Problém s Explorer.exe ve WIN XP SP3 Vyřešeno

[nemesis92]

ComboFix 09-06-13.09 - Hynek 14.06.2009 22:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1219 [GMT 2:00]
Spuštěný z: d:\documents and settings\Hynek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows.0\system32\_003235_.tmp.dll
d:\windows.0\system32\_003387_.tmp.dll
d:\windows.0\system32\_003388_.tmp.dll
d:\windows.0\system32\_003389_.tmp.dll
d:\windows.0\system32\_003390_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-14 do 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-14 20:04 . 2009-06-14 20:04 -------- d-----w- d:\documents and settings\Hynek\Nová složka
2009-06-14 18:39 . 2009-05-26 11:20 40160 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-14 18:39 . 2009-05-26 11:19 19096 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-06-14 18:39 . 2009-06-14 19:01 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-06-14 15:56 . 2009-06-14 07:53 15688 ----a-w- d:\windows.0\system32\lsdelete.exe
2009-06-14 09:28 . 2009-06-14 09:28 -------- d-----w- d:\documents and settings\LocalService\Plocha
2009-06-14 07:54 . 2009-06-14 07:53 64160 ----a-w- d:\windows.0\system32\drivers\Lbd.sys
2009-06-14 07:51 . 2009-06-14 07:51 -------- d-----w- d:\program files\Lavasoft
2009-06-12 16:52 . 2009-06-12 16:52 -------- d-----w- d:\program files\Alcohol Soft
2009-06-11 17:09 . 2009-06-11 17:09 -------- d-----w- d:\program files\MKVtoolnix
2009-06-11 17:08 . 2009-06-11 17:08 -------- d-----w- d:\program files\Common Files\ATI Technologies
2009-06-08 16:52 . 2009-06-08 16:52 86016 ----a-w- d:\windows.0\system32\OpenAL32.dll
2009-06-08 16:52 . 2009-06-08 16:52 262144 ----a-w- d:\windows.0\system32\wrap_oal.dll
2009-06-08 16:52 . 2004-10-25 18:02 21664 ----a-w- d:\windows.0\system32\drivers\Entech.sys
2009-06-08 16:52 . 2004-06-22 13:44 5632 ----a-w- d:\windows.0\system32\drivers\Entech64.sys
2009-06-08 16:52 . 2001-11-19 17:05 3972 ----a-w- d:\windows.0\system32\drivers\PciBus.sys
2009-06-08 16:52 . 2009-06-08 16:52 -------- d-----w- d:\windows.0\system32\Futuremark
2009-06-08 04:14 . 2009-06-08 04:14 -------- d-sh--w- D:\found.000
2009-06-03 16:39 . 2009-06-03 16:39 43520 ----a-w- d:\windows.0\system32\CmdLineExt03.dll
2009-06-03 16:26 . 2009-06-03 16:26 -------- d-----w- d:\documents and settings\HyneÄŤek
2009-06-03 14:16 . 2001-10-24 09:54 12160 -c--a-w- d:\windows.0\system32\dllcache\mouhid.sys
2009-06-03 14:16 . 2001-10-24 09:54 12160 ----a-w- d:\windows.0\system32\drivers\mouhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 -c--a-w- d:\windows.0\system32\dllcache\kbdhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 ----a-w- d:\windows.0\system32\drivers\kbdhid.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 -c--a-w- d:\windows.0\system32\dllcache\hidusb.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 ----a-w- d:\windows.0\system32\drivers\hidusb.sys
2009-06-03 14:14 . 2008-04-14 06:51 27648 -c--a-w- d:\windows.0\system32\dllcache\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:51 27648 ----a-w- d:\windows.0\system32\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:52 152064 -c--a-w- d:\windows.0\system32\dllcache\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 152064 ----a-w- d:\windows.0\system32\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 8192 -c--a-w- d:\windows.0\system32\dllcache\wshirda.dll
2009-06-03 14:14 . 2008-04-14 06:52 8192 ----a-w- d:\windows.0\system32\wshirda.dll
2009-06-03 04:42 . 2009-06-03 04:42 -------- d-----w- d:\program files\SystemRequirementsLab
2009-05-29 18:20 . 2009-05-29 18:20 -------- d-----w- d:\program files\Common Files\DirectX
2009-05-29 14:37 . 2009-05-30 10:08 -------- d-----w- d:\program files\Garena
2009-05-29 14:06 . 2009-05-29 14:11 2829 ----a-w- d:\windows.0\War3Unin.pif
2009-05-29 14:06 . 2009-05-29 14:11 139264 ----a-w- d:\windows.0\War3Unin.exe
2009-05-29 13:42 . 2009-05-29 13:42 -------- d-----w- d:\windows.0\system32\wbem\Repository
2009-05-29 13:41 . 2009-06-14 18:31 -------- d-----w- d:\program files\BS_Player
2009-05-29 10:18 . 2009-05-29 14:25 127903 ----a-w- d:\windows.0\War3Unin.dat
2009-05-29 10:17 . 2009-06-10 04:49 -------- d-----w- d:\documents and settings\MIKO~2\Dokumenty
2009-05-29 10:17 . 2009-05-29 10:17 -------- d-----w- d:\documents and settings\Mi?ko
2009-05-29 05:51 . 2009-05-29 05:52 -------- d-----w- d:\windows.0\system32\oodag
2009-05-29 05:46 . 2009-05-29 05:46 -------- d-----w- d:\program files\OO Software
2009-05-29 05:41 . 2009-05-29 05:41 -------- d-----w- d:\program files\CCleaner
2009-05-28 19:15 . 2009-05-28 19:27 -------- d-----w- d:\program files\IDoser v4
2009-05-25 15:59 . 2009-05-25 15:59 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2009-05-25 15:43 . 2009-05-25 15:43 721904 ----a-w- d:\windows.0\system32\drivers\sptd.sys
2009-05-16 11:04 . 2009-05-16 11:04 -------- d-----w- d:\windows.0\Sun
2009-05-16 11:02 . 2009-05-16 11:01 410984 ----a-w- d:\windows.0\system32\deploytk.dll
2009-05-16 11:01 . 2009-05-16 11:01 -------- d-----w- d:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:52 . 2009-04-04 12:44 -------- d-----w- d:\program files\ICQ6.5
