pomaly a samorestartujici se komp Vyřešeno

[lukpen981]

Zdravim vsechny,

poprosil bych o radu.
Pocitac se zpomalil a po kliknuti na ikonu explorer se sam restartuje. Dalsi problem je v tom, ze jsem si stahl Hijackthis programek, abych VAM, hlavounum, mohl hodit log, ale NELZE spustit. Proste jako, kdyz nechate v aute pres noc hrat radio - ani neskytne!!!
Nevim tedy co s tim........
AVGecko naslo nejakych 8 trojanu - zdaji se byti odstraneni, avsak po opetovnem spusteni se nejaky z nich o5 ukaze!!!
Search and Destroy zase nasel spoustu jinych, ale po restartovani jsou tam + - vsechny znovu, cili obdobne jako u AVG.
Nikdy se mi vsak nestalo, aby Spybot - Search & Destroy nasel neco co by bylo modre (lze videt v priloze)

Nejake napady???

Dekuji

[Reklama]

[jaro3]

Odinstaluj , smaž HJT, a stáhni nový , při ukládáni zvol název ACCD.exe.

[lukpen981]

hmmm :( prave ja jsem ho ani nenainstaloval...neslo mi s nim vuuuubec nic delat, smazal jsem ho, stahnul znovu na plochu, chtel spustit a zase to same - o5 ani neskytl...

jeste par slov: puvodni antivir tam byl AVAST, ten byl odinstalovan a nahrazen NODem32, avsak ten mi hlasil pri instalaci chybu, a tak jsem stahnul AVG. Ted mi nekdo poradil, at vyzkousim nejaky novy antivirus PANDA, ten mi vsak nejde nainstalovat, pac to haze hlasku, ze musim nejdrive odinstalovat NOD, jenze ten uz v PC vubec neni....odinstalovavam pres CCleaner a nekdy pres pridat/odebrat, ale nikde neni, ani kdyz dam vyhledavat soubory nod*, nod32 atd....auuuu
Mezi kazdou instalaci antiviraku jsem nechal komp projet jak Ccleanerem tak i Regcleanerem, ale asi to nepomohlo nebo to neni to prave orechove.....

[jaro3]

Zkus si zde
http://www.edisk.cz/stahni/75269/tools.rar_3.55MB.html

stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix
Pokud máš 32-bit. OS:
pokud ti pojede VerTerm, tak sem vlož z něho log.
Návod na Combofi: vypni rez. ochrany antiviru+antispywaru:
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Jinak sem dej log z dalších, budu až večer..

[lukpen981]

ok, udelam jak pises...ted jsem na ten "nakazeny" komp napojeny pres TeamViewer cili predpokladam, ze to bude chtit i nejaky restart, a tak vse udelam jak dojdu z prace kolem 1900 a pak uz budu jenom cekat.....cheers!!!

[lukpen981]

tak tady je zatim log z hijacka:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:10, on 21.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Kalasutra\Plocha\lukthis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Rozšíření ovladače WMI Wmiose (Wmiose) - Unknown owner - C:\WINDOWS\system32\bootvids.exe (file missing)

--
End of file - 5888 bytes

[lukpen981]

tady je ComboFix


ComboFix 09-05-20.A1 - Kalasutra 21.05.2009 17:43.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.479.177 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kalasutra\Plocha\tools\VerTerm.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FIPS32CUP
-------\Legacy_SECURENTM
-------\Service_ksi32sk
-------\Service_netsik


