kontrola logu-pomalý start Vyřešeno

[patricia]

Prosím o kontrolu.Pomalé PC hlavně po startu.

Logfile of HijackThis v1.99.1
Scan saved at 14:44:59, on 24.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Admin\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\WINDOWS\TEMP\E_SB8.tmp" /EF "HKCU"
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

[Reklama]

[Damned]

Spusť si HJT a fixni (zatrhnout políčko před hodnotou a zmáčknout "Fix checked"):

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[patricia]

Díky za tak rychlou odpověď.

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2174
Windows 5.1.2600 Service Pack 2

24.5.2009 15:31:46
mbam-log-2009-05-24 (15-31-46).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82107
Uplynulý cas: 4 minute(s), 0 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Není tam vidět žádný šmejdík, uvidíme co odhalí ComboFix:

Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[patricia]

ComboFix 09-05-23.04 - Admin 24.05.2009 15:59.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.256 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090523-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-24 do 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-02 10:36 . 2009-05-02 10:36 -------- dc----w c:\program files\HappyFoto

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 12:32 . 2009-04-20 12:31 -------- dc----w c:\program files\Ovečky
2009-04-08 20:40 . 2009-01-18 14:15 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 15:10 . 2007-07-16 10:33 -------- dc----w c:\program files\CCleaner
2009-04-06 13:32 . 2009-01-18 14:15 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 14:15 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 12:49 . 2001-10-25 12:00 73826 ----a-w c:\windows\system32\perfc005.dat
2009-04-03 12:49 . 2001-10-25 12:00 399584 ----a-w c:\windows\system32\perfh005.dat
2009-03-28 17:51 . 2009-03-28 17:51 -------- dc----w c:\program files\MSECache
2009-03-04 13:30 . 2009-03-04 13:30 472576 -c--a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-02-23 15:19 . 2009-02-23 15:19 0 -c--a-w c:\windows\ativpsrm.bin
2008-11-28 17:06 . 2008-10-10 15:57 5632 -csha-w c:\program files\Thumbs.db
2008-10-10 18:06 . 2006-03-27 17:46 275 -c--a-w c:\program files\options.ini
2008-06-08 15:34 . 2008-06-08 15:34 20997 -c--a-w c:\program files\picformobpicture.jpg
2007-06-10 09:05 . 2006-03-27 18:44 160614 -c--a-w c:\program files\autosave.sav
2006-03-27 17:32 . 2006-03-27 17:31 24559 -c--a-w c:\program files\Uninst.isu
2002-03-08 10:48 . 2006-03-27 17:31 5151 -c--a-w c:\program files\Readme.txt
2002-03-07 16:54 . 2006-03-27 17:31 199044 -c--a-w c:\program files\Anchors Away! - Hard.scn
2002-03-07 16:53 . 2006-03-27 17:31 270994 -c--a-w c:\program files\Milton's Garden - Hard.scn
2002-03-07 16:33 . 2006-03-27 17:31 196864 -c--a-w c:\program files\Partnership Problems - Medium.scn
2002-03-07 16:21 . 2006-03-27 17:31 270796 -c--a-w c:\program files\Debt Free - Medium.scn
2002-03-07 15:03 . 2006-03-27 17:31 191261 -c--a-w c:\program files\mtmanualENG.pdf
2002-03-06 19:10 . 2006-03-27 17:31 815104 -c--a-w c:\program files\mall.exe
2002-03-06 19:01 . 2006-03-27 17:31 3308653 -c--a-w c:\program files\specials.MUK
2002-03-06 15:23 . 2006-03-27 17:31 14306376 -c--a-w c:\program files\commods.MUK
2002-03-06 15:20 . 2006-03-27 17:31 56483359 -c--a-w c:\program files\tex.MUK
2002-03-06 15:19 . 2006-03-27 17:31 6354228 -c--a-w c:\program files\mapobjects.MUK
2002-03-06 10:41 . 2006-03-27 17:31 353953 -c--a-w c:\program files\Prison Break! - Hard.scn
2002-03-06 10:37 . 2006-03-27 17:31 254371 -c--a-w c:\program files\28% Tax Bracket - Easy.scn
2002-03-06 10:33 . 2006-03-27 17:31 248882 -c--a-w c:\program files\Discounters of the Third Kind - Medium.scn
2002-03-06 10:23 . 2006-03-27 17:31 185833 -c--a-w c:\program files\Rolling Hills - Medium.scn
2002-02-27 17:29 . 2006-03-27 17:31 11133 -c--a-w c:\program files\tutorial.res
2002-02-19 12:18 . 2006-03-27 17:31 1623 -c--a-w c:\program files\key_controls.txt
2002-02-07 17:50 . 2006-03-27 17:31 13925 -c--a-w c:\program files\strings.res
2002-02-06 17:11 . 2006-03-27 17:31 7504 -c--a-w c:\program files\options.res
2002-02-05 17:04 . 2006-03-27 17:31 6980 -c--a-w c:\program files\econ.res
2002-01-30 17:43 . 2006-03-27 17:31 21209 -c--a-w c:\program files\malltyc.res
2002-01-18 12:05 . 2006-03-27 17:31 182987 -c--a-w c:\program files\End Of An Era - Easy.scn
2002-01-17 18:59 . 2006-03-27 17:31 190500 -c--a-w c:\program files\HUGE... tracts of land! - Hard.scn
2002-01-17 17:11 . 2006-03-27 17:31 262151 -c--a-w c:\program files\Discounters of the Third Kind - Medium.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout L.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout K.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout J.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout I.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout H.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout G.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout F.tex
2002-01-17 14:41 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout E.tex