2009-06-08 16:49 . 2009-04-03 21:29 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-06-03 14:18 . 2001-10-25 12:00 86046 ----a-w- d:\windows.0\system32\perfc005.dat
2009-06-03 14:18 . 2001-10-25 12:00 449614 ----a-w- d:\windows.0\system32\perfh005.dat
2009-05-31 15:42 . 2009-04-03 23:19 8560 ----a-w- d:\windows.0\system32\d3d9caps.dat
2009-05-29 13:42 . 2009-04-08 06:49 -------- d-----w- d:\program files\MOBILedit!
2009-05-27 16:22 . 2009-04-04 10:14 -------- d-----w- d:\program files\Lexmark X1100 Series
2009-05-10 19:28 . 2009-05-10 19:28 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2009-05-07 15:33 . 2009-04-03 20:04 346624 ----a-w- d:\windows.0\system32\localspl.dll
2009-05-03 15:58 . 2009-04-04 12:13 -------- d-----w- d:\program files\QIP
2009-05-02 12:38 . 2009-05-02 12:38 -------- d-----w- d:\program files\Conduit
2009-05-02 12:37 . 2009-05-02 12:37 -------- d-----w- d:\program files\Webteh
2009-05-01 19:10 . 2009-05-01 19:02 -------- d-----w- d:\program files\Mio DigiWalker
2009-05-01 19:01 . 2009-05-01 19:01 -------- d-----w- d:\program files\Mio Technology
2009-04-29 04:47 . 2009-04-03 20:04 827392 ----a-w- d:\windows.0\system32\wininet.dll
2009-04-29 04:47 . 2009-04-03 21:04 78336 ------w- d:\windows.0\system32\ieencode.dll
2009-04-27 12:54 . 2009-04-06 12:10 1560 ----a-w- d:\windows.0\system32\ealregsnapshot1.reg
2009-04-27 07:09 . 2009-04-27 07:09 -------- d-----w- d:\program files\Eidos
2009-04-23 14:43 . 2009-04-23 14:41 -------- d-----w- d:\program files\File Sender
2009-04-19 19:52 . 2009-04-03 20:04 1847168 ----a-w- d:\windows.0\system32\win32k.sys
2009-04-19 17:09 . 2009-04-19 17:09 -------- d-----w- d:\program files\DVDVIDEOSOFT
2009-04-19 13:40 . 2009-04-19 13:40 -------- d-----w- d:\program files\MediaInfo
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w- d:\program files\Common Files\Adobe
2009-04-15 14:54 . 2009-04-03 20:04 585216 ----a-w- d:\windows.0\system32\rpcrt4.dll
2009-04-09 09:13 . 2009-04-09 09:13 47360 ----a-w- d:\windows.0\system32\drivers\pcouffin.sys
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\system32\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\system32\cygwin1.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\cygwin1.dll
2009-04-04 15:42 . 2009-04-04 15:42 56 ---ha-w- d:\windows.0\system32\ezsidmv.dat
2009-04-03 23:54 . 2009-04-03 23:54 0 ----a-w- d:\windows.0\ativpsrm.bin
2009-04-03 23:51 . 2009-04-03 23:51 18432 ----a-w- d:\windows.0\system32\drivers\grmngen.sys
2009-04-03 23:51 . 2009-04-03 23:51 8320 ----a-w- d:\windows.0\system32\drivers\grmnusb.sys
2009-04-03 21:59 . 2009-04-03 18:54 76499 ----a-w- d:\windows.0\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-03 21:59 . 2009-04-03 18:54 2708 ----a-w- d:\windows.0\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-04-03 21:47 . 2009-04-03 21:38 24064 ----a-w- d:\windows.0\autoload.exe
2009-04-03 21:06 . 2009-04-03 18:54 8972 ----a-w- d:\windows.0\PCHealth\HelpCtr\Config\Cntstore.bin
2009-04-03 20:38 . 2009-04-03 20:38 0 ----a-w- d:\windows.0\nsreg.dat
2009-04-03 18:52 . 2009-04-03 18:52 21812 ----a-w- d:\windows.0\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w- d:\windows.0\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w- d:\windows.0\system32\msvcr71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Lexmark X1100 Series"="d:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - d:\windows.0\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\System32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Miçko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe [2008-12-18 49152]
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Gabi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
Mˇstnˇ vyhled v nˇ.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS.0\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Documents and Settings\\Hyneček\\Plocha\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;d:\windows.0\system32\drivers\Lbd.sys [14.6.2009 9:54 64160]
R1 ehdrv;ehdrv;d:\windows.0\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;d:\windows.0\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
S2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1005904]
.
.
------- Doplňkový sken -------
.
TCP: {55F521E9-4794-4B8D-BBBB-FE698B353EB2} = 62.129.50.20,85.135.32.100
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 22:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(576)
d:\windows.0\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows.0\system32\ati2evxx.exe
d:\windows.0\system32\ati2evxx.exe
d:\windows.0\system32\LEXBCES.EXE
d:\windows.0\system32\LEXPPS.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows.0\system32\CF21306.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows.0\system32\searchindexer.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Lexmark X1100 Series\lxbkbmon.exe
d:\windows.0\system32\rundll32.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
d:\windows.0\system32\wbem\unsecapp.exe
d:\windows.0\system32\dllhost.exe
.
**************************************************************************
.
Celkový čas: 2009-06-14 22:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-14 20:21