((((((((((((((((((((((((( Soubory vytvořené od 2009-04-21 do 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 15:36 . 2009-05-21 15:36 -------- d-----w C:\rsit
2009-05-21 05:26 . 2009-05-21 05:26 -------- d-----w c:\documents and settings\Kalasutra\temp
2009-05-21 04:59 . 2009-05-21 04:59 0 ----a-w c:\windows\nsreg.dat
2009-05-21 04:56 . 2009-05-21 04:56 -------- d-----w c:\program files\IObit
2009-05-20 20:11 . 2009-05-20 20:11 -------- d-----w c:\program files\AVG
2009-05-20 19:58 . 2009-05-20 19:56 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-20 19:56 . 2009-05-20 19:55 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-20 19:56 . 2009-05-20 19:56 -------- d-----w c:\windows\system32\DRVSTORE
2009-05-20 19:54 . 2009-05-20 19:54 -------- d-----w c:\program files\Lavasoft
2009-05-20 19:36 . 2009-05-20 19:36 -------- d-sh--w C:\FOUND.012
2009-05-20 05:29 . 2009-05-20 05:29 -------- d-sh--w C:\FOUND.011
2009-05-19 16:23 . 2009-05-19 16:23 -------- d-----w c:\program files\CCleaner
2009-05-19 15:47 . 2009-05-19 15:47 -------- d-sh--w C:\FOUND.010
2009-05-19 15:18 . 2009-05-19 15:18 -------- d-sh--w C:\FOUND.009
2009-05-10 10:30 . 2009-05-10 10:30 -------- d-sh--w C:\FOUND.008
2009-05-10 10:21 . 2009-05-10 10:21 -------- d-sh--w C:\FOUND.007
2009-05-10 10:01 . 2009-05-10 10:01 -------- d-----w c:\program files\DiskCheckerXP
2009-05-10 09:56 . 2009-05-10 09:56 -------- d-sh--w C:\FOUND.006
2009-05-10 09:47 . 2009-05-10 09:47 -------- d-sh--w C:\FOUND.005
2009-05-08 05:37 . 2009-05-08 05:37 -------- d-sh--w C:\FOUND.004
2009-05-08 05:34 . 2009-05-08 05:34 -------- d-sh--w C:\FOUND.003
2009-05-07 18:21 . 2009-05-07 18:21 -------- d-sh--w C:\FOUND.002
2009-05-07 18:17 . 2009-05-07 18:17 -------- d-sh--w C:\FOUND.001
2009-05-07 14:00 . 2009-05-07 15:27 32 --s-a-w c:\windows\system32\2172814518.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 12:33 . 2005-09-10 16:05 64164 ----a-w c:\windows\system32\perfc005.dat
2009-05-10 12:33 . 2005-09-10 16:05 384142 ----a-w c:\windows\system32\perfh005.dat
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w c:\program files\RegCleaner
2009-04-18 14:01 . 2009-04-18 14:01 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-18 13:15 . 2009-04-18 13:15 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-18 13:11 . 2009-04-18 13:11 -------- d-----w c:\program files\Wincmd 403
2009-04-04 06:55 . 2009-04-04 06:55 -------- d-----w c:\program files\Common Files\xing shared
2009-03-28 16:39 . 2009-03-28 16:39 -------- d-----w c:\program files\ColobotDemo
2009-03-28 15:52 . 2009-03-28 15:52 -------- d-----w c:\program files\Microsoft Games
2009-03-24 15:10 . 2009-03-24 15:10 -------- d-----w c:\program files\Real
2009-03-10 17:27 . 2009-03-09 18:35 737280 ----a-w c:\windows\iun6002.exe
2009-03-06 14:23 . 2005-09-10 16:05 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2005-09-10 16:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2005-09-10 16:05 78336 ----a-w c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-04 198160]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-20 516440]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdminWorks Tray"="c:\acer\Empowering Technology\awtray.exe"
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe"
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\Monitor.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"LaunchApp"=Alaunch
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\System32\\mshta.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Documents and Settings\\Kalasutra\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.5.2009 21:56 64160]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10.9.2005 18:05 85888]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 953168]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [10.9.2005 18:05 69120]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 Wmiose;Rozšíření ovladače WMI Wmiose;c:\windows\system32\bootvids.exe srv --> c:\windows\system32\bootvids.exe srv [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:55]

2009-05-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-05-21 16:15]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe


.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kalasutra\Data aplikací\Mozilla\Firefox\Profiles\t46q6z5x.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 17:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\acer\EMPOWERING TECHNOLOGY\AWSERV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-05-21 17:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-21 15:47

Před spuštěním: Volných bajtů: 21 350 350 848
Po spuštění: Volných bajtů: 21 305 655 296

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

178 --- E O F --- 2009-05-20 05:32

*************************************************************************************************************************************

ITR


Logfile of random's system information tool 1.05 (written by random/random)
Run by Kalasutra at 2009-05-21 17:36:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (56%) free of 36 GB
Total RAM: 479 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:19, on 21.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kalasutra\Plocha\tools\itr.exe
C:\Documents and Settings\Kalasutra\Plocha\Kalasutra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Rozšíření ovladače WMI Wmiose (Wmiose) - Unknown owner - C:\WINDOWS\system32\bootvids.exe (file missing)

