kontrola HiJackThis prosím

mafian · Příspěvekod **mafian** » 06 dub 2009 12:25

prosím o kontrolu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:34, on 6.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
H:\SaveSnap\SaveSnap.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SaveSnap.lnk = H:\SaveSnap\SaveSnap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - H:\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 8041 bytes

Reklama

Příspěvekod **jaro3** » 06 dub 2009 15:17

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

mafian · Příspěvekod **mafian** » 06 dub 2009 17:12

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1945
Windows 5.1.2600 Service Pack 3

6.4.2009 17:08:05
mbam-log-2009-04-06 (17-08-05).txt

Typ skenu: Rychlý sken
Objektu skenováno: 73193
Uplynulý cas: 2 minute(s), 26 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **jaro3** » 06 dub 2009 19:14

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.

mafian · Příspěvekod **mafian** » 06 dub 2009 19:19

no problém mam ten že se mi strašně pomalu načítají webový stránky a netem to neni a dělá to jak opera tak IE.

Příspěvekod **jaro3** » 06 dub 2009 20:28

Vypni rez. ochranu u Avastu+ štít u ST+ deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

mafian · Příspěvekod **mafian** » 06 dub 2009 23:06

ComboFix 09-04-04.01 - 123456 2009-04-06 22:54:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3326.2761 [GMT 2:00]
Spuštěný z: c:\documents and settings\123456\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090406-0] *On-access scanning enabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-06 do 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-06 22:32 . 2009-04-06 22:32 1,139,744 --a------ C:\wasfre.jpg
2009-04-06 22:27 . 2009-04-06 22:27 1,113,275 --a------ C:\wqerwe.jpg
2009-04-06 20:25 . 2009-04-06 20:25 2,514,732 --a------ C:\fgt.jpg
2009-04-06 17:04 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 17:04 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 12:23 . 2009-04-06 12:23 <DIR> d-------- c:\program files\Trend Micro
2009-04-06 12:22 . 2009-04-06 12:22 812,344 --a------ C:\HJTInstall.exe
2009-04-05 21:44 . 2009-01-14 06:05 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-04-05 21:44 . 2009-01-14 06:05 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-04-05 21:44 . 2009-01-14 06:05 887,724 -ra------ c:\windows\system32\ativva6x.dat
2009-04-05 21:44 . 2009-01-14 06:49 425,984 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-04-05 21:44 . 2009-01-14 05:37 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-04-05 21:44 . 2008-10-30 00:13 180,720 -ra------ c:\windows\system32\atiicdxx.dat
2009-04-05 21:44 . 2007-08-31 16:20 7,167 -ra------ c:\windows\system32\atifglpf.xml
2009-04-05 21:44 . 2008-09-29 23:22 529 -ra------ c:\windows\system32\ATIODCLI.exe.manifest
2009-04-05 21:44 . 2008-10-03 23:48 527 -ra------ c:\windows\system32\ATIODE.exe.manifest
2009-04-05 21:35 . 2009-04-05 21:35 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\ATI
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-04-05 21:34 . 2009-03-21 17:25 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-04-05 21:34 . 2009-04-05 21:34 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-04-05 21:34 . 2009-04-05 21:35 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-04-05 21:34 . 2009-04-05 21:34 <DIR> d-------- c:\documents and settings\Administrator
2009-04-05 11:23 . 2009-04-05 11:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ATI
2009-04-05 11:20 . 2009-04-05 11:22 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-04-05 11:12 . 2008-11-21 05:26 15,362 -ra------ c:\windows\atiogl.xml
2009-04-05 10:34 . 2009-04-05 10:36 40,091,352 --a------ C:\9-3_xp32_dd_ccc_wdm_enu.exe
2009-04-05 10:15 . 2009-04-05 10:41 <DIR> d-------- c:\program files\Ray Adams
2009-04-05 10:15 . 2009-04-05 10:15 <DIR> d-------- c:\documents and settings\123456\Data aplikací\atitray
2009-04-05 10:14 . 2009-04-05 10:14 1,193,720 --a------ C:\attsetup.exe
2009-04-03 21:19 . 2009-04-05 21:39 <DIR> d-------- c:\program files\ATI Technologies
2009-04-03 20:30 . 2009-04-03 20:30 <DIR> d-------- c:\program files\Atari
2009-04-03 19:50 . 2009-04-05 21:41 664 --a------ c:\windows\system32\d3d9caps.dat
2009-04-03 17:36 . 2009-04-03 17:36 <DIR> d-------- C:\ATI
2009-04-03 17:28 . 2009-04-05 21:38 10 --a------ c:\windows\WININIT.INI
2009-04-03 15:23 . 2009-04-03 15:24 5,130,958 --a------ c:\windows\REGBK01.ZIP
2009-04-03 13:39 . 2009-04-05 11:09 <DIR> d-------- C:\Shoty
2009-04-02 20:37 . 2009-04-03 13:35 4,096 --a------ c:\windows\system32\crash
2009-04-01 20:37 . 2008-12-25 17:32 3,721,664 --a------ c:\windows\system32\drivers\RtKHDMI.sys
2009-04-01 20:37 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-04-01 20:37 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-04-01 20:37 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe
2009-04-01 20:37 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-04-01 20:37 . 2009-01-13 15:39 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-04-01 10:43 . 2008-06-06 12:15 51,520 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 38,208 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 33,088 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-04-01 10:27 . 2009-04-01 10:27 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-04-01 10:27 . 2009-04-01 10:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Tools
2009-04-01 10:27 . 2009-04-01 10:27 <DIR> d-------- c:\documents and settings\123456\Data aplikací\PC Tools
2009-04-01 10:27 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-04-01 10:27 . 2009-04-01 10:41 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-04-01 10:27 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-01 10:27 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-31 10:26 . 2009-03-31 10:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2009-03-30 12:25 . 2009-03-30 12:25 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-30 12:04 . 2009-03-30 12:04 <DIR> d--hs---- c:\documents and settings\123456\PrivacIE
2009-03-30 12:04 . 2009-03-30 12:04 <DIR> d--hs---- c:\documents and settings\123456\IECompatCache
2009-03-30 12:02 . 2009-03-30 12:02 <DIR> d--hs---- c:\documents and settings\123456\IETldCache
2009-03-30 12:00 . 2009-03-30 12:00 <DIR> d-------- c:\windows\ie8updates
2009-03-30 11:59 . 2009-03-30 12:00 <DIR> d--h-c--- c:\windows\ie8
2009-03-30 11:58 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-29 16:57 . 2009-03-29 16:57 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-29 14:42 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\program files\MSBuild
2009-03-29 14:17 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-29 14:17 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 14:17 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 14:17 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-29 14:17 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 14:17 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-29 14:17 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 11:48 . 2009-03-29 12:32 11,477 --a------ C:\Nový objekt - Textový dokument OpenDocument.odt
2009-03-28 14:59 . 2009-03-28 14:59 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\program files\Sony Ericsson
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Documents
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Teleca
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\123456\Data aplikací\Teleca
2009-03-28 12:44 . 2009-03-28 12:45 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-28 12:44 . 2009-03-28 12:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-28 12:44 . 2009-03-28 12:44 6,176 --a------ c:\windows\system32\drivers\w810cm.sys
2009-03-28 12:44 . 2009-03-28 12:44 5,808 --a------ c:\windows\system32\drivers\w810wh.sys
2009-03-27 15:44 . 2009-03-27 15:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MSN6
2009-03-27 15:44 . 2009-03-27 15:44 <DIR> d-------- c:\documents and settings\123456\Data aplikací\MSN6
2009-03-26 14:13 . 2009-03-26 14:13 27,788 --a------ C:\2.pdf
2009-03-26 14:11 . 2009-03-26 14:11 767,493 --a------ C:\1.pdf
2009-03-26 14:08 . 2009-03-26 14:08 26,881 --a------ C:\drobný majetek.pdf
2009-03-26 14:07 . 2009-03-26 14:07 1,047,596 --a------ C:\drobný majetek.jpg
2009-03-24 20:20 . 2008-04-14 05:22 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\system32\cs
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\system32\bits
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\l2schemas
2009-03-24 14:10 . 2009-03-24 16:21 262,144 --a------ c:\windows\system32\wrap_oal.dll
2009-03-24 14:10 . 2009-03-24 16:21 86,016 --a------ c:\windows\system32\OpenAL32.dll
2009-03-24 14:09 . 2009-03-24 14:09 <DIR> d-------- c:\windows\system32\Futuremark
2009-03-24 14:09 . 2004-10-25 21:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2009-03-24 14:09 . 1999-11-02 11:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2009-03-24 14:09 . 2004-06-22 16:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2009-03-24 14:09 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2009-03-23 22:15 . 2009-03-23 22:15 <DIR> d-a------ c:\windows\system32\runouce.exe
2009-03-23 22:15 . 2009-03-23 21:35 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-23 22:15 . 2009-03-23 21:35 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-23 22:15 . 2009-03-23 22:15 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-23 22:15 . 2005-09-23 00:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-23 22:14 . 2009-03-23 22:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-23 21:57 . 2009-03-23 21:57 4,268,400 --a------ c:\windows\REGBK00.ZIP
2009-03-23 21:41 . 2009-04-05 13:00 0 --a------ C:\23990098.$$$
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\zts2.exe
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\system32\iifgfgf.dll
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\rundl132.dll