Před spuštěním: 1 635 495 936
Po spuštění: 2 748 141 568

217 --- E O F --- 2009-06-10 12:23


dík že tu se mnou trávíte tenhle čas:-) já tak na 10 min musim od pc ale budu zpět. tak projděte ten log.

[Reklama]

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
D:\found.000
d:\windows.0\system32\d3d9caps.dat
d:\windows.0\ativpsrm.bin
d:\windows.0\autoload.exe

Folder::
D:\found.000
d:\program files\BS_Player
d:\program files\DAEMON Tools Toolbar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Explorer by ti už měl jít.

[nemesis92]

ComboFix 09-06-13.09 - Hynek 14.06.2009 23:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1088 [GMT 2:00]
Spuštěný z: d:\documents and settings\Hynek\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Hynek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Rezidentní štít AV je zapnutý


FILE ::
"D:\found.000"
"d:\windows.0\ativpsrm.bin"
"d:\windows.0\autoload.exe"
"d:\windows.0\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\found.000
d:\program files\BS_Player
d:\program files\DAEMON Tools Toolbar
d:\found.000\dir0000.chk\MAPPING.VER
d:\found.000\dir0000.chk\MAPPING1.MAP
d:\found.000\dir0000.chk\MAPPING2.MAP
d:\found.000\dir0000.chk\OBJECTS.DATA
d:\found.000\dir0000.chk\OBJECTS.MAP
d:\found.000\dir0001.chk\08 Polnočná pičakoláda ft. Nate Dogg.mp3
d:\found.000\dir0001.chk\10 Načo ma počúvaš.mp3
d:\found.000\dir0001.chk\11 Strýček Jonatán.mp3
d:\found.000\dir0001.chk\12 Skit lion.mp3
d:\found.000\dir0001.chk\13 Lion.mp3
d:\found.000\dir0001.chk\14 Nechcel by si.mp3
d:\found.000\dir0001.chk\15 Nezmením sa.mp3
d:\found.000\dir0001.chk\19 Bozk na privítanie.mp3
d:\found.000\file0000.chk
d:\program files\BS_Player\BS_PlayerToolbarHelper.exe
d:\program files\BS_Player\tbBS_P.dll
d:\program files\BS_Player\toolbar.cfg
d:\program files\BS_Player\UNWISE.EXE
d:\windows.0\ativpsrm.bin
d:\windows.0\autoload.exe
d:\windows.0\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-14 do 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-14 20:04 . 2009-06-14 20:04 -------- d-----w- d:\documents and settings\Hynek\Nová složka
2009-06-14 18:39 . 2009-05-26 11:20 40160 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-14 18:39 . 2009-05-26 11:19 19096 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-06-14 18:39 . 2009-06-14 19:01 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-06-14 15:56 . 2009-06-14 07:53 15688 ----a-w- d:\windows.0\system32\lsdelete.exe
2009-06-14 09:28 . 2009-06-14 09:28 -------- d-----w- d:\documents and settings\LocalService\Plocha
2009-06-14 07:54 . 2009-06-14 07:53 64160 ----a-w- d:\windows.0\system32\drivers\Lbd.sys
2009-06-14 07:51 . 2009-06-14 07:51 -------- d-----w- d:\program files\Lavasoft
2009-06-12 16:52 . 2009-06-12 16:52 -------- d-----w- d:\program files\Alcohol Soft
2009-06-11 17:09 . 2009-06-11 17:09 -------- d-----w- d:\program files\MKVtoolnix
2009-06-11 17:08 . 2009-06-11 17:08 -------- d-----w- d:\program files\Common Files\ATI Technologies
2009-06-08 16:52 . 2009-06-08 16:52 86016 ----a-w- d:\windows.0\system32\OpenAL32.dll
2009-06-08 16:52 . 2009-06-08 16:52 262144 ----a-w- d:\windows.0\system32\wrap_oal.dll
2009-06-08 16:52 . 2004-10-25 18:02 21664 ----a-w- d:\windows.0\system32\drivers\Entech.sys
2009-06-08 16:52 . 2004-06-22 13:44 5632 ----a-w- d:\windows.0\system32\drivers\Entech64.sys
2009-06-08 16:52 . 2001-11-19 17:05 3972 ----a-w- d:\windows.0\system32\drivers\PciBus.sys
2009-06-08 16:52 . 2009-06-08 16:52 -------- d-----w- d:\windows.0\system32\Futuremark
2009-06-03 16:39 . 2009-06-03 16:39 43520 ----a-w- d:\windows.0\system32\CmdLineExt03.dll
2009-06-03 16:26 . 2009-06-03 16:26 -------- d-----w- d:\documents and settings\HyneÄŤek
2009-06-03 14:16 . 2001-10-24 09:54 12160 -c--a-w- d:\windows.0\system32\dllcache\mouhid.sys
2009-06-03 14:16 . 2001-10-24 09:54 12160 ----a-w- d:\windows.0\system32\drivers\mouhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 -c--a-w- d:\windows.0\system32\dllcache\kbdhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 ----a-w- d:\windows.0\system32\drivers\kbdhid.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 -c--a-w- d:\windows.0\system32\dllcache\hidusb.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 ----a-w- d:\windows.0\system32\drivers\hidusb.sys
2009-06-03 14:14 . 2008-04-14 06:51 27648 -c--a-w- d:\windows.0\system32\dllcache\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:51 27648 ----a-w- d:\windows.0\system32\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:52 152064 -c--a-w- d:\windows.0\system32\dllcache\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 152064 ----a-w- d:\windows.0\system32\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 8192 -c--a-w- d:\windows.0\system32\dllcache\wshirda.dll
2009-06-03 14:14 . 2008-04-14 06:52 8192 ----a-w- d:\windows.0\system32\wshirda.dll
2009-06-03 04:42 . 2009-06-03 04:42 -------- d-----w- d:\program files\SystemRequirementsLab
2009-05-29 18:20 . 2009-05-29 18:20 -------- d-----w- d:\program files\Common Files\DirectX
2009-05-29 14:37 . 2009-05-30 10:08 -------- d-----w- d:\program files\Garena
2009-05-29 14:06 . 2009-05-29 14:11 2829 ----a-w- d:\windows.0\War3Unin.pif
2009-05-29 14:06 . 2009-05-29 14:11 139264 ----a-w- d:\windows.0\War3Unin.exe
2009-05-29 13:42 . 2009-05-29 13:42 -------- d-----w- d:\windows.0\system32\wbem\Repository
2009-05-29 10:18 . 2009-05-29 14:25 127903 ----a-w- d:\windows.0\War3Unin.dat
2009-05-29 10:17 . 2009-06-10 04:49 -------- d-----w- d:\documents and settings\MIKO~2\Dokumenty
