kontrola snad dobrého logu

[vitecek.]

Ahoj,
po té co mi online eset našel infekci v nekolika .sys souborech jsem spustil combofix a po skonceni vypadnul nasledujici log. vzhledem k tomu ze vsechny nahlasene soubory se nachazeji v sekci "Ostatní výmazy", domnívám se, že nic dalšího nemusím podnikat (pc se vrátilo do normálu - již jde např. nainstalovat antivir což předtím odmítal)...tak se jen chci zeptat, zda skutečně už nemusím provádět žádnou další operaci.
děkuji moc
vítek

=====
ComboFix 09-05-25.03 - vitek 25.05.2009 22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\vitek\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\actmovieb.exe
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\acpi32.sys
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\netsik.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\ws2_32sik.sys
c:\windows\system32\NSREG.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETDDEDCOMLAUNCH
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_NetDDEDcomLaunch
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_systemntmi
-------\Service_ws2_32sik


((((((((((((((((((((((((( Soubory vytvořené od 2009-04-25 do 2009-05-25 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:21 . 2010-07-09 12:21 -------- d-----w c:\program files\Skype
2010-07-09 12:20 . 2010-07-09 12:20 -------- d-----w c:\program files\InterVideo
2010-07-09 12:19 . 2010-07-09 12:19 -------- d-----w c:\program files\Common Files\InterVideo
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\RALINK
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\EeePC
2010-07-09 11:56 . 2010-07-09 11:56 315392 ----a-w c:\windows\HideWin.exe
2010-07-09 11:53 . 2010-07-09 11:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2010-07-09 11:50 . 2010-07-09 11:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-07-09 11:42 . 2010-07-09 11:21 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-09 11:42 . 2010-07-09 11:21 2378 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-09 11:40 . 2010-07-09 11:21 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-09 11:22 . 2010-07-09 11:22 -------- d-----w c:\program files\microsoft frontpage
2010-07-09 11:19 . 2010-07-09 11:19 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-25 19:00 . 2009-05-25 16:44 -------- d-----w c:\program files\ESET
2009-05-25 18:58 . 2008-07-07 17:20 81484 ----a-w c:\windows\system32\perfc005.dat
2009-05-25 18:58 . 2008-07-07 17:20 432906 ----a-w c:\windows\system32\perfh005.dat
2009-05-25 18:35 . 2009-05-25 18:35 -------- d-----w c:\program files\Avira
2009-05-25 18:01 . 2009-05-25 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 17:31 . 2009-04-11 22:55 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 17:00 . 2009-05-25 17:00 -------- d-----w c:\program files\Data0.Net Software
2009-05-25 16:25 . 2009-05-25 16:25 2944 ---ha-w c:\windows\system32\drivers\dciiodrv.sys
2009-05-24 14:42 . 2008-11-27 23:19 -------- d-----w c:\program files\Call of Duty
2009-05-22 14:22 . 2009-05-22 14:22 -------- d-----w c:\program files\eeectl_0.2.4
2009-05-22 12:32 . 2009-05-22 12:32 -------- d-----w c:\program files\XNote Stopwatch
2009-05-19 13:33 . 2009-05-19 13:33 32 --s-a-w c:\windows\system32\4173209304.dat
2009-05-16 14:22 . 2010-07-09 12:01 -------- d-----w c:\program files\Asus
2009-05-16 08:19 . 2008-11-08 16:17 -------- d-----w c:\program files\Google
2009-05-08 10:56 . 2009-02-15 20:58 -------- d-----w c:\program files\FreeMind
2009-05-06 22:19 . 2009-04-10 10:14 -------- d-----w c:\program files\PartyGaming
2009-05-05 17:11 . 2009-04-11 22:59 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-05 17:10 . 2009-04-11 22:55 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 07:58 . 2009-05-02 19:56 -------- d-----w c:\program files\JLC's Software
2009-05-02 22:20 . 2008-12-13 13:57 -------- d-----w c:\program files\Bytescout PPT To PDF Scout
2009-04-30 06:05 . 2009-04-06 17:52 -------- d-----w c:\program files\PopTray
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\IMDecoder
2009-04-29 23:22 . 2010-07-09 11:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 22:56 . 2009-04-11 22:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-11 16:44 . 2009-04-04 22:35 -------- d-----w c:\program files\Full Tilt Poker
2009-04-11 16:41 . 2009-02-16 08:25 -------- d-----w c:\program files\PokerStars
2009-04-09 21:35 . 2009-04-09 21:33 -------- d-----w c:\program files\ParadisePoker
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-05 20:16 . 2009-04-05 20:16 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-05 20:16 . 2009-04-05 20:16 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-05 20:16 . 2009-04-05 20:16 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-05 20:15 . 2008-10-20 21:21 -------- d-----w c:\program files\Sony Ericsson
2009-04-05 19:57 . 2009-04-05 19:57 -------- d-----w c:\program files\Avanquest update
2009-04-02 18:16 . 2009-04-02 17:55 -------- d-----w c:\program files\BrainWave Generator
2009-04-02 13:49 . 2010-07-09 12:15 -------- d-----w c:\program files\Java
2009-03-30 08:33 . 2009-05-25 18:35 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:08 . 2009-05-03 07:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-09 03:19 . 2008-11-30 23:06 410984 ----a-w c:\windows\system32\deploytk.dll
2008-05-07 14:34 . 2010-07-09 12:21 15523560 ----a-w c:\program files\U1 Setup.exe
2009-04-03 09:29 . 2009-02-13 21:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2005-09-23 05:28 270848 ----a-w c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2005-09-23 05:28 270848 ----a-w c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-03 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vitek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - eeectl.lnk - c:\program files\eeectl_0.2.4\eeectl.exe [2009-5-22 31232]
Z stupce - Lama1.lnk - d:\programy\lama10\Lama1.exe [2009-1-17 513024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-11-3 116224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\vitek\\Plocha\\Between_v5\\Between.exe"=
"c:\\Program Files\\Asus\\EeePC\\Super Hybrid Engine\\SuperHybridEngine.exe"=
"d:\\programy\\Dark Room 0.8b\\DarkRoom.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsTray.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsEPCMon.exe"=
"c:\\Program Files\\Elantech\\ETDCtrl.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\VirtuaWin\\VirtuaWin.exe"=
"c:\\Program Files\\eeectl_0.2.4\\eeectl.exe"=
"d:\\programy\\lama10\\Lama1.exe"=
"c:\\Program Files\\VirtuaWin\\modules\\WinList.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Google\\Google Desktop Search\\pdftotext.exe"=
"c:\\Program Files\\Call of Duty\\CoDSP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol__.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\vitek\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12.4.2009 0:55 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12.4.2009 0:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12.4.2009 0:59 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12.4.2009 0:56 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.5.2009 20:35 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 4:03 65536]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9.7.2010 13:59 11264]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [25.5.2009 18:25 2944]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [21.5.2008 13:20 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [17.5.2008 18:19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.7.2010 13:59 616704]
S2 gupdate1c9905d16363c82;Služba Google Update (gupdate1c9905d16363c82);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 19:36 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [28.1.2009 3:35 17432]
S3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_225.sys [19.11.2008 13:41 17152]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\drivers\BDA_Loader_225.sys [19.11.2008 13:40 18944]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.4.2009 22:16 13224]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.2.2009 23:29 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12.4.2009 0:55 64392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [13.12.2008 18:42 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [13.12.2008 18:42 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [13.12.2008 18:42 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [13.12.2008 18:42 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [13.12.2008 18:42 100008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.4.2009 0:55 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12.4.2009 0:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 17:00]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-vitek - c:\documents and settings\vitek\vitek.exe
SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - google.cz
FF - component: c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 22:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4260098610-726476409-1454328811-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25030E83-CDA0-4CBC-9B34-4A35E15C2D43}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamlohlkeg"=hex:66,61,63,6d,6a,68,69,65,68,63,62,68,00,31
"dabljjpg"=hex:64,62,61,6a,64,61,61,6f,6b,63,65,66,6b,66,61,6c,61,65,70,6e,69,
61,6a,61,67,6c,6f,64,6f,62,64,62,61,63,63,70,70,67,6f,68,00,00
"iaejnbgjhnncglbhed"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,00
"hakjdpjfgmfnjfjj"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,e0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3728)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3404.26077__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\VirtuaWin\modules\WinList.exe
.
**************************************************************************
.
Celkový čas: 2009-05-25 22:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-25 20:34