--
End of file - 5948 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1731380849-547601267-3074093644-1005.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-04 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-04 198160]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-20 516440]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-28 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\System32\mshta.exe"="C:\WINDOWS\System32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\Ati2evxx.exe"="C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Kalasutra\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Kalasutra\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-05-21 17:36:09 ----D---- C:\rsit
2009-05-21 17:35:16 ----D---- C:\Documents and Settings\Kalasutra\Data aplikací\WinRAR
2009-05-21 17:34:59 ----D---- C:\Program Files\WinRAR
2009-05-21 17:21:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-21 07:26:48 ----D---- C:\Documents and Settings\Kalasutra\Data aplikací\TeamViewer
2009-05-21 06:59:37 ----D---- C:\Documents and Settings\Kalasutra\Data aplikací\Mozilla
2009-05-21 06:59:29 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 06:56:45 ----D---- C:\Documents and Settings\Kalasutra\Data aplikací\IObit
2009-05-21 06:56:44 ----D---- C:\Program Files\IObit
2009-05-20 22:11:20 ----D---- C:\Program Files\AVG
2009-05-20 22:11:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2009-05-20 21:58:45 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-20 21:56:05 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-05-20 21:55:01 ----HD---- C:\Documents and Settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-20 21:54:54 ----D---- C:\Program Files\Lavasoft
2009-05-20 21:54:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2009-05-20 21:36:58 ----SHD---- C:\FOUND.012
2009-05-20 21:33:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-05-20 07:32:19 ----A---- C:\WINDOWS\system32\MRT.INI
2009-05-20 07:29:10 ----SHD---- C:\FOUND.011
2009-05-19 18:23:28 ----D---- C:\Program Files\CCleaner
2009-05-19 17:47:32 ----SHD---- C:\FOUND.010
2009-05-19 17:18:20 ----SHD---- C:\FOUND.009
2009-05-10 12:30:16 ----SHD---- C:\FOUND.008
2009-05-10 12:21:54 ----SHD---- C:\FOUND.007
2009-05-10 12:01:43 ----D---- C:\Program Files\DiskCheckerXP
2009-05-10 11:56:50 ----SHD---- C:\FOUND.006
2009-05-10 11:47:36 ----SHD---- C:\FOUND.005
2009-05-08 07:37:58 ----SHD---- C:\FOUND.004
2009-05-08 07:34:10 ----SHD---- C:\FOUND.003
2009-05-07 20:21:22 ----SHD---- C:\FOUND.002
2009-05-07 20:17:24 ----SHD---- C:\FOUND.001
2009-05-07 20:13:51 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2009-05-21 11:31:56 ----A---- C:\WINDOWS\WININIT.INI
2009-05-21 07:09:48 ----A---- C:\WINDOWS\compedia.ini
2009-05-19 17:51:38 ----A---- C:\WINDOWS\WINCMD.INI
2009-05-10 14:33:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-28 1241088]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-09-10 6144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-06-27 234752]
S2 ksi32sk;ksi32sk; \??\C:\WINDOWS\system32\drivers\ksi32sk.sys []
S2 netsik;netsik; \??\C:\WINDOWS\system32\drivers\netsik.sys []
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2004-06-07 5035]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\symidsco.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-28 376832]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\awServ.exe [2005-08-18 86528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-25 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-20 953168]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Wmiose;Rozšíření ovladače WMI Wmiose; C:\WINDOWS\system32\bootvids.exe srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


*************************************************************************************************************************************

buss


DDS (Version 1.1.0) - FAT32x86
Run by Kalasutra at 17:38:40,39 on źt 21.05.2009
Internet Explorer: 7.0.5730.13
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.479.171 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Kalasutra\Plocha\tools\buss.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - Skype add-on (mastermind)
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kalasutra\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kalasu~1\dataap~1\mozilla\firefox\profiles\t46q6z5x.default\
FF - plugin: c:\documents and settings\kalasutra\local settings\data aplikacă­\google\update\1.2.145.5\npGoogleOneClick8.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.key.chromeAccess", 4);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("keyword.URL", "chrome://browser-region/locale/region.properties");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-20 64160]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-9-10 85888]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2006-1-31 11978]
R2 AWService;AdminWorks Agent X6;"c:\acer\empowering technology\awServ.exe" [2005-8-18 86528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\AAWService.exe" [2009-1-18 953168]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2006-1-31 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2006-1-31 4010]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2005-9-10 69120]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" []
S2 ksi32sk;ksi32sk;\??\c:\windows\system32\drivers\ksi32sk.sys []
S2 netsik;netsik;\??\c:\windows\system32\drivers\netsik.sys []
S2 Wmiose;Rozšíření ovladače WMI Wmiose;c:\windows\system32\bootvids.exe srv []
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-1-31 5035]