2009-05-29 10:17 . 2009-05-29 10:17 -------- d-----w- d:\documents and settings\Mi?ko
2009-05-29 05:51 . 2009-05-29 05:52 -------- d-----w- d:\windows.0\system32\oodag
2009-05-29 05:46 . 2009-05-29 05:46 -------- d-----w- d:\program files\OO Software
2009-05-29 05:41 . 2009-05-29 05:41 -------- d-----w- d:\program files\CCleaner
2009-05-28 19:15 . 2009-05-28 19:27 -------- d-----w- d:\program files\IDoser v4
2009-05-25 15:43 . 2009-05-25 15:43 721904 ----a-w- d:\windows.0\system32\drivers\sptd.sys
2009-05-16 11:04 . 2009-05-16 11:04 -------- d-----w- d:\windows.0\Sun
2009-05-16 11:02 . 2009-05-16 11:01 410984 ----a-w- d:\windows.0\system32\deploytk.dll
2009-05-16 11:01 . 2009-05-16 11:01 -------- d-----w- d:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 20:21 . 2001-10-25 12:00 86046 ----a-w- d:\windows.0\system32\perfc005.dat
2009-06-14 20:21 . 2001-10-25 12:00 449614 ----a-w- d:\windows.0\system32\perfh005.dat
2009-06-10 19:52 . 2009-04-04 12:44 -------- d-----w- d:\program files\ICQ6.5
2009-06-08 16:49 . 2009-04-03 21:29 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-05-29 13:42 . 2009-04-08 06:49 -------- d-----w- d:\program files\MOBILedit!
2009-05-27 16:22 . 2009-04-04 10:14 -------- d-----w- d:\program files\Lexmark X1100 Series
2009-05-10 19:28 . 2009-05-10 19:28 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2009-05-07 15:33 . 2009-04-03 20:04 346624 ----a-w- d:\windows.0\system32\localspl.dll
2009-05-03 15:58 . 2009-04-04 12:13 -------- d-----w- d:\program files\QIP
2009-05-02 12:38 . 2009-05-02 12:38 -------- d-----w- d:\program files\Conduit
2009-05-02 12:37 . 2009-05-02 12:37 -------- d-----w- d:\program files\Webteh
2009-05-01 19:10 . 2009-05-01 19:02 -------- d-----w- d:\program files\Mio DigiWalker
2009-05-01 19:01 . 2009-05-01 19:01 -------- d-----w- d:\program files\Mio Technology
2009-04-29 04:47 . 2009-04-03 20:04 827392 ----a-w- d:\windows.0\system32\wininet.dll
2009-04-29 04:47 . 2009-04-03 21:04 78336 ------w- d:\windows.0\system32\ieencode.dll
2009-04-27 12:54 . 2009-04-06 12:10 1560 ----a-w- d:\windows.0\system32\ealregsnapshot1.reg
2009-04-27 07:09 . 2009-04-27 07:09 -------- d-----w- d:\program files\Eidos
2009-04-23 14:43 . 2009-04-23 14:41 -------- d-----w- d:\program files\File Sender
2009-04-19 19:52 . 2009-04-03 20:04 1847168 ----a-w- d:\windows.0\system32\win32k.sys
2009-04-19 17:09 . 2009-04-19 17:09 -------- d-----w- d:\program files\DVDVIDEOSOFT
2009-04-19 13:40 . 2009-04-19 13:40 -------- d-----w- d:\program files\MediaInfo
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w- d:\program files\Common Files\Adobe
2009-04-15 14:54 . 2009-04-03 20:04 585216 ----a-w- d:\windows.0\system32\rpcrt4.dll
2009-04-09 09:13 . 2009-04-09 09:13 47360 ----a-w- d:\windows.0\system32\drivers\pcouffin.sys
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\system32\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\system32\cygwin1.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\cygwin1.dll
2009-04-04 15:42 . 2009-04-04 15:42 56 ---ha-w- d:\windows.0\system32\ezsidmv.dat
2009-04-03 23:51 . 2009-04-03 23:51 18432 ----a-w- d:\windows.0\system32\drivers\grmngen.sys
2009-04-03 23:51 . 2009-04-03 23:51 8320 ----a-w- d:\windows.0\system32\drivers\grmnusb.sys
2009-04-03 21:59 . 2009-04-03 18:54 76499 ----a-w- d:\windows.0\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-03 21:59 . 2009-04-03 18:54 2708 ----a-w- d:\windows.0\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-04-03 21:06 . 2009-04-03 18:54 8972 ----a-w- d:\windows.0\PCHealth\HelpCtr\Config\Cntstore.bin
2009-04-03 20:38 . 2009-04-03 20:38 0 ----a-w- d:\windows.0\nsreg.dat
2009-04-03 18:52 . 2009-04-03 18:52 21812 ----a-w- d:\windows.0\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w- d:\windows.0\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w- d:\windows.0\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-14_20.17.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2009-06-03 14:18 67312 d:\windows.0\system32\perfc009.dat
+ 2001-10-25 12:00 . 2009-06-14 20:21 67312 d:\windows.0\system32\perfc009.dat
+ 2001-10-25 12:00 . 2009-06-14 20:21 432356 d:\windows.0\system32\perfh009.dat
- 2001-10-25 12:00 . 2009-06-03 14:18 432356 d:\windows.0\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Lexmark X1100 Series"="d:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - d:\windows.0\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\System32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Miçko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe [2008-12-18 49152]
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Gabi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
Mˇstnˇ vyhled v nˇ.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS.0\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Documents and Settings\\Hyneček\\Plocha\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;d:\windows.0\system32\drivers\Lbd.sys [14.6.2009 9:54 64160]
R1 ehdrv;ehdrv;d:\windows.0\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;d:\windows.0\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1005904]
.
.
------- Doplňkový sken -------
.
TCP: {55F521E9-4794-4B8D-BBBB-FE698B353EB2} = 62.129.50.20,85.135.32.100
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 23:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(576)
d:\windows.0\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-14 23:10
ComboFix-quarantined-files.txt 2009-06-14 21:10
ComboFix2.txt 2009-06-14 20:24