Před spuštěním: 6 709 764 096
Po spuštění: 7 851 044 864

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=KPJJ41 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=KPJJ41-BAK

343

[Reklama]

[Damned]

Bylo by dobrý začít od začátku. To znamená logem z HJT, protože ani ComboFix není všemocný.

[vitecek.]

soucasny HJT log. díky
-----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:10, on 25.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\eeectl_0.2.4\eeectl.exe
D:\programy\lama10\Lama1.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-4260098610-726476409-1454328811-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - eeectl.lnk = C:\Program Files\eeectl_0.2.4\eeectl.exe
O4 - Startup: Zástupce - Lama1.lnk = D:\programy\lama10\Lama1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9905d16363c82) (gupdate1c9905d16363c82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9600 bytes

[Damned]

Spusť si HJT a fixni (zaškrtnout čtvereček před hodnotou a zmáčkni "Fix checked"):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe
O4 - Global Startup: Bluetooth.lnk = ?

A pokud tuto adresu neznáš tak i toto:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[vitecek.]

fixnuto. log je zde. díky
------
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2178
Windows 5.1.2600 Service Pack 3

26.5.2009 0:52:39
mbam-log-2009-05-26 (00-52-31).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89959
Uplynulý cas: 5 minute(s), 14 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Pak spusť ComboFix.
Musíš vypnout rezidenty antiviru, antispywaru a ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

Potom sem dej log.

[vitecek.]

počkej, jediný co mbam píše je, že mám natvrdo vypnutý windows security center. což mám, dělal jsem to sám. tam přece žádnej nález není, tak na co aplikovat znova combofix etc....

[Damned]

Já z logu nepoznám, jestli si to byl ty, nebo virus.

Odinstaluj starý ComboFix takto:
Start-Spustit a zadej ComboFix[mezera]/u

Stáhni si nový,
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[vitecek.]

