Prosím o kontrolu logu. Chyba Windows. Díky. Vyřešeno

[El Bunda]

Čau, měl jsem problém viewtopic.php?f=46&t=34557 vyřešil jsem ho. Odpojil druhý HDD, přehodil RAMky a udělal v HW pořádek. Tohle by byl fajn námět na programátorskou komedii mi v tom compu žili pavouci, byl plný pavučin a centimetrové vrstvy prachu . No teď už jede, ale po startu píše tohle: Činnost systému byla obnovena po závažné chybě. Tohle tam je u "Dalších informací"

Kód: Vybrat vše

BCCode : 1000008e     BCP1 : C0000005     BCP2 : BF8382AF     BCP3 : F8794534
BCP4 : 00000000     OSVer : 5_1_2600     SP : 3_0     Product : 256_1     

A v technických informacích je napsáno tohle

Kód: Vybrat vše

D:\Temp\WER9a63.dir00\Mini122008-03.dmp
D:\Temp\WER9a63.dir00\sysdata.xml

A tady je log:

Logfile of HijackThis v1.99.1
Scan saved at 13:33:54, on 23.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
D:\Prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
D:\Prográmky\Programs\OpenOffice 3\OpenOffice.org 3\program\soffice.exe
D:\Prográmky\Programs\OpenOffice 3\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Filmy\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: 216.55.133.9 handybackup.com http://www.handybackup.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 5 cz\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Prográmky\Programs\GetRight\xx2gr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: Download with GetRight - D:\Prográmky\Programs\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Prográmky\Programs\GetRight\GRbrowse.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8917616467
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BE0BF4-76BD-42AC-9E43-1757DD9D9E97}: NameServer = 194.228.2.1,194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - D:\Prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Předem díky všem.

EDIT: To Free p*** galleries mi naskočilo asi před rokem u IE, když jsem schytal vira. Hned jsem začal používat Mozillu, pak Firefoxa.

[Reklama]

[jaro3]

příště novější log z HJT v.2.0.2:
viewtopic.php?f=70&t=5119
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[El Bunda]

Rychlý scan nic nenašel. Teď zkouším důkladný test. Mám něco fixnout v tom HijackThisu?

[jaro3]

Zatím ne.
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[El Bunda]