Před spuštěním: 2 756 665 344
Po spuštění: 2 727 493 632

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

226 --- E O F --- 2009-06-10 12:23

log z Combo fixu

[nemesis92]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:36, on 14.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS.0\system32\LEXBCES.EXE
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\system32\LEXPPS.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\SearchIndexer.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\PROGRAMY\Winamp\winampa.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS.0\system32\notepad.exe
D:\WINDOWS.0\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Hynek\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAMY\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ESET NOD32 Antivirus.lnk = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ESET NOD32 Antivirus.lnk = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - Global Startup: Místní vyhledávání.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8786884449
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F521E9-4794-4B8D-BBBB-FE698B353EB2}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS.0\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6801 bytes


log z HijackThis

[nemesis92]

jinač mám nemilou zprávu, explorer.exe blbne dal....

[nemesis92]

no nic...já jdu spát.zatím mi to nejede ale i tak díky. kdyžtak zitra nejdříve kolem páté odpoledne budu zpět ze školy u pc. kdyžtak jestli Vás něco napadneůžeme to zkusit

[Damned]

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):

R3 - URLSearchHook: (no name) - - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

DirLook::
d:\documents and settings\HyneÄŤek
d:\program files\Conduit
d:\program files\Webteh
d:\program files\Garena
d:\documents and settings\Mi?ko
d:\program files\IDoser v4


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.
Pokud bude log delší, klidně ho rozděl do více příspěvků. Na nic ale nezapomeň.
*****************************************************************************************************************************************
červený soubor zkontroluj na Virustotalu

D:\WINDOWS.0\explorer.exe a dej sem odkaz na výsledek testu.

[jaro3]

Jen vsuvka:
Ty programy v program Files si asi všechny instaloval sám , že?

Proveď vše , co radí Damned.

A ještě toto:

Start-spustit-napiš: notepad .do něho vlož tento celý text:

Kód: Vybrat vše

dir \explorer.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

[nemesis92]