2009-03-23 21:35 . 2004-08-17 16:49 147,968 --a------ c:\windows\R.COM
2009-03-23 21:35 . 2004-08-17 16:49 137,216 --a------ c:\windows\system32\T.COM
2009-03-23 21:35 . 2009-04-05 12:58 54 --a------ c:\windows\Lic.xxx
2009-03-23 15:51 . 2009-04-01 11:39 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-23 15:51 . 2009-04-05 13:11 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-23 13:33 . 2009-03-23 13:33 <DIR> d-------- c:\windows\system32\Mira6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 20:17 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-04-06 20:16 16,608 ----a-w c:\windows\gdrv.sys
2009-04-05 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 08:12 --------- d-----w c:\program files\Gigabyte
2009-03-24 11:49 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 19:47 --------- d-----w c:\program files\Nero
2009-03-21 19:47 --------- d-----w c:\program files\Common Files\Nero
2009-03-21 19:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-21 19:14 --------- d-----w c:\program files\Realtek
2009-03-21 17:19 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-21 17:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2009-03-21 17:05 --------- d-----w c:\program files\Opera
2009-03-21 16:45 --------- d-----w c:\program files\Browser Configuration Utility
2009-03-21 15:49 --------- d-----w c:\documents and settings\123456\Data aplikací\ATI
2009-03-21 15:28 --------- d-----w c:\program files\microsoft frontpage
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-23 11:52 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2009-02-23 11:52 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2009-02-23 11:52 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2009-02-23 11:51 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2009-02-20 17:12 65,536 ----a-w c:\windows\system32\FatCopy.dll
2009-02-20 17:12 213,504 ----a-w c:\windows\system32\BootMan.exe
2009-02-20 17:12 17,920 ----a-w c:\windows\system32\SectorCopy.dll
2009-02-20 17:12 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
2009-02-20 17:11 93,184 ----a-w c:\windows\system32\Partition.dll
2009-02-20 17:11 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2009-02-20 17:11 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2009-02-20 17:11 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
2009-02-20 17:11 180,224 ----a-w c:\windows\system32\DeviceManager.dll
2009-02-20 17:10 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2009-02-20 17:10 68,096 ----a-w c:\windows\system32\Device.dll
2009-02-20 17:10 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
2009-02-20 17:10 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
2009-02-20 17:10 31,744 ----a-w c:\windows\system32\FatLib.dll
2009-02-20 17:10 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2009-02-20 17:10 22,016 ----a-w c:\windows\system32\FatFormat.dll
2009-02-20 17:10 21,504 ----a-w c:\windows\system32\Fixup.dll
2009-02-20 17:10 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2009-02-20 17:10 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2009-02-20 17:09 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-13 12:37 18,084,864 ----a-w c:\windows\RTHDCPL.EXE
2009-01-07 16:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\123456\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-05 393216]
SaveSnap.lnk - h:\savesnap\SaveSnap.exe [2009-04-03 1264128]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= h:\combin~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= h:\combin~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\ICQ6.5\\ICQ.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-01 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-04-01 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-04-01 38208]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-22 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-04-01 159600]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-03-22 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-22 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-03-21 68136]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-04-03 93184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-03-22 65576]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\123456\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\123456\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-03-22 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-03-22 3072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-04-01 64392]
S3 sdAuxService;PC Tools Auxiliary Service;h:\spyware doctor\pctsAuxs.exe [2009-04-01 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-04-01 33088]
S3 ThreatFire;ThreatFire;h:\spyware doctor\TFEngine\TFService.exe service --> h:\spyware doctor\TFEngine\TFService.exe service [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-03-28 23600]
SUnknown GVTDrv;GVTDrv; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-GEST - (no file)