SDFix: Version 1.240
Run by Administrator on Łt 23.12.2008 at 15:47

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 15:51:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="B064978410FB3CA6037A8CD9E97D3057C4BDA02866BB93A9EDBDAD5304C3A419D38C508833D9D810DE917691DB68759C532AFB7D71D332FEB0995A8D1007730817CA6902B3678C4047DDAA28F9021DED270C2844729EED56E055E240050F73E28C03D5B6DDDFC50969797EBF774BC68825D1F99D2A01B9F840D3BE2B4AC507A26EAF4DA162D279AEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933016DD9A5648A57BA60C2177F4B852FC8A1AF5F918C38A190ABAEBAE4A7D6F033DC686DE1462B684D6CFC301DEB831E23728C07623964CE1D649B171FBD15BE923C439C95D9F7B769183064E1B5318580FD735A4EBB21166C9EA7AE7334AB1B04B6587835DF503FBDF1CA81012F9470DBED0B8AE384BB35673ECA2F6D84CB91FD0796D1EAF86CFCEFAF529B5F450AEEA78F8A0AE6E852ECECC6158F4F8D79B4EC8D823F12AE547617265F0A98C93F1449524092CF225B00CFE228890C120F9AAECA34993FEAE62E3E531EE6FB6FB778974D0E9FC94E1C38D4603A1A4D37B75B16E75480B5FED4B2E6564E9189CFC937E136E8F0B4ED31E236B11580EE0975176BAD2355F09BA5908474C3AEF9E69FEFE86DD98A23E60B5022ED98C401741CED680DF4BE9C5B31D97F93E723B793B946DFF17DB6DC83EC54BACB352E48CC5585BC18AF261BB72627B240B69CDF1DE8E1F1E787FD5D6FEDC816ACF14A3E499C088B84CF3A82100712702CC008462A556EBA1A3A3455BC7B89BD0F69E98E024422EBAEE3ED9BA8A8397A29A9197047789BCC74EFE9A6E15377B01C492299F6EF87E7958FF56328353F892F29C79AE4A21DAB88967A69360BF7DF1CD44EF40B19EA005B8ACC0C1AA9CACA5B8DCEB1D7752AD00A30806A7989F1B1FBE08868838B8825479E327BED5807DBEC352D585869FE29D24FDB27CA0AD3004FD833EF8A691D4044AB25CAF667A1D34815A5E40247DB165F9FB154B11E0D99CB3BF3BDAFA6EAACE0266F48ECD04EB774B5C063572D036CD05DE9D996281340CA98B2B4E40D363851141973EAE144069DB2C7113A113DF5ECDA30D0C6DFDDA94A991F6D7FB749266A91EF04713BBB2D143CCB60F337D4EE9A7BF40DF3D16A806C762735BB17F12D28CC0763E154F5124B981F7932BB1B08E7BAEB8DB25D3961767E028C37F282792A8A35AD0677338BDA1ED7B4838C626686A38E0D7DB54F5F5493A8A7F3614F29B1A0923586BF3C68003852A1DD6B0324C95918F5B0E2B580112D57EFD8D0B2CE27FA7FFE75A15AE419E92E8397F158CCAB9008E70FC2F7BEDF53100131018A7314191C44C3E1DC382C464D4FEF89436248922335BC82A78896A6182B29073810298D50744B1A1788"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Sat 3 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\53d7774955e489a08c712874c793a1aa\BIT17.tmp"
Sat 13 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fb0370af415cd844b236063f43bbe715\BIT18.tmp"
Thu 14 Aug 2008 1,179,136 ...H. --- "C:\Documents and Settings\Administrator.PC1\Data aplikacˇ\Microsoft\Word\~WRL0004.tmp"
Thu 11 Dec 2008 444 ...HR --- "C:\Documents and Settings\Administrator.PC1\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Sat 3 Feb 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\Hudba\Z lohov nˇ licence\drmv1key.bak"
Sat 3 Feb 2007 20 A..H. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Sat 17 Sep 2005 312 A.SH. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\Hudba\Z lohov nˇ licence\drmv2key.bak"
Sat 3 Feb 2007 4,348 A..H. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\ICQ Lite\Hudba\Z lohov nˇ licence\drmv1key.bak"
Sat 3 Feb 2007 20 A..H. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\ICQ Lite\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Sat 17 Sep 2005 312 A.SH. --- "C:\Documents and Settings\Administrator.PC1\Dokumenty\ICQ Lite\Hudba\Z lohov nˇ licence\drmv2key.bak"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:40, on 23.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
D:\Prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Prográmky\Programs\OpenOffice 3\OpenOffice.org 3\program\soffice.exe
D:\Prográmky\Programs\OpenOffice 3\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
D:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 5 cz\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Prográmky\Programs\GetRight\xx2gr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: Download with GetRight - D:\Prográmky\Programs\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Prográmky\Programs\GetRight\GRbrowse.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8917616467
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BE0BF4-76BD-42AC-9E43-1757DD9D9E97}: NameServer = 194.228.2.1,194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - D:\Prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8706 bytes

[jaro3]

Najdi a smaž: C:\SDFix
Tak ještě poslední věc:
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[El Bunda]

Tak chyba Windows už nevyskakuje. Díky moc.
EDIT: Nevadí že jsem zapomněl smazat tu složku SDFix? Neovlivnilo to scan ComboFixu?
Tady je ten log: (Změnila se mi tapeta )

ComboFix 08-12-21.04 - Administrator 2008-12-23 16:27:52.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.238 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.PC1\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.PC1\Data aplikacˇ\inst.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