ComboFix 09-06-14.02 - Hynek 15.06.2009 6:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1129 [GMT 2:00]
Spuštěný z: d:\documents and settings\Hynek\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Hynek\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-15 do 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 04:52 . 2009-06-15 04:52 -------- d-----w- D:\32788R22FWJFW.0.tmp
2009-06-15 04:35 . 2009-06-15 04:35 0 ----a-w- d:\windows.0\ativpsrm.bin
2009-06-14 20:04 . 2009-06-14 20:04 -------- d-----w- d:\documents and settings\Hynek\Nová složka
2009-06-14 18:39 . 2009-05-26 11:20 40160 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-14 18:39 . 2009-05-26 11:19 19096 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-06-14 18:39 . 2009-06-14 19:01 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-06-14 15:56 . 2009-06-14 07:53 15688 ----a-w- d:\windows.0\system32\lsdelete.exe
2009-06-14 09:28 . 2009-06-14 09:28 -------- d-----w- d:\documents and settings\LocalService\Plocha
2009-06-14 07:54 . 2009-06-14 07:53 64160 ----a-w- d:\windows.0\system32\drivers\Lbd.sys
2009-06-14 07:51 . 2009-06-14 07:51 -------- d-----w- d:\program files\Lavasoft
2009-06-12 16:52 . 2009-06-12 16:52 -------- d-----w- d:\program files\Alcohol Soft
2009-06-11 17:09 . 2009-06-11 17:09 -------- d-----w- d:\program files\MKVtoolnix
2009-06-11 17:08 . 2009-06-11 17:08 -------- d-----w- d:\program files\Common Files\ATI Technologies
2009-06-08 16:52 . 2009-06-08 16:52 86016 ----a-w- d:\windows.0\system32\OpenAL32.dll
2009-06-08 16:52 . 2009-06-08 16:52 262144 ----a-w- d:\windows.0\system32\wrap_oal.dll
2009-06-08 16:52 . 2004-10-25 18:02 21664 ----a-w- d:\windows.0\system32\drivers\Entech.sys
2009-06-08 16:52 . 2004-06-22 13:44 5632 ----a-w- d:\windows.0\system32\drivers\Entech64.sys
2009-06-08 16:52 . 2001-11-19 17:05 3972 ----a-w- d:\windows.0\system32\drivers\PciBus.sys
2009-06-08 16:52 . 2009-06-08 16:52 -------- d-----w- d:\windows.0\system32\Futuremark
2009-06-03 16:39 . 2009-06-03 16:39 43520 ----a-w- d:\windows.0\system32\CmdLineExt03.dll
2009-06-03 16:26 . 2009-06-03 16:26 -------- d-----w- d:\documents and settings\HyneÄŤek
2009-06-03 14:16 . 2001-10-24 09:54 12160 -c--a-w- d:\windows.0\system32\dllcache\mouhid.sys
2009-06-03 14:16 . 2001-10-24 09:54 12160 ----a-w- d:\windows.0\system32\drivers\mouhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 -c--a-w- d:\windows.0\system32\dllcache\kbdhid.sys
2009-06-03 14:16 . 2008-04-14 05:59 14592 ----a-w- d:\windows.0\system32\drivers\kbdhid.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 -c--a-w- d:\windows.0\system32\dllcache\hidusb.sys
2009-06-03 14:16 . 2008-04-13 22:15 10368 ----a-w- d:\windows.0\system32\drivers\hidusb.sys
2009-06-03 14:14 . 2008-04-14 06:51 27648 -c--a-w- d:\windows.0\system32\dllcache\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:51 27648 ----a-w- d:\windows.0\system32\irmon.dll
2009-06-03 14:14 . 2008-04-14 06:52 152064 -c--a-w- d:\windows.0\system32\dllcache\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 152064 ----a-w- d:\windows.0\system32\irftp.exe
2009-06-03 14:14 . 2008-04-14 06:52 8192 -c--a-w- d:\windows.0\system32\dllcache\wshirda.dll
2009-06-03 14:14 . 2008-04-14 06:52 8192 ----a-w- d:\windows.0\system32\wshirda.dll
2009-06-03 04:42 . 2009-06-03 04:42 -------- d-----w- d:\program files\SystemRequirementsLab
2009-05-29 18:20 . 2009-05-29 18:20 -------- d-----w- d:\program files\Common Files\DirectX
2009-05-29 14:37 . 2009-05-30 10:08 -------- d-----w- d:\program files\Garena
2009-05-29 14:06 . 2009-05-29 14:11 2829 ----a-w- d:\windows.0\War3Unin.pif
2009-05-29 14:06 . 2009-05-29 14:11 139264 ----a-w- d:\windows.0\War3Unin.exe
2009-05-29 13:42 . 2009-05-29 13:42 -------- d-----w- d:\windows.0\system32\wbem\Repository
2009-05-29 10:18 . 2009-05-29 14:25 127903 ----a-w- d:\windows.0\War3Unin.dat
2009-05-29 10:17 . 2009-06-10 04:49 -------- d-----w- d:\documents and settings\MIKO~2\Dokumenty
2009-05-29 10:17 . 2009-05-29 10:17 -------- d-----w- d:\documents and settings\Mi?ko
2009-05-29 05:51 . 2009-05-29 05:52 -------- d-----w- d:\windows.0\system32\oodag
2009-05-29 05:46 . 2009-05-29 05:46 -------- d-----w- d:\program files\OO Software
2009-05-29 05:41 . 2009-05-29 05:41 -------- d-----w- d:\program files\CCleaner
2009-05-28 19:15 . 2009-05-28 19:27 -------- d-----w- d:\program files\IDoser v4
2009-05-25 15:43 . 2009-05-25 15:43 721904 ----a-w- d:\windows.0\system32\drivers\sptd.sys
2009-05-16 11:04 . 2009-05-16 11:04 -------- d-----w- d:\windows.0\Sun
2009-05-16 11:02 . 2009-05-16 11:01 410984 ----a-w- d:\windows.0\system32\deploytk.dll
2009-05-16 11:01 . 2009-05-16 11:01 -------- d-----w- d:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 20:21 . 2001-10-25 12:00 86046 ----a-w- d:\windows.0\system32\perfc005.dat
2009-06-14 20:21 . 2001-10-25 12:00 449614 ----a-w- d:\windows.0\system32\perfh005.dat
2009-06-10 19:52 . 2009-04-04 12:44 -------- d-----w- d:\program files\ICQ6.5