ComboFix 09-05-26.05 - vitek 28.05.2009 0:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1420 [GMT 2:00]
Spuštěný z: c:\documents and settings\vitek\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-27 do 2009-05-27 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:21 . 2010-07-09 12:21 -------- d-----w c:\program files\Skype
2010-07-09 12:20 . 2010-07-09 12:20 -------- d-----w c:\program files\InterVideo
2010-07-09 12:19 . 2010-07-09 12:19 -------- d-----w c:\program files\Common Files\InterVideo
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\RALINK
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\EeePC
2010-07-09 11:56 . 2010-07-09 11:56 315392 ----a-w c:\windows\HideWin.exe
2010-07-09 11:53 . 2010-07-09 11:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2010-07-09 11:50 . 2010-07-09 11:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-07-09 11:42 . 2010-07-09 11:21 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-09 11:42 . 2010-07-09 11:21 2378 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-09 11:40 . 2010-07-09 11:21 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-09 11:22 . 2010-07-09 11:22 -------- d-----w c:\program files\microsoft frontpage
2010-07-09 11:19 . 2010-07-09 11:19 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-26 16:21 . 2008-07-07 17:20 82840 ----a-w c:\windows\system32\perfc005.dat
2009-05-26 16:21 . 2008-07-07 17:20 437574 ----a-w c:\windows\system32\perfh005.dat
2009-05-26 15:37 . 2009-05-26 15:37 -------- d-----w c:\program files\MSXML 4.0
2009-05-25 22:45 . 2009-05-25 22:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 21:57 . 2009-05-25 21:57 -------- d-----w c:\program files\Trend Micro
2009-05-25 19:00 . 2009-05-25 16:44 -------- d-----w c:\program files\ESET
2009-05-25 18:01 . 2009-05-25 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 17:31 . 2009-04-11 22:55 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 17:00 . 2009-05-25 17:00 -------- d-----w c:\program files\Data0.Net Software
2009-05-25 16:25 . 2009-05-25 16:25 2944 ---ha-w c:\windows\system32\drivers\dciiodrv.sys
2009-05-24 14:42 . 2008-11-27 23:19 -------- d-----w c:\program files\Call of Duty
2009-05-22 14:22 . 2009-05-22 14:22 -------- d-----w c:\program files\eeectl_0.2.4
2009-05-22 12:32 . 2009-05-22 12:32 -------- d-----w c:\program files\XNote Stopwatch
2009-05-19 13:33 . 2009-05-19 13:33 32 --s-a-w c:\windows\system32\4173209304.dat
2009-05-16 14:22 . 2010-07-09 12:01 -------- d-----w c:\program files\Asus
2009-05-16 08:19 . 2008-11-08 16:17 -------- d-----w c:\program files\Google
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-05-08 10:56 . 2009-02-15 20:58 -------- d-----w c:\program files\FreeMind
2009-05-06 22:19 . 2009-04-10 10:14 -------- d-----w c:\program files\PartyGaming
2009-05-05 17:11 . 2009-04-11 22:59 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-05 17:10 . 2009-04-11 22:55 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 07:58 . 2009-05-02 19:56 -------- d-----w c:\program files\JLC's Software
2009-05-02 22:20 . 2008-12-13 13:57 -------- d-----w c:\program files\Bytescout PPT To PDF Scout
2009-04-30 06:05 . 2009-04-06 17:52 -------- d-----w c:\program files\PopTray
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\IMDecoder
2009-04-29 23:22 . 2010-07-09 11:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 22:56 . 2009-04-11 22:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-11 16:44 . 2009-04-04 22:35 -------- d-----w c:\program files\Full Tilt Poker
2009-04-11 16:41 . 2009-02-16 08:25 -------- d-----w c:\program files\PokerStars
2009-04-09 21:35 . 2009-04-09 21:33 -------- d-----w c:\program files\ParadisePoker
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-06 13:32 . 2009-05-25 22:45 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-25 22:45 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-05 20:16 . 2009-04-05 20:16 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-05 20:16 . 2009-04-05 20:16 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-05 20:16 . 2009-04-05 20:16 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-05 20:15 . 2008-10-20 21:21 -------- d-----w c:\program files\Sony Ericsson
2009-04-05 19:57 . 2009-04-05 19:57 -------- d-----w c:\program files\Avanquest update
2009-04-02 18:16 . 2009-04-02 17:55 -------- d-----w c:\program files\BrainWave Generator
2009-04-02 13:49 . 2010-07-09 12:15 -------- d-----w c:\program files\Java
2009-03-24 14:08 . 2009-05-03 07:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-09 03:19 . 2008-11-30 23:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2008-07-07 17:20 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-07-07 17:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-07-07 17:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-07-07 17:20 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-07-07 17:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-07-07 17:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-07-07 17:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-07-07 17:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-07-07 17:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-07-07 17:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:23 . 2008-07-07 17:20 284160 ----a-w c:\windows\system32\pdh.dll