=============== Created Last 30 ================

2009-05-21 07:26 <DIR> --d----- c:\docume~1\kalasu~1\dataap~1\TeamViewer
2009-05-21 07:26 <DIR> --d----- c:\documents and settings\kalasutra\temp
2009-05-21 06:56 <DIR> --d----- c:\docume~1\kalasu~1\dataap~1\IObit
2009-05-21 06:56 <DIR> --d----- c:\program files\IObit
2009-05-20 22:11 <DIR> --d----- c:\program files\AVG
2009-05-20 22:11 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\avg8
2009-05-20 21:58 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-20 21:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-20 21:55 <DIR> --d-h--- c:\docume~1\alluse~1\dataap~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-20 21:54 <DIR> --d----- c:\program files\Lavasoft
2009-05-20 21:36 <DIR> --dsh--- C:\FOUND.012
2009-05-20 07:32 197 a------- c:\windows\system32\MRT.INI
2009-05-20 07:29 <DIR> --dsh--- C:\FOUND.011
2009-05-19 18:23 <DIR> --d----- c:\program files\CCleaner
2009-05-19 17:47 <DIR> --dsh--- C:\FOUND.010
2009-05-19 17:18 <DIR> --dsh--- C:\FOUND.009
2009-05-10 12:30 <DIR> --dsh--- C:\FOUND.008
2009-05-10 12:21 <DIR> --dsh--- C:\FOUND.007
2009-05-10 12:01 <DIR> --d----- c:\program files\DiskCheckerXP
2009-05-10 11:56 <DIR> --dsh--- C:\FOUND.006
2009-05-10 11:47 <DIR> --dsh--- C:\FOUND.005
2009-05-08 07:37 <DIR> --dsh--- C:\FOUND.004
2009-05-08 07:34 <DIR> --dsh--- C:\FOUND.003
2009-05-07 20:21 <DIR> --dsh--- C:\FOUND.002
2009-05-07 20:17 <DIR> --dsh--- C:\FOUND.001
2009-05-07 16:00 32 a--s---- c:\windows\system32\2172814518.dat

==================== Find3M ====================

2009-05-10 14:33 384,142 a------- c:\windows\system32\perfh005.dat
2009-05-10 14:33 64,164 a------- c:\windows\system32\perfc005.dat
2009-04-18 16:01 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-21 16:09 988,160 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 969,608 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 265,096 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-10 19:27 737,280 a------- c:\windows\iun6002.exe
2009-03-06 16:23 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 16:23 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 02:14 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 02:14 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 06:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-20 07:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122020081221\index.dat

============= FINISH: 17:38:51,46 ===============


buss attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 31.1.2006 16:03:13
System Uptime: 21.5.2009 17:05:09 (0 hours ago)

