Prosím o kontrolu HJT- pomoc Vyřešeno

[pistabaci]

Neviem rozzipovať súbor . Odinštalácia , vyčistenie a znovuinštalacia WinZip, WinRar, ai. nepomáha.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:02, on 13.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: QIP Infium - {2691C3E6-0886-4CB7-B775-5CE281346DD5} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2089383156
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6856 bytes

[Reklama]

[pistabaci]

Ťaham titulky k DivX z titulky .com a ani jeden program WinZip, WinRar ani 7-Zip mi nechce zip subor rozzipovať.
Hlási že zložka komprimovaná metódou Zip nie je platná alebo je poškodená. Ak to sosnem znova situacia sa opakuje.
Nemá niekto radu ? Odinštalovaním a znovu instalaciou zipovacích programov som to nevyriešil, zrada bude niekde inde.

Vopred ďakujem za rady.

[jaro3]

Odinstaluj:
DAEMON Tools Toolbar
SPYBOT( nebo u něj vypni rez. ochranu.)

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB

Spusť Malwarebytes' Anti-Malware , aktualizuj a proveď sken, vlož sem z něj log ( nic zatím nemaž.)

[pistabaci]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 5.1.2600 Service Pack 3

13.9.2009 11:54:26
mbam-log-2009-09-13 (11-54-26).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 94744
Uplynulý čas: 4 minute(s), 35 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)


Pre istotu dodavam HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:53, on 13.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: QIP Infium - {2691C3E6-0886-4CB7-B775-5CE281346DD5} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2089383156
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6052 bytes

[jaro3]

Vypni rez. ochrany+firewall u ESET Smart Security (i rez. ochranu u Spybotu).

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[pistabaci]