2009-06-08 16:49 . 2009-04-03 21:29 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-05-29 13:42 . 2009-04-08 06:49 -------- d-----w- d:\program files\MOBILedit!
2009-05-27 16:22 . 2009-04-04 10:14 -------- d-----w- d:\program files\Lexmark X1100 Series
2009-05-10 19:28 . 2009-05-10 19:28 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2009-05-07 15:33 . 2009-04-03 20:04 346624 ----a-w- d:\windows.0\system32\localspl.dll
2009-05-03 15:58 . 2009-04-04 12:13 -------- d-----w- d:\program files\QIP
2009-05-02 12:38 . 2009-05-02 12:38 -------- d-----w- d:\program files\Conduit
2009-05-02 12:37 . 2009-05-02 12:37 -------- d-----w- d:\program files\Webteh
2009-05-01 19:10 . 2009-05-01 19:02 -------- d-----w- d:\program files\Mio DigiWalker
2009-05-01 19:01 . 2009-05-01 19:01 -------- d-----w- d:\program files\Mio Technology
2009-04-29 04:47 . 2009-04-03 20:04 827392 ----a-w- d:\windows.0\system32\wininet.dll
2009-04-29 04:47 . 2009-04-03 21:04 78336 ------w- d:\windows.0\system32\ieencode.dll
2009-04-27 12:54 . 2009-04-06 12:10 1560 ----a-w- d:\windows.0\system32\ealregsnapshot1.reg
2009-04-27 07:09 . 2009-04-27 07:09 -------- d-----w- d:\program files\Eidos
2009-04-23 14:43 . 2009-04-23 14:41 -------- d-----w- d:\program files\File Sender
2009-04-19 19:52 . 2009-04-03 20:04 1847168 ----a-w- d:\windows.0\system32\win32k.sys
2009-04-19 17:09 . 2009-04-19 17:09 -------- d-----w- d:\program files\DVDVIDEOSOFT
2009-04-19 13:40 . 2009-04-19 13:40 -------- d-----w- d:\program files\MediaInfo
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w- d:\program files\Common Files\Adobe
2009-04-15 14:54 . 2009-04-03 20:04 585216 ----a-w- d:\windows.0\system32\rpcrt4.dll
2009-04-09 09:13 . 2009-04-09 09:13 47360 ----a-w- d:\windows.0\system32\drivers\pcouffin.sys
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\system32\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 35328 ----a-w- d:\windows.0\cygz.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\system32\cygwin1.dll
2009-04-09 09:03 . 2009-04-09 09:03 1126281 ----a-w- d:\windows.0\cygwin1.dll
2009-04-04 15:42 . 2009-04-04 15:42 56 ---ha-w- d:\windows.0\system32\ezsidmv.dat
2009-04-03 23:51 . 2009-04-03 23:51 18432 ----a-w- d:\windows.0\system32\drivers\grmngen.sys
2009-04-03 23:51 . 2009-04-03 23:51 8320 ----a-w- d:\windows.0\system32\drivers\grmnusb.sys
2009-04-03 21:59 . 2009-04-03 18:54 76499 ----a-w- d:\windows.0\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-03 21:59 . 2009-04-03 18:54 2708 ----a-w- d:\windows.0\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-04-03 21:06 . 2009-04-03 18:54 8972 ----a-w- d:\windows.0\PCHealth\HelpCtr\Config\Cntstore.bin
2009-04-03 20:38 . 2009-04-03 20:38 0 ----a-w- d:\windows.0\nsreg.dat
2009-04-03 18:52 . 2009-04-03 18:52 21812 ----a-w- d:\windows.0\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w- d:\windows.0\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w- d:\windows.0\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-14_20.17.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 04:35 . 2009-06-15 04:35 16384 d:\windows.0\Temp\Perflib_Perfdata_4f8.dat
+ 2001-10-25 12:00 . 2009-06-14 20:21 67312 d:\windows.0\system32\perfc009.dat
- 2001-10-25 12:00 . 2009-06-03 14:18 67312 d:\windows.0\system32\perfc009.dat
+ 2001-10-25 12:00 . 2009-06-14 20:21 432356 d:\windows.0\system32\perfh009.dat
- 2001-10-25 12:00 . 2009-06-03 14:18 432356 d:\windows.0\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Lexmark X1100 Series"="d:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - d:\windows.0\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows.0\System32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Miçko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe [2008-12-18 49152]
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Gabi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\Hynek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ESET NOD32 Antivirus.lnk - d:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2009-2-6 2021400]
Mˇstnˇ vyhled v nˇ.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS.0\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Documents and Settings\\Hyneček\\Plocha\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;d:\windows.0\system32\drivers\Lbd.sys [14.6.2009 9:54 64160]
R1 ehdrv;ehdrv;d:\windows.0\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;d:\windows.0\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1005904]
.
.
------- Doplňkový sken -------
.
TCP: {55F521E9-4794-4B8D-BBBB-FE698B353EB2} = 62.129.50.20,85.135.32.100
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 06:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(572)
d:\windows.0\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-15 7:00
ComboFix-quarantined-files.txt 2009-06-15 05:00
ComboFix2.txt 2009-06-14 21:10
ComboFix3.txt 2009-06-14 20:24

