents and settings\Ludka\Data aplikací\avidemux
2008-10-01 19:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\GeoVid
2008-10-01 18:40 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Sony
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 16:43 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PVC
2008-09-27 10:58 --------- d-----w c:\program files\Directory Lister
2008-09-20 20:11 --------- d-----w c:\program files\Smart Projects
2008-09-20 11:29 97,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-09-20 11:29 --------- d-----w c:\program files\Common Files\Acronis
2008-09-20 11:28 --------- d-----w c:\program files\Acronis
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 18:26 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-18_20.44.19.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-19 19:03:45 6,893,568 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-19 19:03:45 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-19 19:03:31 6,893,568 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-11-19 19:03:31 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2002-07-17 14:22:26 5,600 ----a-w c:\windows\system\WINASPI.DLL
+ 1999-09-10 12:06:00 5,600 ----a-w c:\windows\system\winaspi.dll
- 2002-07-17 14:22:34 4,672 ----a-w c:\windows\system\WOWPOST.EXE
+ 1999-09-10 12:06:00 4,672 ----a-w c:\windows\system\wowpost.exe
- 2002-07-17 06:53:02 16,877 ----a-w c:\windows\system32\drivers\ASPI32.SYS
+ 1999-09-10 12:06:00 25,244 ----a-w c:\windows\system32\drivers\aspi32.sys
- 2002-07-17 07:20:56 45,056 ----a-w c:\windows\system32\WNASPI32.DLL
+ 1999-09-10 12:06:00 45,056 ----a-w c:\windows\system32\wnaspi32.dll
+ 2008-11-19 19:10:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2008-11-19 19:10:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-02 20:12 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=stkhost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-16 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-16 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9606c6f8-ac22-11dd-968d-00016c36ea2f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2008-11-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 20:23:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Celkový čas: 2008-11-19 20:26:29
ComboFix-quarantined-files.txt 2008-11-19 19:25:45
ComboFix2.txt 2008-11-18 20:44:02
ComboFix3.txt 2008-11-18 19:45:22

Před spuštěním: Volných bajtů: 36,537,028,608
Po spuštění: Volných bajtů: 36,554,649,600

258 --- E O F --- 2008-11-19 18:21:50

[mmiriboy]

A nakoniec výpis z HJT:

Logfile of HijackThis v1.99.1
Scan saved at 20:27:53, on 19.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ludka\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Spustit klienta k monitoru &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Spustit klienta k monitoru &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5728104421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8919112008
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D4158-4FB2-4C06-A0F2-22ECBEE30B38}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[mmiriboy]

Vopred ešte raz ĎAKUJEM!!!

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\SDFix

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9606c6f8-ac22-11dd-968d-00016c36ea2f}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[mmiriboy]