.
------- Doplňkový sken -------
.
uStart Page = about:blank
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 23:00:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

Příspěvekod **jaro3** » 07 dub 2009 08:17

Toto znáš:
C:\wasfre.jpg
C:\wqerwe.jpg
C:\fgt.jpg
C:\2.pdf
C:\1.pdf ?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\REGBK01.ZIP
c:\windows\REGBK00.ZIP

Folder::
c:\windows\system32\runouce.exe

DirLook:.
c:\windows\system32\Mira6

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\drivers\pctgntdi.sys
Vlož sem pak odkaz výsledku.

mafian · Příspěvekod **mafian** » 07 dub 2009 11:20

jo ty soubory znam.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:06, on 7.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
H:\SaveSnap\SaveSnap.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SaveSnap.lnk = H:\SaveSnap\SaveSnap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - H:\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 7978 bytes

ComboFix 09-04-04.01 - 123456 2009-04-07 11:07:54.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3326.2750 [GMT 2:00]
Spuštěný z: c:\documents and settings\123456\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\123456\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090406-0] *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\REGBK00.ZIP
c:\windows\REGBK01.ZIP
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\REGBK00.ZIP
c:\windows\REGBK01.ZIP
c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-07 do 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-06 22:32 . 2009-04-06 22:32 1,139,744 --a------ C:\wasfre.jpg
2009-04-06 22:27 . 2009-04-06 22:27 1,113,275 --a------ C:\wqerwe.jpg
2009-04-06 20:25 . 2009-04-06 20:25 2,514,732 --a------ C:\fgt.jpg
2009-04-06 17:04 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 17:04 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 12:23 . 2009-04-06 12:23 <DIR> d-------- c:\program files\Trend Micro
2009-04-06 12:22 . 2009-04-06 12:22 812,344 --a------ C:\HJTInstall.exe
2009-04-05 21:44 . 2009-01-14 06:05 3,107,788 -ra------ c:\windows\system32\ativvaxx.dat
2009-04-05 21:44 . 2009-01-14 06:05 3,107,788 -ra------ c:\windows\system32\ativva5x.dat
2009-04-05 21:44 . 2009-01-14 06:05 887,724 -ra------ c:\windows\system32\ativva6x.dat
2009-04-05 21:44 . 2009-01-14 06:49 425,984 -ra------ c:\windows\system32\ATIDEMGX.dll
2009-04-05 21:44 . 2009-01-14 05:37 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-04-05 21:44 . 2008-10-30 00:13 180,720 -ra------ c:\windows\system32\atiicdxx.dat
2009-04-05 21:44 . 2007-08-31 16:20 7,167 -ra------ c:\windows\system32\atifglpf.xml
2009-04-05 21:44 . 2008-09-29 23:22 529 -ra------ c:\windows\system32\ATIODCLI.exe.manifest
2009-04-05 21:44 . 2008-10-03 23:48 527 -ra------ c:\windows\system32\ATIODE.exe.manifest
2009-04-05 21:35 . 2009-04-05 21:35 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\ATI
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-04-05 21:34 . 2009-03-21 17:25 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-04-05 21:34 . 2009-04-05 21:34 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-04-05 21:34 . 2009-03-22 01:15 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-04-05 21:34 . 2009-04-05 21:35 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-04-05 21:34 . 2009-04-05 21:34 <DIR> d-------- c:\documents and settings\Administrator
2009-04-05 11:23 . 2009-04-05 11:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ATI
2009-04-05 11:20 . 2009-04-05 11:22 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-04-05 11:12 . 2008-11-21 05:26 15,362 -ra------ c:\windows\atiogl.xml
2009-04-05 10:34 . 2009-04-05 10:36 40,091,352 --a------ C:\9-3_xp32_dd_ccc_wdm_enu.exe
2009-04-05 10:15 . 2009-04-05 10:41 <DIR> d-------- c:\program files\Ray Adams
2009-04-05 10:15 . 2009-04-05 10:15 <DIR> d-------- c:\documents and settings\123456\Data aplikací\atitray
2009-04-05 10:14 . 2009-04-05 10:14 1,193,720 --a------ C:\attsetup.exe
2009-04-03 21:19 . 2009-04-05 21:39 <DIR> d-------- c:\program files\ATI Technologies
2009-04-03 20:30 . 2009-04-03 20:30 <DIR> d-------- c:\program files\Atari