((((((((((((((((((((((((( Soubory vytvořené od 2008-11-23 do 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 15:46 . 2008-12-23 15:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-23 15:45 . 2008-12-23 15:45 <DIR> d-------- c:\windows\ERUNT
2008-12-23 15:35 . 2008-12-23 15:53 <DIR> d-------- C:\SDFix
2008-12-23 15:34 . 2008-12-23 15:34 1,882,786 --a------ C:\SDFix.zip
2008-12-23 15:32 . 2008-12-23 15:34 0 --a------ C:\SDFix.exe
2008-12-23 14:59 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\Malwarebytes
2008-12-23 14:56 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 14:56 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 23:35 . 2008-12-20 23:35 4,096 --a------ c:\windows\system32\crash
2008-12-18 15:11 . 2008-12-18 15:11 0 --a------ c:\windows\OODCNT.INI
2008-12-18 14:30 . 2008-12-18 14:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-13 22:55 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\GetRight
2008-12-11 19:35 . 2008-12-11 19:35 <DIR> d-------- c:\program files\MSBuild
2008-12-11 19:31 . 2008-12-11 19:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-11 19:30 . 2008-12-11 19:30 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-11 19:30 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-11 19:23 . 2008-12-11 19:23 <DIR> d-------- c:\windows\Logs
2008-12-11 19:22 . 2008-12-11 19:23 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-11 19:21 . 2008-12-11 19:21 <DIR> d-------- c:\windows\system32\xlive
2008-12-11 19:21 . 2008-12-11 20:01 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-11 19:21 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-11 19:21 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-11 19:21 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-11 15:45 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\OpenOffice.org
2008-12-11 14:11 . 2008-12-11 14:11 0 --a------ c:\windows\ativpsrm.bin
2008-12-11 14:09 . 2008-12-12 06:55 <DIR> d-------- c:\program files\ATI
2008-12-11 13:48 . 2008-12-11 13:48 <DIR> d-------- c:\windows\system32\cs-cz
2008-12-11 13:40 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-12-11 13:40 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-11 13:38 . 2006-12-29 00:31 19,569 --a------ c:\windows\003037_.tmp
2008-12-11 13:09 . 2004-08-17 15:49 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-11 13:08 . 2008-04-14 08:52 239,616 --------- c:\windows\system32\wstrenderer.ax
2008-12-11 13:08 . 2008-04-14 08:52 164,352 --------- c:\windows\system32\wstpager.ax
2008-12-11 13:08 . 2008-04-14 08:52 53,248 --------- c:\windows\system32\vbicodec.ax
2008-12-11 13:08 . 2008-04-14 00:15 46,592 --------- c:\windows\system32\drivers\irbus.sys
2008-12-11 13:08 . 2008-04-14 08:52 32,768 --------- c:\windows\system32\asr_pfu.exe
2008-12-11 13:08 . 2008-04-14 00:13 12,800 --------- c:\windows\system32\spiisupd.exe
2008-12-11 13:08 . 2008-04-14 08:51 10,752 --------- c:\windows\system32\smtpapi.dll
2008-12-11 13:08 . 2008-04-14 08:51 9,728 --------- c:\windows\system32\rwnh.dll
2008-12-11 13:08 . 2008-04-14 00:13 9,728 --------- c:\windows\system32\comsdupd.exe
2008-12-11 13:00 . 2008-12-11 13:49 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 12:50 . 2007-08-10 20:43 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-12-11 12:50 . 2004-07-17 11:40 19,528 --a------ c:\windows\002510_.tmp
2008-12-11 12:45 . 2008-12-11 13:49 <DIR> d-------- c:\windows\EHome
2008-12-11 10:54 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\WinRAR
2008-12-11 10:54 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\SecuROM
2008-12-02 16:39 . <DIR> c:\documents and settings\Administrator.PC1\Data aplikací\Google
2008-12-02 16:38 . 2008-12-02 16:38 <DIR> d-------- c:\program files\Google
2008-12-01 21:52 . 2008-12-01 21:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2008-12-01 21:11 . 2008-12-01 21:11 887,724 --a------ c:\windows\system32\ativva6x.dat
2008-12-01 21:11 . 2008-12-01 21:11 69,112 --a------ c:\windows\system32\ativvaxx.cap
2008-12-01 20:57 . 2008-12-01 20:57 48,640 --a------ c:\windows\system32\amdpcom32.dll
2008-12-01 20:53 . 2008-12-01 20:53 401,408 --a------ c:\windows\system32\atikvmag.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalrt.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalcl.dll
2008-12-01 20:52 . 2008-12-01 20:52 86,016 --a------ c:\windows\system32\atiadlxx.dll
2008-12-01 20:51 . 2008-12-01 20:51 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2008-12-01 20:50 . 2008-12-01 20:50 3,252,224 --a------ c:\windows\system32\Amdcaldd.dll
2008-12-01 20:50 . 2008-12-01 20:50 286,720 --a------ c:\windows\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:02 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 18:02 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-18 13:30 --------- d-----w c:\program files\Java
2008-12-17 15:20 --------- d-----w c:\documents and settings\Administrator.PC1\Data aplikací\Vso
2008-12-13 19:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 13:09 --------- d-----w c:\program files\ATI Technologies
2008-12-11 13:06 --------- d-s---w c:\documents and settings\Administrator.PC1\Data aplikací\Microsoft
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-11-16 16:08 --------- d-----w c:\program files\ICQLite
2008-11-10 16:59 --------- d-----w c:\program files\WinDUO
2008-11-06 09:55 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-06 09:55 --------- d-----w c:\documents and settings\Administrator.PC1\Data aplikací\TuneUp Software
2008-11-06 09:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 14:31 135,344 ----a-w c:\documents and settings\Administrator.PC1\Data aplikací\GDIPFONTCACHEV1.DAT
2008-06-05 14:25 47,360 -c--a-w c:\documents and settings\Administrator.PC1\Data aplikací\pcouffin.sys
2008-02-09 21:07 22,328 -c--a-w c:\documents and settings\Administrator.PC1\Data aplikací\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2004-10-21 57344]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-05 921600]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator.PC1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-24 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2008-06-05 12344]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2001-11-07 44928]
R2 SpyEmrgSrv;Spy Emergency Engine Service;d:\prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe [2008-06-05 694840]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2001-11-07 55808]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-09-20 69120]
S3 DataMan;DataMan USB Infrared Adapter;c:\windows\system32\DRIVERS\DataMan.sys [2007-04-30 10752]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2008-06-05 14392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-12-23 c:\windows\Tasks\1-Click Maintenance.job
- D:\Progr []