Motherboard: Acer | | GRS482M
Processor: AMD Sempron(tm) Processor 3000+ | Socket 939 | 1795/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 36 GiB total, 19,954 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 35,34 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP427: 21.2.2009 17:37:12 - Kontrolní bod systému
RP428: 22.2.2009 18:20:26 - Kontrolní bod systému
RP429: 25.2.2009 7:35:46 - Software Distribution Service 3.0
RP430: 26.2.2009 13:58:04 - Kontrolní bod systému
RP431: 27.2.2009 14:12:43 - Kontrolní bod systému
RP432: 1.3.2009 10:03:18 - Kontrolní bod systému
RP433: 3.3.2009 19:06:51 - Kontrolní bod systému
RP434: 4.3.2009 20:40:04 - Kontrolní bod systému
RP435: 6.3.2009 12:11:22 - Kontrolní bod systému
RP436: 7.3.2009 17:22:22 - Kontrolní bod systému
RP437: 8.3.2009 17:38:28 - Kontrolní bod systému
RP438: 10.3.2009 22:59:35 - Software Distribution Service 3.0
RP439: 13.3.2009 15:22:25 - Kontrolní bod systému
RP440: 14.3.2009 19:07:19 - Kontrolní bod systému
RP441: 16.3.2009 17:27:56 - Kontrolní bod systému
RP442: 17.3.2009 6:45:15 - Software Distribution Service 3.0
RP443: 18.3.2009 20:43:56 - Kontrolní bod systému
RP444: 20.3.2009 21:27:03 - Kontrolní bod systému
RP445: 21.3.2009 21:47:42 - Kontrolní bod systému
RP446: 25.3.2009 14:40:16 - Kontrolní bod systému
RP447: 26.3.2009 17:58:17 - Kontrolní bod systému
RP448: 27.3.2009 17:59:09 - Kontrolní bod systému
RP449: 28.3.2009 21:39:46 - Kontrolní bod systému
RP450: 30.3.2009 16:30:55 - Kontrolní bod systému
RP451: 1.4.2009 19:03:05 - Software Distribution Service 3.0
RP452: 2.4.2009 17:47:58 - Nainstalováno Windows XP WgaNotify.
RP453: 3.4.2009 18:53:31 - Kontrolní bod systému
RP454: 5.4.2009 15:16:38 - Kontrolní bod systému
RP455: 9.4.2009 17:20:02 - Kontrolní bod systému
RP456: 11.4.2009 10:04:45 - Kontrolní bod systému
RP457: 12.4.2009 20:09:27 - Kontrolní bod systému
RP458: 15.4.2009 18:02:14 - Installed Windows Media Player 11
RP459: 15.4.2009 18:04:03 - Installed Windows XP MSCompPackV1.
RP460: 15.4.2009 20:05:10 - Software Distribution Service 3.0
RP461: 18.4.2009 15:43:13 - Spybot-S&D System Internals
RP462: 19.4.2009 15:48:18 - Kontrolní bod systému
RP463: 23.4.2009 19:15:40 - Kontrolní bod systému
RP464: 24.4.2009 21:34:18 - Kontrolní bod systému
RP465: 26.4.2009 12:10:25 - Kontrolní bod systému
RP466: 30.4.2009 18:28:32 - Kontrolní bod systému
RP467: 2.5.2009 10:20:15 - Kontrolní bod systému
RP468: 4.5.2009 6:04:09 - Kontrolní bod systému
RP469: 7.5.2009 16:48:48 - Kontrolní bod systému
RP470: 10.5.2009 13:15:49 - Kontrolní bod systému
RP471: 19.5.2009 18:27:57 - Nainstalováno: ESET NOD32 Antivirus
RP472: 20.5.2009 7:31:16 - Software Distribution Service 3.0
RP473: 20.5.2009 21:54:49 - Nainstalováno: ESET NOD32 Antivirus
RP474: 20.5.2009 22:02:31 - Nainstalováno: ESET NOD32 Antivirus
RP475: 20.5.2009 22:05:00 - Nainstalováno: ESET NOD32 Antivirus
RP476: 20.5.2009 22:11:19 - Installed AVG Free 8.5
RP477: 21.5.2009 7:11:34 - Odstraněno Shade: Hněv andělů
RP478: 21.5.2009 7:24:18 - Configured 18 WoS Across America
RP479: 21.5.2009 8:52:06 - Avg8 Update
RP480: 21.5.2009 8:52:50 - Avg8 Update
RP481: 21.5.2009 12:26:49 - Removed AVG 8.5
RP482: 21.5.2009 12:29:49 - Installed AVG 8.5

==== Installed Programs ======================

Acer Empowering Technology framework
Acer ePerformance Management
Acer eSettings Management
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)
Athlon 64 Processor Driver
ATI Display Driver
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
Corel Graphics Suite 11
CorelDRAW Graphics Suite 11
CX65-M65 USB-Handset Manager
DiskCheckerXP 6.1
Encyklopedie Přírody 2.0
Google Chrome
HijackThis 2.0.2
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
ImageMixer VCD/DVD2 for OLYMPUS
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 11
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master
overland
PowerDVD
QuickTime
Servant Salamander 2.0
Skype™ 4.0
Smart Defrag 1.11
Spybot - Search & Destroy
StormWare Pohoda CZ
StormWare Pohoda CZ_2 (C:\Program Files\StormWare\Pohoda_2)
VBA (2627.01)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR

==== End Of File ===========================

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\nsreg.dat
c:\windows\system32\2172814518.dat
c:\windows\iun6002.exe