2009-04-03 19:50 . 2009-04-05 21:41 664 --a------ c:\windows\system32\d3d9caps.dat
2009-04-03 17:36 . 2009-04-03 17:36 <DIR> d-------- C:\ATI
2009-04-03 17:28 . 2009-04-05 21:38 10 --a------ c:\windows\WININIT.INI
2009-04-03 13:39 . 2009-04-05 11:09 <DIR> d-------- C:\Shoty
2009-04-02 20:37 . 2009-04-03 13:35 4,096 --a------ c:\windows\system32\crash
2009-04-01 20:37 . 2008-12-25 17:32 3,721,664 --a------ c:\windows\system32\drivers\RtKHDMI.sys
2009-04-01 20:37 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-04-01 20:37 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-04-01 20:37 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe
2009-04-01 20:37 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-04-01 20:37 . 2009-01-13 15:39 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-04-01 10:43 . 2008-06-06 12:15 51,520 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 38,208 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 33,088 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-04-01 10:43 . 2008-06-06 12:15 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-04-01 10:27 . 2009-04-01 10:27 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-04-01 10:27 . 2009-04-01 10:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Tools
2009-04-01 10:27 . 2009-04-01 10:27 <DIR> d-------- c:\documents and settings\123456\Data aplikací\PC Tools
2009-04-01 10:27 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-04-01 10:27 . 2009-04-01 10:41 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-04-01 10:27 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-01 10:27 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-31 10:26 . 2009-03-31 10:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2009-03-30 12:25 . 2009-03-30 12:25 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-30 12:04 . 2009-03-30 12:04 <DIR> d--hs---- c:\documents and settings\123456\PrivacIE
2009-03-30 12:04 . 2009-03-30 12:04 <DIR> d--hs---- c:\documents and settings\123456\IECompatCache
2009-03-30 12:02 . 2009-03-30 12:02 <DIR> d--hs---- c:\documents and settings\123456\IETldCache
2009-03-30 12:00 . 2009-03-30 12:00 <DIR> d-------- c:\windows\ie8updates
2009-03-30 11:59 . 2009-03-30 12:00 <DIR> d--h-c--- c:\windows\ie8
2009-03-30 11:58 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-29 16:57 . 2009-03-29 16:57 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-29 14:42 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-29 14:18 . 2009-03-29 14:18 <DIR> d-------- c:\program files\MSBuild
2009-03-29 14:17 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-29 14:17 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 14:17 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 14:17 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-29 14:17 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 14:17 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-29 14:17 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 11:48 . 2009-03-29 12:32 11,477 --a------ C:\Nový objekt - Textový dokument OpenDocument.odt
2009-03-28 14:59 . 2009-03-28 14:59 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\program files\Sony Ericsson
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Documents
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Teleca
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-03-28 12:45 . 2009-03-28 12:45 <DIR> d-------- c:\documents and settings\123456\Data aplikací\Teleca
2009-03-28 12:44 . 2009-03-28 12:45 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-28 12:44 . 2009-03-28 12:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-28 12:44 . 2009-03-28 12:44 6,176 --a------ c:\windows\system32\drivers\w810cm.sys
2009-03-28 12:44 . 2009-03-28 12:44 5,808 --a------ c:\windows\system32\drivers\w810wh.sys
2009-03-27 15:44 . 2009-03-27 15:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MSN6
2009-03-27 15:44 . 2009-03-27 15:44 <DIR> d-------- c:\documents and settings\123456\Data aplikací\MSN6
2009-03-26 14:13 . 2009-03-26 14:13 27,788 --a------ C:\2.pdf
2009-03-26 14:11 . 2009-03-26 14:11 767,493 --a------ C:\1.pdf
2009-03-26 14:08 . 2009-03-26 14:08 26,881 --a------ C:\drobný majetek.pdf