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator.PC1\Local Settings\Data aplikac []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Google Update - c:\documents and settings\Administrator.PC1\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.defaulthomepage.info
mLocal Page = hxxp://www.the-exit.com
mStart Page = hxxp://www.the-exit.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Download with GetRight - d:\prográmky\Programs\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\prográmky\Programs\GetRight\GRbrowse.htm
LSP: c:\windows\System32\imon.dll
TCP: {A4BE0BF4-76BD-42AC-9E43-1757DD9D9E97} = 194.228.2.1,194.228.41.113
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 16:31:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Celkový čas: 2008-12-23 16:33:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-23 15:33:38

P°ed spuÜtýnÝm: 1˙542˙160˙384
Po spuÜtýnÝ: 1,751,117,824

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

245

[jaro3]

za tapetu nemůžu...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Files::
c:\windows\ativpsrm.bin
c:\windows\003037_.tmp
c:\windows\002510_.tmp
C:\SDFix.zip
C:\SDFix.exe
c:\windows\system32\spmsg2.dll

Folder::
C:\SDFix

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[El Bunda]

Však já ani neříkám že za ni můžeš , jsem vděčný za tvou pomoc, díky.

ComboFix 08-12-21.04 - Administrator 2008-12-23 17:06:28.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.201 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.PC1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.PC1\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luboç\Local Settings\Temporary Internet Files\