Před spuštěním: 2 772 594 688
Po spuštění: 2 759 303 168

189 --- E O F --- 2009-06-10 12:23


log ComboFix

[nemesis92]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:02, on 15.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\LEXBCES.EXE
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\system32\LEXPPS.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\PROGRAMY\Winamp\winampa.exe
D:\WINDOWS.0\system32\rundll32.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\WINDOWS.0\system32\imapi.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS.0\system32\SearchIndexer.exe
D:\DOCUME~1\Hynek\LOCALS~1\Temp\Rar$EX00.110\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAMY\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ESET NOD32 Antivirus.lnk = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ESET NOD32 Antivirus.lnk = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - Global Startup: Místní vyhledávání.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8786884449
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F521E9-4794-4B8D-BBBB-FE698B353EB2}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS.0\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6693 bytes


log z HIjack

[nemesis92]

Svazek v jednotce D je Disk 2.
Sériové číslo svazku je 3459-E5A5.

Výpis adresáře D:\WINDOWS.0

14.04.2008 08:52 1 034 240 explorer.exe
1 souborů, 1 034 240 bajtů

Výpis adresáře D:\WINDOWS.0\$ntservicepackuninstall$

17.08.2004 15:49 1 032 704 explorer.exe
1 souborů, 1 032 704 bajtů

Výpis adresáře D:\WINDOWS.0\ServicePackFiles\i386

14.04.2008 08:52 1 034 240 explorer.exe
1 souborů, 1 034 240 bajtů

Výpis adresáře D:\WINDOWS.0\system32\dllcache

14.04.2008 08:52 1 034 240 explorer.exe
1 souborů, 1 034 240 bajtů

TOTO MI HODIL TEN SKRIPT.

[nemesis92]

http://www.virustotal.com/cs/analisis/0 ... 1244890341


odkaz na virustotal. nonic mizim do školy. takže tu budu odpoledne kolem 5.