2009-03-26 14:07 . 2009-03-26 14:07 1,047,596 --a------ C:\drobný majetek.jpg
2009-03-24 20:20 . 2008-04-14 05:22 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\system32\cs
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\system32\bits
2009-03-24 18:45 . 2009-03-24 18:45 <DIR> d-------- c:\windows\l2schemas
2009-03-24 14:10 . 2009-03-24 16:21 262,144 --a------ c:\windows\system32\wrap_oal.dll
2009-03-24 14:10 . 2009-03-24 16:21 86,016 --a------ c:\windows\system32\OpenAL32.dll
2009-03-24 14:09 . 2009-03-24 14:09 <DIR> d-------- c:\windows\system32\Futuremark
2009-03-24 14:09 . 2004-10-25 21:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2009-03-24 14:09 . 1999-11-02 11:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2009-03-24 14:09 . 2004-06-22 16:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2009-03-24 14:09 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2009-03-23 22:15 . 2009-03-23 21:35 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-23 22:15 . 2009-03-23 21:35 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-23 22:15 . 2009-03-23 22:15 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-23 22:15 . 2005-09-23 00:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-23 22:14 . 2009-03-23 22:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-23 21:41 . 2009-04-05 13:00 0 --a------ C:\23990098.$$$
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\zts2.exe
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\system32\iifgfgf.dll
2009-03-23 21:40 . 2009-03-23 21:40 <DIR> d-a------ c:\windows\rundl132.dll
2009-03-23 21:35 . 2004-08-17 16:49 147,968 --a------ c:\windows\R.COM
2009-03-23 21:35 . 2004-08-17 16:49 137,216 --a------ c:\windows\system32\T.COM
2009-03-23 21:35 . 2009-04-05 12:58 54 --a------ c:\windows\Lic.xxx
2009-03-23 15:51 . 2009-04-01 11:39 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-23 15:51 . 2009-04-05 13:11 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-23 13:33 . 2009-03-23 13:33 <DIR> d-------- c:\windows\system32\Mira6
2009-03-23 13:33 . 2009-03-23 13:33 <DIR> d-------- c:\program files\ScanDrv6
2009-03-23 13:33 . 2004-07-26 13:05 24,576 --a------ c:\windows\system32\RSRC32.DLL
2009-03-23 13:33 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 08:38 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-04-07 08:38 16,608 ----a-w c:\windows\gdrv.sys
2009-04-05 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 08:12 --------- d-----w c:\program files\Gigabyte
2009-03-24 11:49 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 19:47 --------- d-----w c:\program files\Nero
2009-03-21 19:47 --------- d-----w c:\program files\Common Files\Nero
2009-03-21 19:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-21 19:14 --------- d-----w c:\program files\Realtek
2009-03-21 17:19 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-21 17:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2009-03-21 17:05 --------- d-----w c:\program files\Opera
2009-03-21 16:45 --------- d-----w c:\program files\Browser Configuration Utility
2009-03-21 15:49 --------- d-----w c:\documents and settings\123456\Data aplikací\ATI
2009-03-21 15:28 --------- d-----w c:\program files\microsoft frontpage
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-23 11:52 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2009-02-23 11:52 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2009-02-23 11:52 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2009-02-23 11:51 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2009-02-20 17:12 65,536 ----a-w c:\windows\system32\FatCopy.dll
2009-02-20 17:12 213,504 ----a-w c:\windows\system32\BootMan.exe
2009-02-20 17:12 17,920 ----a-w c:\windows\system32\SectorCopy.dll
2009-02-20 17:12 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
2009-02-20 17:11 93,184 ----a-w c:\windows\system32\Partition.dll
2009-02-20 17:11 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2009-02-20 17:11 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2009-02-20 17:11 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
2009-02-20 17:11 180,224 ----a-w c:\windows\system32\DeviceManager.dll