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-23 do 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 15:46 . 2008-12-23 15:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-23 15:45 . 2008-12-23 15:45 <DIR> d-------- c:\windows\ERUNT
2008-12-23 14:56 . 2008-12-23 14:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-23 14:56 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 14:56 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 23:35 . 2008-12-20 23:35 4,096 --a------ c:\windows\system32\crash
2008-12-18 15:11 . 2008-12-18 15:11 0 --a------ c:\windows\OODCNT.INI
2008-12-18 14:30 . 2008-12-18 14:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 19:35 . 2008-12-11 19:35 <DIR> d-------- c:\program files\MSBuild
2008-12-11 19:31 . 2008-12-11 19:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-11 19:30 . 2008-12-11 19:30 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-11 19:30 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-11 19:23 . 2008-12-11 19:23 <DIR> d-------- c:\windows\Logs
2008-12-11 19:22 . 2008-12-11 19:23 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-11 19:21 . 2008-12-11 19:21 <DIR> d-------- c:\windows\system32\xlive
2008-12-11 19:21 . 2008-12-11 20:01 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-11 19:21 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-11 19:21 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-11 19:21 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-11 14:12 . 2008-12-11 14:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ATI
2008-12-11 14:11 . 2008-12-11 14:11 0 --a------ c:\windows\ativpsrm.bin
2008-12-11 14:09 . 2008-12-12 06:55 <DIR> d-------- c:\program files\ATI
2008-12-11 13:48 . 2008-12-11 13:48 <DIR> d-------- c:\windows\system32\cs-cz
2008-12-11 13:40 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-12-11 13:40 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-11 13:38 . 2006-12-29 00:31 19,569 --a------ c:\windows\003037_.tmp
2008-12-11 13:09 . 2004-08-17 15:49 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-11 13:08 . 2008-04-14 08:52 239,616 --------- c:\windows\system32\wstrenderer.ax
2008-12-11 13:08 . 2008-04-14 08:52 164,352 --------- c:\windows\system32\wstpager.ax
2008-12-11 13:08 . 2008-04-14 08:52 53,248 --------- c:\windows\system32\vbicodec.ax
2008-12-11 13:08 . 2008-04-14 00:15 46,592 --------- c:\windows\system32\drivers\irbus.sys
2008-12-11 13:08 . 2008-04-14 08:52 32,768 --------- c:\windows\system32\asr_pfu.exe
2008-12-11 13:08 . 2008-04-14 00:13 12,800 --------- c:\windows\system32\spiisupd.exe
2008-12-11 13:08 . 2008-04-14 08:51 10,752 --------- c:\windows\system32\smtpapi.dll
2008-12-11 13:08 . 2008-04-14 08:51 9,728 --------- c:\windows\system32\rwnh.dll
2008-12-11 13:08 . 2008-04-14 00:13 9,728 --------- c:\windows\system32\comsdupd.exe
2008-12-11 13:00 . 2008-12-11 13:49 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 12:50 . 2007-08-10 20:43 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-12-11 12:50 . 2004-07-17 11:40 19,528 --a------ c:\windows\002510_.tmp
2008-12-11 12:45 . 2008-12-11 13:49 <DIR> d-------- c:\windows\EHome
2008-12-02 16:38 . 2008-12-02 16:38 <DIR> d-------- c:\program files\Google
2008-12-01 21:52 . 2008-12-01 21:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2008-12-01 21:11 . 2008-12-01 21:11 887,724 --a------ c:\windows\system32\ativva6x.dat
2008-12-01 21:11 . 2008-12-01 21:11 69,112 --a------ c:\windows\system32\ativvaxx.cap
2008-12-01 20:57 . 2008-12-01 20:57 48,640 --a------ c:\windows\system32\amdpcom32.dll
2008-12-01 20:53 . 2008-12-01 20:53 401,408 --a------ c:\windows\system32\atikvmag.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalrt.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalcl.dll
2008-12-01 20:52 . 2008-12-01 20:52 86,016 --a------ c:\windows\system32\atiadlxx.dll
2008-12-01 20:51 . 2008-12-01 20:51 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2008-12-01 20:50 . 2008-12-01 20:50 3,252,224 --a------ c:\windows\system32\Amdcaldd.dll
2008-12-01 20:50 . 2008-12-01 20:50 286,720 --a------ c:\windows\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:02 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 18:02 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-18 13:30 --------- d-----w c:\program files\Java
2008-12-13 19:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 13:09 --------- d-----w c:\program files\ATI Technologies
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-11-16 16:08 --------- d-----w c:\program files\ICQLite
2008-11-10 21:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Blizzard
2008-11-10 16:59 --------- d-----w c:\program files\WinDUO
2008-11-06 09:55 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-06 09:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2008-11-06 09:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2004-10-21 57344]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-05 921600]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2008-06-05 12344]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2001-11-07 44928]
R2 SpyEmrgSrv;Spy Emergency Engine Service;d:\prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe [2008-06-05 694840]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2001-11-07 55808]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-09-20 69120]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2008-06-05 14392]
S3 DataMan;DataMan USB Infrared Adapter;c:\windows\system32\DRIVERS\DataMan.sys [2007-04-30 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-12-23 c:\windows\Tasks\1-Click Maintenance.job
- D:\Progr []