2002-01-17 14:40 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout D.tex
2002-01-17 14:40 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout C.tex
2002-01-17 14:40 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout B.tex
2002-01-17 14:40 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Layout A.tex
2002-01-17 14:33 . 2006-03-27 17:31 181492 -c--a-w c:\program files\Layout L.scn
2002-01-17 14:16 . 2006-03-27 17:31 189193 -c--a-w c:\program files\Layout K.scn
2002-01-17 14:10 . 2006-03-27 17:31 168407 -c--a-w c:\program files\Layout J.scn
2002-01-17 14:01 . 2006-03-27 17:31 205275 -c--a-w c:\program files\Layout I.scn
2002-01-17 13:53 . 2006-03-27 17:31 210739 -c--a-w c:\program files\Layout H.scn
2002-01-17 13:29 . 2006-03-27 17:31 243368 -c--a-w c:\program files\Layout G.scn
2002-01-17 13:26 . 2006-03-27 17:31 268359 -c--a-w c:\program files\Layout F.scn
2002-01-17 13:19 . 2006-03-27 17:31 179449 -c--a-w c:\program files\Layout E.scn
2002-01-17 13:08 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Partnership Problems - Medium.tex
2002-01-17 13:07 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Milton's Garden - Hard.tex
2002-01-17 13:07 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Debt Free - Medium.tex
2002-01-17 13:07 . 2006-03-27 17:31 349527 -c--a-w c:\program files\End Of An Era - Easy.tex
2002-01-17 13:07 . 2006-03-27 17:31 349527 -c--a-w c:\program files\28% Tax Bracket - Easy.tex
2002-01-17 13:06 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Rolling Hills - Medium.tex
2002-01-17 13:06 . 2006-03-27 17:31 349527 -c--a-w c:\program files\Prison Break! - Hard.tex
2002-01-17 13:05 . 2006-03-27 17:31 260771 -c--a-w c:\program files\Layout D.scn
2002-01-16 20:41 . 2006-03-27 17:31 251385 -c--a-w c:\program files\Layout A.scn
2002-01-16 20:37 . 2006-03-27 17:31 169662 -c--a-w c:\program files\Layout C.scn
2002-01-16 20:34 . 2006-03-27 17:31 230908 -c--a-w c:\program files\Layout B.scn
2002-01-16 19:55 . 2006-03-27 17:31 158362 -c--a-w c:\program files\Free Build - 2000s.scn
2002-01-16 19:54 . 2006-03-27 17:31 158362 -c--a-w c:\program files\Free Build - 1990s.scn
2002-01-16 19:53 . 2006-03-27 17:31 158362 -c--a-w c:\program files\Free Build - 1980s.scn
2002-01-16 19:52 . 2006-03-27 17:31 158362 -c--a-w c:\program files\Free Build - 1970s.scn
2002-01-16 19:51 . 2006-03-27 17:31 158362 -c--a-w c:\program files\Free Build - 1960s.scn
2002-01-16 01:42 . 2006-03-27 17:31 5386706 -c--a-w c:\program files\storefronts.MUK
2002-01-15 17:22 . 2006-03-27 17:31 320 -c--a-w c:\program files\cdlist.txt
2002-01-15 16:39 . 2006-03-27 17:31 7382801 -c--a-w c:\program files\people.MUK
2002-01-15 15:43 . 2006-03-27 17:31 25970851 -c--a-w c:\program files\s.MUK
2002-01-15 15:42 . 2006-03-27 17:31 9453033 -c--a-w c:\program files\atriums.MUK
2002-01-14 16:18 . 2006-03-27 17:31 7920 -c--a-w c:\program files\build.res
2002-01-14 16:18 . 2006-03-27 17:31 18026 -c--a-w c:\program files\store.res
2002-01-14 16:17 . 2006-03-27 17:31 5654 -c--a-w c:\program files\mall.res
2002-01-11 22:53 . 2006-03-27 17:31 162271 -c--a-w c:\program files\lifts.MUK
2002-01-11 19:41 . 2006-03-27 17:31 5843814 -c--a-w c:\program files\splash.MUK
2002-01-11 19:41 . 2006-03-27 17:31 10372393 -c--a-w c:\program files\scenery.MUK
2002-01-11 19:40 . 2006-03-27 17:31 225235 -c--a-w c:\program files\entrances.MUK
2002-01-09 15:45 . 2006-03-27 17:31 74215 -c--a-w c:\program files\meshes.MUK
2002-01-09 15:45 . 2006-03-27 17:31 766815 -c--a-w c:\program files\tiles.MUK
2002-01-05 01:19 . 2006-03-27 17:31 262151 -c--a-w c:\program files\Anchors Away! - Hard.tex
2002-01-04 20:32 . 2006-03-27 17:31 262151 -c--a-w c:\program files\HUGE... tracts of land! - Hard.tex
2001-11-27 18:43 . 2006-03-27 17:31 66615 -c--a-w c:\program files\font.fnt
2001-09-26 12:48 . 2006-03-27 17:31 5463 -c--a-w c:\program files\mouse.tex
2000-06-26 20:18 . 2006-03-27 17:31 1083 -c--a-w c:\program files\win.res
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-23 477184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATITool.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ATITool.lnk
backup=c:\windows\pss\ATITool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"InCDsrv"=2 (0x2)
"helpsvc"=2 (0x2)
"GhostStartService"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\OpenArena\\ioquake3.x86.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.4.2008 9:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 9:43 20560]
S0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 13:39 8704]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\Admin\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\Admin\LOCALS~1\Temp\mdxgthkn.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all by Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download selected by Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site by Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {8ED3CFC8-996F-4C78-B4F7-943AFB1A5974} = 192.168.17.254,193.179.148.42
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 16:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-05-24 16:02
ComboFix-quarantined-files.txt 2009-05-24 14:02