Folder::
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=-
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[lukpen981]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:55, on 21.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kalasutra\Plocha\lukthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Rozšíření ovladače WMI Wmiose (Wmiose) - Unknown owner - C:\WINDOWS\system32\bootvids.exe (file missing)

--
End of file - 5731 bytes













ComboFix 09-05-20.A1 - Kalasutra 21.05.2009 21:21.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.479.151 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kalasutra\Plocha\VerTerm.exe
Použité ovládací přepínače :: c:\documents and settings\Kalasutra\Plocha\CFScript.txt

FILE ::
c:\windows\iun6002.exe
c:\windows\nsreg.dat
c:\windows\system32\2172814518.dat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\found.001\FILE0002.CHK
c:\found.001\FILE0003.CHK
c:\found.001\FILE0004.CHK
C:\FOUND.002
c:\found.002\FILE0000.CHK
c:\found.002\FILE0001.CHK
c:\found.002\FILE0002.CHK
c:\found.002\FILE0003.CHK
c:\found.002\FILE0004.CHK
c:\found.002\FILE0005.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
c:\found.003\FILE0007.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
c:\found.006\FILE0001.CHK
c:\found.006\FILE0002.CHK
c:\found.006\FILE0003.CHK
c:\found.006\FILE0004.CHK
c:\found.006\FILE0005.CHK
c:\found.006\FILE0006.CHK
c:\found.006\FILE0007.CHK
c:\found.006\FILE0008.CHK
c:\found.006\FILE0009.CHK
c:\found.006\FILE0010.CHK
c:\found.006\FILE0011.CHK
c:\found.006\FILE0012.CHK
c:\found.006\FILE0013.CHK
c:\found.006\FILE0014.CHK
c:\found.006\FILE0015.CHK
c:\found.006\FILE0016.CHK
c:\found.006\FILE0017.CHK
c:\found.006\FILE0018.CHK
c:\found.006\FILE0019.CHK
c:\found.006\FILE0020.CHK
c:\found.006\FILE0021.CHK
c:\found.006\FILE0022.CHK
c:\found.006\FILE0023.CHK
c:\found.006\FILE0024.CHK
c:\found.006\FILE0025.CHK
c:\found.006\FILE0026.CHK
c:\found.006\FILE0027.CHK
c:\found.006\FILE0028.CHK
c:\found.006\FILE0029.CHK
c:\found.006\FILE0030.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
c:\found.007\FILE0001.CHK
c:\found.007\FILE0002.CHK
c:\found.007\FILE0003.CHK
c:\found.007\FILE0004.CHK
c:\found.007\FILE0005.CHK
c:\found.007\FILE0006.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\found.009\FILE0001.CHK
c:\found.009\FILE0002.CHK
c:\found.009\FILE0003.CHK
c:\found.009\FILE0004.CHK
c:\found.009\FILE0005.CHK
c:\found.009\FILE0006.CHK
c:\found.009\FILE0007.CHK
c:\found.009\FILE0008.CHK
c:\found.009\FILE0009.CHK
c:\found.009\FILE0010.CHK
c:\found.009\FILE0011.CHK
c:\found.009\FILE0012.CHK
c:\found.009\FILE0013.CHK
c:\found.009\FILE0014.CHK
c:\found.009\FILE0015.CHK
c:\found.009\FILE0016.CHK
c:\found.009\FILE0017.CHK
c:\found.009\FILE0018.CHK
c:\found.009\FILE0019.CHK
c:\found.009\FILE0020.CHK
c:\found.009\FILE0021.CHK
c:\found.009\FILE0022.CHK
c:\found.009\FILE0023.CHK
c:\found.009\FILE0024.CHK
c:\found.009\FILE0025.CHK
c:\found.009\FILE0026.CHK
c:\found.009\FILE0027.CHK
c:\found.009\FILE0028.CHK
C:\FOUND.010
c:\found.010\FILE0000.CHK
c:\found.010\FILE0001.CHK
c:\found.010\FILE0002.CHK
c:\found.010\FILE0003.CHK
c:\found.010\FILE0004.CHK
c:\found.010\FILE0005.CHK
C:\FOUND.011
c:\found.011\FILE0000.CHK
c:\found.011\FILE0001.CHK
c:\found.011\FILE0002.CHK
c:\found.011\FILE0003.CHK
C:\FOUND.012
c:\found.012\FILE0000.CHK
c:\windows\iun6002.exe
c:\windows\nsreg.dat
c:\windows\system32\2172814518.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-21 do 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 16:07 . 2009-05-21 16:07 -------- d-----w c:\program files\Common Files\Panda Security
2009-05-21 15:36 . 2009-05-21 15:36 -------- d-----w C:\rsit
2009-05-21 05:26 . 2009-05-21 05:26 -------- d-----w c:\documents and settings\Kalasutra\temp
2009-05-21 04:56 . 2009-05-21 04:56 -------- d-----w c:\program files\IObit
2009-05-20 20:11 . 2009-05-20 20:11 -------- d-----w c:\program files\AVG
2009-05-20 19:58 . 2009-05-20 19:56 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-20 19:56 . 2009-05-20 19:55 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-20 19:56 . 2009-05-20 19:56 -------- d-----w c:\windows\system32\DRVSTORE
2009-05-20 19:54 . 2009-05-20 19:54 -------- d-----w c:\program files\Lavasoft
2009-05-19 16:23 . 2009-05-19 16:23 -------- d-----w c:\program files\CCleaner
2009-05-10 10:01 . 2009-05-10 10:01 -------- d-----w c:\program files\DiskCheckerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 12:33 . 2005-09-10 16:05 64164 ----a-w c:\windows\system32\perfc005.dat
2009-05-10 12:33 . 2005-09-10 16:05 384142 ----a-w c:\windows\system32\perfh005.dat
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w c:\program files\RegCleaner
2009-04-18 14:01 . 2009-04-18 14:01 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-18 13:15 . 2009-04-18 13:15 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-18 13:11 . 2009-04-18 13:11 -------- d-----w c:\program files\Wincmd 403
2009-04-04 06:55 . 2009-04-04 06:55 -------- d-----w c:\program files\Common Files\xing shared
2009-03-28 16:39 . 2009-03-28 16:39 -------- d-----w c:\program files\ColobotDemo
2009-03-28 15:52 . 2009-03-28 15:52 -------- d-----w c:\program files\Microsoft Games
2009-03-24 15:10 . 2009-03-24 15:10 -------- d-----w c:\program files\Real
2009-03-06 14:23 . 2005-09-10 16:05 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2005-09-10 16:05 826368 ----a-w c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-04 198160]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-20 516440]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Kalasutra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdminWorks Tray"="c:\acer\Empowering Technology\awtray.exe"
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe"
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\Monitor.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"LaunchApp"=Alaunch
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\System32\\mshta.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Documents and Settings\\Kalasutra\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.5.2009 21:56 64160]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10.9.2005 18:05 85888]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [10.9.2005 18:05 69120]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 953168]
S2 Wmiose;Rozšíření ovladače WMI Wmiose;c:\windows\system32\bootvids.exe srv --> c:\windows\system32\bootvids.exe srv [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:55]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kalasutra\Data aplikací\Mozilla\Firefox\Profiles\t46q6z5x.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 21:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-05-21 21:23
ComboFix-quarantined-files.txt 2009-05-21 19:23