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator.PC1\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.defaulthomepage.info
mLocal Page = hxxp://www.the-exit.com
mStart Page = hxxp://www.the-exit.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Download with GetRight - d:\prográmky\Programs\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\prográmky\Programs\GetRight\GRbrowse.htm
LSP: c:\windows\System32\imon.dll
TCP: {A4BE0BF4-76BD-42AC-9E43-1757DD9D9E97} = 194.228.2.1,194.228.41.113
FF - ProfilePath - c:\documents and settings\Administrator.PC1\Data aplikací\Mozilla\Firefox\Profiles\pa63y5pu.default\
FF - prefs.js: browser.search.selectedEngine - Rapidshare & Megaupload File Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Acrobat 5 cz\Reader\browser\nppdf32.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 17:08:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-12-23 17:09:18
ComboFix-quarantined-files.txt 2008-12-23 16:08:54
ComboFix2.txt 2008-12-23 15:33:44

Před spuštěním: 1 719 291 904
Po spuštění: 1,706,737,664

197

[jaro3]

Tak , ale za tohle můžu, omlouvám se ve scriptu jsem napsal místo File:: Files::
Tak znovu script, už mi to nějak nemyslí

Kód: Vybrat vše

File::
c:\windows\ativpsrm.bin
c:\windows\003037_.tmp
c:\windows\002510_.tmp
C:\SDFix.zip
C:\SDFix.exe
c:\windows\system32\spmsg2.dll

Folder::
C:\SDFix

[El Bunda]

Proběhlo to v klidu, ale když jsem pak spustil Firefox nebo Chrome hodilo mi to chybu (Windowsáckou) a nepovolilo mi to přístup k netu. Dal jsem restart compu a už to jede (snad) Firefox jsem ještě nezkoušel.