2009-02-20 17:10 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2009-02-20 17:10 68,096 ----a-w c:\windows\system32\Device.dll
2009-02-20 17:10 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
2009-02-20 17:10 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
2009-02-20 17:10 31,744 ----a-w c:\windows\system32\FatLib.dll
2009-02-20 17:10 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2009-02-20 17:10 22,016 ----a-w c:\windows\system32\FatFormat.dll
2009-02-20 17:10 21,504 ----a-w c:\windows\system32\Fixup.dll
2009-02-20 17:10 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2009-02-20 17:10 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2009-02-20 17:09 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-13 12:37 18,084,864 ----a-w c:\windows\RTHDCPL.EXE
2009-01-07 16:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_23.01.30,18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-07 08:38:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-04-07 08:38:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_9dc.dat
+ 2009-04-07 08:38:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_9f4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\123456\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-05 393216]
SaveSnap.lnk - h:\savesnap\SaveSnap.exe [2009-04-03 1264128]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= h:\combin~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= h:\combin~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\ICQ6.5\\ICQ.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-01 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-04-01 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-04-01 38208]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-22 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-04-01 159600]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-03-22 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-22 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-03-21 68136]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-04-03 93184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-03-22 65576]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\123456\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\123456\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-03-22 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-03-22 3072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-04-01 64392]
S3 sdAuxService;PC Tools Auxiliary Service;h:\spyware doctor\pctsAuxs.exe [2009-04-01 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-04-01 33088]
S3 ThreatFire;ThreatFire;h:\spyware doctor\TFEngine\TFService.exe service --> h:\spyware doctor\TFEngine\TFService.exe service [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-03-28 23600]
SUnknown GVTDrv;GVTDrv; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 11:13:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\[u]0[/u]9"
"DeviceDesc"="???\17?\11\[u]0[/u]9"
"ProviderName"="?O?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\install pack\\sbdrv\\smbus\\smbusati.inf\[u]0[/u]0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1280)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Celkový čas: 2009-04-07 11:16:10
ComboFix-quarantined-files.txt 2009-04-07 09:16:05
ComboFix2.txt 2009-04-06 21:03:05

Před spuštěním: Volných bajtů: 113 251 045 376
Po spuštění: Volných bajtů: 113,236,451,328

332 --- E O F --- 2009-03-29 13:28:58

mafian · Příspěvekod **mafian** » 07 dub 2009 11:29

a zde ten odkaz http://www.virustotal.com/cs/analisis/8 ... 167e326e5d

Příspěvekod **jaro3** » 07 dub 2009 13:28

Odinstaluj , smaž :
Spyware Doctor

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} -
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
C:\WINDOWS\system32\dvmurl.dll
O4 - Startup: SaveSnap.lnk = H:\SaveSnap\SaveSnap.exe

použij T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

můžeš ještě použít CCleaner.

Toto otestuj na Virustotal
H:\SaveSnap\SaveSnap.exe
Vlož sem pak odkaz výsledku.

kontrola HiJackThis prosím

kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Re: kontrola HiJackThis prosím

Kdo je online