2008-05-07 14:34 . 2010-07-09 12:21 15523560 ----a-w c:\program files\U1 Setup.exe
2009-04-03 09:29 . 2009-02-13 21:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-03 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vitek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - eeectl.lnk - c:\program files\eeectl_0.2.4\eeectl.exe [2009-5-22 31232]
Z stupce - Lama1.lnk - d:\programy\lama10\Lama1.exe [2009-1-17 513024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-11-3 116224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\vitek\\Plocha\\Between_v5\\Between.exe"=
"c:\\Program Files\\Asus\\EeePC\\Super Hybrid Engine\\SuperHybridEngine.exe"=
"d:\\programy\\Dark Room 0.8b\\DarkRoom.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsTray.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsEPCMon.exe"=
"c:\\Program Files\\Elantech\\ETDCtrl.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\VirtuaWin\\VirtuaWin.exe"=
"c:\\Program Files\\eeectl_0.2.4\\eeectl.exe"=
"d:\\programy\\lama10\\Lama1.exe"=
"c:\\Program Files\\VirtuaWin\\modules\\WinList.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Google\\Google Desktop Search\\pdftotext.exe"=
"c:\\Program Files\\Call of Duty\\CoDSP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol__.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\vitek\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12.4.2009 0:55 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12.4.2009 0:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12.4.2009 0:59 39200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12.4.2009 0:56 159600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 4:03 65536]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9.7.2010 13:59 11264]
R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_225.sys [19.11.2008 13:41 17152]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [25.5.2009 18:25 2944]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [21.5.2008 13:20 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [17.5.2008 18:19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.7.2010 13:59 616704]
S2 gupdate1c9905d16363c82;Služba Google Update (gupdate1c9905d16363c82);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 19:36 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [28.1.2009 3:35 17432]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [10.10.2008 17:25 26144]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\drivers\BDA_Loader_225.sys [19.11.2008 13:40 18944]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.4.2009 22:16 13224]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.2.2009 23:29 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12.4.2009 0:55 64392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [13.12.2008 18:42 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [13.12.2008 18:42 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [13.12.2008 18:42 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [13.12.2008 18:42 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [13.12.2008 18:42 100008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.4.2009 0:55 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12.4.2009 0:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 17:00]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - google.cz
FF - component: c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 00:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4260098610-726476409-1454328811-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25030E83-CDA0-4CBC-9B34-4A35E15C2D43}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamlohlkeg"=hex:66,61,63,6d,6a,68,69,65,68,63,62,68,00,31
"dabljjpg"=hex:64,62,61,6a,64,61,61,6f,6b,63,65,66,6b,66,61,6c,61,65,70,6e,69,
61,6a,61,67,6c,6f,64,6f,62,64,62,61,63,63,70,70,67,6f,68,00,00
"iaejnbgjhnncglbhed"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,00
"hakjdpjfgmfnjfjj"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,e0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1036)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(712)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3404.26077__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2009-05-27 0:57
ComboFix-quarantined-files.txt 2009-05-27 22:57

Před spuštěním: 9 559 339 008
Po spuštění: 9 544 073 216

295

[Damned]

Máš tam Spyware Doktor a Spybot, jeden odinstaluj.

[vitecek.]

díky, za ochotu. ani jeden z těch programů není spuštěn rezidentně (to běží jen ESET), takže myslím, že to vedle sebe zvládnou:) používám je jen jednorázově.
jinak myslím, že vše zlé je již pryč

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\4173209304.dat
c:\windows\system32\drivers\avgntflt.sys


DirLook::
c:\program files\Data0.Net Software

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Znáš červené soubory?:
c:\windows\HideWin.exe
c:\program files\U1 Setup.exe

Pokud ne, zkontroluj je na Virustotalu a dej sem odkazy na výsledky.