ComboFix 08-11-18.A2 - Ludka 2008-11-19 21:31:26.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.293 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-19 do 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 20:05 . 2008-11-19 20:05 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-19 20:03 . 2008-11-19 20:03 <DIR> d-------- c:\windows\ERUNT
2008-11-19 19:22 . 2008-11-19 19:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-19 19:22 . 2008-11-19 19:22 1,409 --a------ c:\windows\QTFont.for
2008-11-18 21:54 . 2002-07-17 08:20 45,056 --a------ c:\windows\system32\wnaspi32.BAK
2008-11-18 21:54 . 2002-07-17 07:53 16,877 --a------ c:\windows\system32\drivers\aspi32.BAK
2008-11-18 21:54 . 2002-07-17 15:22 5,600 --a------ c:\windows\system\winaspi.BAK
2008-11-18 21:54 . 2002-07-17 15:22 4,672 --a------ c:\windows\system\wowpost.BAK
2008-11-18 21:05 . 2008-11-19 20:16 <DIR> d-------- C:\SDFix
2008-11-17 08:52 . 2008-11-03 20:19 70,129 --------- c:\windows\hpoins05.dat.temp
2008-11-17 08:52 . 2004-12-14 20:04 19,696 --------- c:\windows\hpomdl05.dat.temp
2008-11-17 08:22 . 2008-11-17 08:24 <DIR> d-------- c:\program files\Magic Video Converter
2008-11-17 08:22 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2008-11-17 08:22 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2008-11-17 08:21 . 2008-11-17 08:21 <DIR> d-------- c:\program files\Avidemux 2.4
2008-11-15 09:55 . 2008-11-15 09:55 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\DVDFab
2008-11-13 21:14 . 2008-11-13 21:23 <DIR> d-------- C:\Nová složka (2)
2008-11-12 18:51 . 2008-11-12 18:51 118 --a------ c:\windows\system32\MRT.INI
2008-11-12 18:45 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:43 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:36 . 2008-11-12 17:36 221,979 ---h----- C:\treeinfo.wc
2008-11-12 17:25 . 2008-11-13 21:35 1,503 --a------ c:\windows\wincmd.ini
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-12 17:25 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF
2008-11-11 18:58 . 2008-11-11 19:14 <DIR> d-------- c:\program files\Ashampoo
2008-11-08 19:58 . 2008-11-08 19:58 <DIR> d-------- c:\program files\Windows Defender
2008-11-08 18:14 . 2008-11-08 18:15 <DIR> d-------- c:\program files\Opera
2008-11-08 09:05 . 2008-11-08 09:05 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Sonic
2008-11-04 20:18 . 2008-11-04 20:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nokia Multimedia Player
2008-11-03 16:56 . 2008-11-03 16:56 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Sonic
2008-11-02 20:24 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-02 20:23 . 2008-11-02 20:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sonic
2008-11-02 20:18 . 2008-11-02 20:24 <DIR> d-------- c:\program files\Roxio
2008-11-02 18:20 . 2008-11-02 18:20 <DIR> d-------- c:\program files\Conduit
2008-11-02 18:19 . 2008-11-02 20:12 <DIR> d-------- c:\program files\P2P_Energy
2008-11-02 18:19 . 2008-11-02 18:20 <DIR> d-------- c:\program files\P2P Rocket
2008-11-02 18:19 . 2008-11-02 18:19 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Shareaza
2008-11-02 16:54 . 2008-11-02 16:54 <DIR> d-------- c:\program files\DivX
2008-11-02 16:09 . 2008-11-02 16:09 <DIR> d-------- c:\program files\MagicISO
2008-11-01 20:33 . 2008-11-01 20:33 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\Roxio
2008-11-01 19:42 . 2008-11-19 21:12 69 --a------ c:\windows\NeroDigital.ini
2008-11-01 19:11 . 2008-11-01 19:11 <DIR> d-------- c:\program files\Sun
2008-11-01 19:10 . 2008-11-01 19:10 <DIR> d-------- c:\program files\Java
2008-11-01 19:10 . 2008-11-01 19:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-01 19:10 . 2008-11-01 19:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-01 18:48 . 2008-11-16 22:18 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Roxio
2008-11-01 18:48 . 2008-11-01 18:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield
2008-11-01 18:48 . 2008-11-02 20:24 440 --a------ c:\windows\wininit.ini
2008-11-01 18:44 . 2008-11-02 09:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Roxio
2008-11-01 18:42 . 2008-11-02 20:23 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-11-01 17:38 . 2008-11-01 17:38 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\program files\Nero
2008-11-01 17:30 . 2008-11-01 17:35 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-01 17:30 . 2008-11-01 17:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-01 11:35 . 2008-11-01 11:37 3,230 --a------ c:\windows\WTRAN32.INI
2008-11-01 09:07 . 2008-11-08 20:59 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-01 09:06 . 2008-11-01 09:06 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-01 09:06 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-31 20:11 . 2008-10-31 20:11 <DIR> d-------- c:\program files\Kerio