Před spuštěním: 1 776 328 704
Po spuštění: 1 772 105 728

201

[Damned]

c:\program files\Anchors Away! to je nějaká hra? To není instalované ve vlastní složce?
Máš někde instalátor? Protože pokud napíšu script tak ti to smažu. Ve složce C:\Program Files to samostatně nemá co dělat. Při odinstalaci jinak smázneš celou složku

[patricia]

To teda nevím,je možné,že je to hra.Potomci tu občas něco vyvádí.
Mě zase překvapuje,že se tam ukázala Panda.Ta by tam už dávno neměla být.Je tam zřejme uložen bod obnovení,protože mi po skenu se nastavila jiná tapeta na ploše.
Restartovala jsem a naskočila mi opět kontrola systému na D.To mi teť dělá při každém startu i když kontrolu nechám proběhnout.Nešlo by s tím něco udělat?

[Damned]

Stáhni si ještě z mého podpisu novější HJT a dej sem log z nového.

[patricia]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:58, on 24.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

--
End of file - 6925 bytes

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\DRIVERS\COMFiltr.sys
c:\documents and settings\Administartor\Local settings\Temp\mdxgthkn.sys

Driver::
COMFiltr.sys
mdxgthkn.sys

DirLook::
c:\program files
d:\


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[patricia]

Tak jsem to všechno provedla.Log je neskutečně dlouhý,celý se sem určitě nevejde.

ComboFix 09-05-23.04 - Admin 24.05.2009 19:52.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.271 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\documents and settings\Administartor\Local settings\Temp\mdxgthkn.sys
c:\windows\system32\DRIVERS\COMFiltr.sys
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-24 do 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-02 10:36 . 2009-05-02 10:36 -------- dc----w c:\program files\HappyFoto




Pak je velice obsáhlý výpis.








((((((((((((((((((((((((((((( SnapShot@2009-05-24_14.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 14:20 . 2009-05-24 14:20 16384 c:\windows\TEMP\Perflib_Perfdata_62c.dat
+ 2009-05-24 14:20 . 2009-05-24 14:20 16384 c:\windows\TEMP\Perflib_Perfdata_1fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-23 477184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATITool.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ATITool.lnk
backup=c:\windows\pss\ATITool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"InCDsrv"=2 (0x2)
"helpsvc"=2 (0x2)
"GhostStartService"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\OpenArena\\ioquake3.x86.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.4.2008 9:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 9:43 20560]
S0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 13:39 8704]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\Admin\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\Admin\LOCALS~1\Temp\mdxgthkn.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all by Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download selected by Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site by Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {8ED3CFC8-996F-4C78-B4F7-943AFB1A5974} = 192.168.17.254,193.179.148.42
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 19:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-05-24 19:55
ComboFix-quarantined-files.txt 2009-05-24 17:55
ComboFix2.txt 2009-05-24 14:02

Před spuštěním: 1 725 317 120
Po spuštění: 1 740 894 208

73076

[Damned]

S tím počítám.