Před spuštěním: Volných bajtů: 21 285 601 280
Po spuštění: Volných bajtů: 21 278 916 608

243 --- E O F --- 2009-05-20 05:32

[jaro3]

Log je bez nákaz,akorát nevím , který antivir používáš:
c:\program files\AVG
c:\program files\Common Files\Panda Security
c:\program files\ESET\ESET NOD32 Antivirus

radím odinstalovat vše a pak stáhnout Aviru nebo Avast..

pro kontrolu:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[lukpen981]

co se tyce antiviraku, tak jak jsem psal...eset je kompletne vymazany, ale asi tam jeste neco zustalo, avg to same a panda nainstalovat nesla pac ji branily zbytky z esetu!!!
cili ted tam neni nainstalovany zadny antivirak....nejradeji bych asi eset...kdyz uz jsme u toho..jaky mas pls nazor na tu Pandu?

jinak...nic to nenaslo...


Malwarebytes' Anti-Malware 1.36
Verze databáze: 2163
Windows 5.1.2600 Service Pack 3

21.5.2009 21:59:57
mbam-log-2009-05-21 (21-59-57).txt

Typ skenu: Rychlý sken
Objektu skenováno: 81988
Uplynulý cas: 2 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Jo MbAM je v pořádku..
Já Ti to odinstaluju vše ( antiviry) scriptem, ale bude to asi až zítra, asi dnes budu končit..máš tam totiž Pandu i ESET v klíčích i driverech...