2008-10-31 17:24 . 2008-10-31 17:24 <DIR> d-------- c:\program files\Common Files\LightScribe
2008-10-30 23:07 . 2008-10-30 23:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LightScribe
2008-10-27 19:20 . 2008-10-27 19:20 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Thinstall
2008-10-27 19:14 . 2008-10-27 20:02 <DIR> d-------- c:\program files\DVDFab Platinum 4
2008-10-27 19:13 . 2008-11-17 08:23 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\Vso
2008-10-27 19:13 . 2008-11-17 08:23 47,360 --a------ c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-10-24 22:10 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 17:40 . 2008-10-25 10:23 <DIR> d--hs---- c:\documents and settings\Ludka\Phone Browser
2008-10-22 20:02 . 2008-05-06 15:49 428,904 --a------ c:\windows\system32\Incinerator.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 13:32 --------- d-----w c:\program files\AskTBar
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-16 16:07 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-13 22:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2008-11-12 17:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-11 18:57 --------- d-----w c:\program files\Settings
2008-11-11 18:57 --------- d-----w c:\program files\FlashGet
2008-11-11 18:57 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2008-11-11 05:56 --------- d-----w c:\program files\WinTV
2008-11-08 17:09 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Avant Browser
2008-11-04 19:17 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-11-03 16:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2008-11-02 19:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 08:11 --------- d-----w c:\program files\MSBuild
2008-10-28 15:05 --------- d-----w c:\program files\fdrlab
2008-10-25 09:14 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-10-25 08:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-17 17:50 --------- d-----w c:\program files\Passware
2008-10-09 16:23 --------- d-----w c:\documents and settings\Ludka\Data aplikací\avidemux
2008-10-01 19:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\GeoVid
2008-10-01 18:40 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Sony
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 16:43 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PVC
2008-09-27 10:58 --------- d-----w c:\program files\Directory Lister
2008-09-20 20:11 --------- d-----w c:\program files\Smart Projects
2008-09-20 11:29 97,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-09-20 11:29 --------- d-----w c:\program files\Common Files\Acronis
2008-09-20 11:28 --------- d-----w c:\program files\Acronis
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 18:26 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-18_20.44.19.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-19 19:03:45 6,893,568 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-19 19:03:45 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-19 19:03:31 6,893,568 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-11-19 19:03:31 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2002-07-17 14:22:26 5,600 ----a-w c:\windows\system\WINASPI.DLL
+ 1999-09-10 12:06:00 5,600 ----a-w c:\windows\system\winaspi.dll
- 2002-07-17 14:22:34 4,672 ----a-w c:\windows\system\WOWPOST.EXE
+ 1999-09-10 12:06:00 4,672 ----a-w c:\windows\system\wowpost.exe
- 2002-07-17 06:53:02 16,877 ----a-w c:\windows\system32\drivers\ASPI32.SYS
+ 1999-09-10 12:06:00 25,244 ----a-w c:\windows\system32\drivers\aspi32.sys
- 2002-07-17 07:20:56 45,056 ----a-w c:\windows\system32\WNASPI32.DLL
+ 1999-09-10 12:06:00 45,056 ----a-w c:\windows\system32\wnaspi32.dll
+ 2008-11-19 19:10:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2008-11-19 19:10:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-02 20:12 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=stkhost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-16 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-16 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9606c6f8-ac22-11dd-968d-00016c36ea2f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2008-11-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 21:34:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Celkový čas: 2008-11-19 21:37:37
ComboFix-quarantined-files.txt 2008-11-19 20:36:46
ComboFix2.txt 2008-11-19 19:26:31
ComboFix3.txt 2008-11-18 20:44:02
ComboFix4.txt 2008-11-18 19:45:22

Před spuštěním: Volných bajtů: 36 528 353 280
Po spuštění: Volných bajtů: 36,514,410,496

255 --- E O F --- 2008-11-19 18:21:50