ComboFix 08-12-21.04 - Administrator 2008-12-23 17:20:05.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.162 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.PC1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.PC1\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
C:\SDFix.exe
C:\SDFix.zip
c:\windows\002510_.tmp
c:\windows\003037_.tmp
c:\windows\ativpsrm.bin
c:\windows\system32\spmsg2.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Luboç\Local Settings\Temporary Internet Files\
c:\windows\002510_.tmp
c:\windows\003037_.tmp
c:\windows\ativpsrm.bin
c:\windows\system32\spmsg2.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-23 do 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 17:09 . 2008-12-23 17:09 <DIR> d-------- c:\documents and settings\Luboç
2008-12-23 15:46 . 2008-12-23 15:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-23 15:45 . 2008-12-23 15:45 <DIR> d-------- c:\windows\ERUNT
2008-12-23 14:56 . 2008-12-23 14:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-23 14:56 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 14:56 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 23:35 . 2008-12-20 23:35 4,096 --a------ c:\windows\system32\crash
2008-12-18 15:11 . 2008-12-18 15:11 0 --a------ c:\windows\OODCNT.INI
2008-12-18 14:30 . 2008-12-18 14:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 19:35 . 2008-12-11 19:35 <DIR> d-------- c:\program files\MSBuild
2008-12-11 19:31 . 2008-12-11 19:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-11 19:30 . 2008-12-11 19:30 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-11 19:23 . 2008-12-11 19:23 <DIR> d-------- c:\windows\Logs
2008-12-11 19:22 . 2008-12-11 19:23 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-11 19:21 . 2008-12-11 19:21 <DIR> d-------- c:\windows\system32\xlive
2008-12-11 19:21 . 2008-12-11 20:01 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-11 19:21 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-11 19:21 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-11 19:21 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-11 14:12 . 2008-12-11 14:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ATI
2008-12-11 14:09 . 2008-12-12 06:55 <DIR> d-------- c:\program files\ATI
2008-12-11 13:48 . 2008-12-11 13:48 <DIR> d-------- c:\windows\system32\cs-cz
2008-12-11 13:40 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-12-11 13:40 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-11 13:09 . 2004-08-17 15:49 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-11 13:08 . 2008-04-14 08:52 239,616 --------- c:\windows\system32\wstrenderer.ax
2008-12-11 13:08 . 2008-04-14 08:52 164,352 --------- c:\windows\system32\wstpager.ax
2008-12-11 13:08 . 2008-04-14 08:52 53,248 --------- c:\windows\system32\vbicodec.ax
2008-12-11 13:08 . 2008-04-14 00:15 46,592 --------- c:\windows\system32\drivers\irbus.sys
2008-12-11 13:08 . 2008-04-14 08:52 32,768 --------- c:\windows\system32\asr_pfu.exe
2008-12-11 13:08 . 2008-04-14 00:13 12,800 --------- c:\windows\system32\spiisupd.exe
2008-12-11 13:08 . 2008-04-14 08:51 10,752 --------- c:\windows\system32\smtpapi.dll
2008-12-11 13:08 . 2008-04-14 08:51 9,728 --------- c:\windows\system32\rwnh.dll
2008-12-11 13:08 . 2008-04-14 00:13 9,728 --------- c:\windows\system32\comsdupd.exe
2008-12-11 13:00 . 2008-12-11 13:49 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 12:50 . 2007-08-10 20:43 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-12-11 12:45 . 2008-12-11 13:49 <DIR> d-------- c:\windows\EHome
2008-12-02 16:38 . 2008-12-02 16:38 <DIR> d-------- c:\program files\Google
2008-12-01 21:52 . 2008-12-01 21:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2008-12-01 21:11 . 2008-12-01 21:11 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2008-12-01 21:11 . 2008-12-01 21:11 887,724 --a------ c:\windows\system32\ativva6x.dat
2008-12-01 21:11 . 2008-12-01 21:11 69,112 --a------ c:\windows\system32\ativvaxx.cap
2008-12-01 20:57 . 2008-12-01 20:57 48,640 --a------ c:\windows\system32\amdpcom32.dll
2008-12-01 20:53 . 2008-12-01 20:53 401,408 --a------ c:\windows\system32\atikvmag.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalrt.dll
2008-12-01 20:53 . 2008-12-01 20:53 45,056 --a------ c:\windows\system32\amdcalcl.dll
2008-12-01 20:52 . 2008-12-01 20:52 86,016 --a------ c:\windows\system32\atiadlxx.dll
2008-12-01 20:51 . 2008-12-01 20:51 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2008-12-01 20:50 . 2008-12-01 20:50 3,252,224 --a------ c:\windows\system32\Amdcaldd.dll
2008-12-01 20:50 . 2008-12-01 20:50 286,720 --a------ c:\windows\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:02 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 18:02 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-18 13:30 --------- d-----w c:\program files\Java
2008-12-13 19:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 13:09 --------- d-----w c:\program files\ATI Technologies
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-11-16 16:08 --------- d-----w c:\program files\ICQLite
2008-11-10 21:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Blizzard
2008-11-10 16:59 --------- d-----w c:\program files\WinDUO
2008-11-06 09:55 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-06 09:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2008-11-06 09:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2004-10-21 57344]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-05 921600]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2008-06-05 12344]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2001-11-07 44928]
R2 SpyEmrgSrv;Spy Emergency Engine Service;d:\prográmky\Programs\Spy Emergency 2008\SpyEmergencySrv.exe [2008-06-05 694840]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2001-11-07 55808]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-09-20 69120]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2008-06-05 14392]
S3 DataMan;DataMan USB Infrared Adapter;c:\windows\system32\DRIVERS\DataMan.sys [2007-04-30 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-12-23 c:\windows\Tasks\1-Click Maintenance.job
- D:\Progr []

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator.PC1\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.defaulthomepage.info
mLocal Page = hxxp://www.the-exit.com
mStart Page = hxxp://www.the-exit.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Download with GetRight - d:\prográmky\Programs\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\prográmky\Programs\GetRight\GRbrowse.htm
LSP: c:\windows\System32\imon.dll
TCP: {A4BE0BF4-76BD-42AC-9E43-1757DD9D9E97} = 194.228.2.1,194.228.41.113
FF - ProfilePath - c:\documents and settings\Administrator.PC1\Data aplikací\Mozilla\Firefox\Profiles\pa63y5pu.default\
FF - prefs.js: browser.search.selectedEngine - Rapidshare & Megaupload File Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Acrobat 5 cz\Reader\browser\nppdf32.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 17:21:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1068)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-12-23 17:22:04
ComboFix-quarantined-files.txt 2008-12-23 16:21:41
ComboFix2.txt 2008-12-23 16:09:19
ComboFix3.txt 2008-12-23 15:33:44

Před spuštěním: 1 681 645 568
Po spuštění: 1,668,853,760

209

[jaro3]

Ještě nový log z HJT.