ComboFix 09-09-12.A0 - Štefan 13.09.2009 13:07.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.172 [GMT 2:00]
Spuštěný z: c:\documents and settings\Štefan\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spy Sweeper *disabled* (Outdated) {00000000-9290-004F-9809-4D0000000000}
SP: Spy Sweeper *enabled* (Updated) {00000000-0000-0000-0000-000000000000}
SP: Webroot Spy Sweeper *disabled* (Updated) {00000000-9290-004F-9809-4D0001000000}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\135f1b.msp
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\regedit.com
c:\windows\system32\Cache
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-13 do 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-11 06:29 . 2009-09-11 06:29 -------- d-----w- C:\MS Rapid Downloads
2009-09-11 06:17 . 2009-09-11 06:17 -------- d-----w- C:\Downloads
2009-09-10 04:25 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 04:25 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 04:25 . 2009-09-13 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 04:30 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 05:44 . 2009-09-08 05:45 -------- d-----w- c:\program files\Trojan Remover
2009-09-07 13:01 . 2009-09-07 13:01 -------- d-----w- c:\program files\Remove Empty Directories
2009-09-07 05:32 . 2009-09-07 05:32 -------- d-----w- c:\program files\VisiPics
2009-09-07 04:35 . 2009-09-07 04:35 -------- d-----w- c:\program files\Windows Updates Downloader
2009-09-05 21:10 . 2009-09-05 21:10 -------- d-----w- c:\windows\system32\ANTIWPA
2009-09-04 18:35 . 2009-09-04 18:36 -------- d-----w- c:\windows\Downloaded Program Files
2009-09-04 16:00 . 2009-09-04 16:00 -------- d-----w- c:\program files\Auslogics
2009-09-04 08:04 . 2009-09-04 08:04 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-04 08:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-04 08:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-04 08:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-04 07:51 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-04 07:48 . 2009-09-04 07:48 -------- d-----w- c:\program files\Microsoft Works
2009-09-04 07:46 . 2009-09-04 07:46 -------- d-----w- c:\program files\Microsoft.NET
2009-09-04 07:44 . 2009-09-04 07:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-04 07:43 . 2009-09-04 07:47 -------- d-----w- c:\windows\SHELLNEW
2009-09-04 07:42 . 2009-09-04 07:42 -------- d-----r- C:\MSOCache
2009-09-04 03:57 . 2009-09-04 03:57 -------- d-----w- c:\program files\Secunia
2009-09-01 04:42 . 2009-09-01 19:37 -------- d-----w- c:\program files\Security Task Manager
2009-08-30 18:26 . 2009-08-30 18:26 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-08-25 03:00 . 2009-08-25 03:09 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-24 16:00 . 2009-08-24 19:08 -------- d-----w- c:\program files\QIP
2009-08-23 07:33 . 2009-08-23 07:33 -------- d-----w- c:\program files\Enigma Software Group
2009-08-22 18:26 . 2009-08-22 18:26 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-22 10:02 . 2001-08-23 17:30 44544 ----a-w- c:\windows\system32\hticons.dll
2009-08-22 10:02 . 2009-08-22 10:03 -------- d-----w- c:\windows\Cursors
2009-08-22 10:00 . 2009-09-07 19:36 -------- d-----w- c:\windows\system32\Logfiles
2009-08-22 10:00 . 2009-08-22 10:06 -------- d-----w- C:\Inetpub
2009-08-22 09:50 . 2009-09-13 09:16 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-22 09:50 . 2009-08-22 09:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-21 16:06 . 2009-08-21 15:48 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-21 15:57 . 2009-08-21 15:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 15:50 . 2009-08-21 15:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-21 15:48 . 2009-08-21 15:48 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-21 04:49 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-18 15:48 . 2009-08-18 15:48 -------- d-----w- c:\program files\ESET
2009-08-18 12:18 . 2009-08-18 12:32 159802 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe
2009-08-17 03:44 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-08-17 03:44 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-08-17 03:44 . 2009-08-17 03:44 -------- d-----w- c:\program files\Ashampoo
2009-08-15 04:38 . 2009-08-15 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 09:45 . 2009-09-13 09:45 693760 ----a-w- c:\windows\isRS-000.tmp
2009-09-13 09:18 . 2009-06-01 19:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 02:39 . 2001-10-25 12:00 91706 ----a-w- c:\windows\system32\perfc005.dat
2009-09-13 02:39 . 2001-10-25 12:00 473158 ----a-w- c:\windows\system32\perfh005.dat
2009-09-12 20:49 . 2009-06-03 03:05 -------- d-----w- c:\program files\FlashFXP
2009-09-12 06:39 . 2009-06-06 18:15 -------- d-----w- c:\program files\Microsoft Bootvis
2009-09-07 05:17 . 2009-05-31 20:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 07:47 . 2009-06-01 11:17 -------- d-----w- c:\program files\MSBuild
2009-09-04 05:38 . 2009-06-02 04:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-04 04:17 . 2009-06-01 01:14 -------- d-----w- c:\program files\Winamp
2009-09-03 12:17 . 2009-06-01 01:23 -------- d-----w- c:\program files\KeePass Password Safe
2009-09-03 01:05 . 2009-06-26 03:40 -------- d-----w- c:\program files\Opera
2009-08-22 16:58 . 2009-06-02 04:54 -------- d-----w- c:\program files\Advanced System Optimizer
2009-08-21 15:44 . 2009-06-01 18:26 -------- d-----w- c:\program files\Lavasoft
2009-08-17 15:21 . 2009-07-24 18:53 159740 ----a-w- c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-08-14 05:32 . 2009-08-14 05:32 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-14 04:00 . 2009-08-14 04:00 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-08-14 04:00 . 2009-08-14 03:59 -------- d-----w- c:\program files\UltraISO
2009-08-12 04:07 . 2009-08-12 04:06 6213528 ----a-w- c:\windows\REGBK03.ZIP
2009-08-12 02:41 . 2009-08-12 02:24 -------- d-----w- c:\program files\SpeedFan
2009-08-11 15:57 . 2009-08-11 04:20 -------- d-----w- c:\program files\Driver Checker
2009-08-11 14:28 . 2009-06-05 17:20 -------- d-----w- c:\program files\Uniblue
2009-08-11 14:11 . 2009-07-31 05:22 -------- d-----w- c:\program files\Common Files\GTK
2009-08-09 13:15 . 2009-08-09 13:15 -------- d-----w- c:\program files\Sony
2009-08-08 17:45 . 2009-08-08 17:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys.15416792
2009-08-05 19:39 . 2009-06-02 09:01 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2009-05-31 22:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 05:31 . 2009-08-05 05:30 5860576 ----a-w- c:\windows\REGBK02.ZIP
2009-08-01 09:13 . 2009-08-01 09:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-01 04:50 . 2009-06-01 00:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-31 05:19 . 2009-05-31 23:15 -------- d-----w- c:\program files\ApexDC++
2009-07-29 04:36 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-06-02 09:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2002-09-20 16:03 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-06-01 00:25 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2002-09-20 16:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2002-09-20 16:04 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2002-09-20 16:04 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2002-09-20 16:04 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2002-09-20 16:04 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2002-09-20 16:04 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2001-10-25 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18 . 2001-10-25 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 10:45 . 2009-06-18 17:57 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-06-22 05:30 . 2009-06-18 18:58 388000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-06-22 05:30 . 2009-06-01 19:44 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-06-20 15:13 . 2009-06-20 15:12 5648343 ----a-w- c:\windows\REGBK01.ZIP
2009-06-17 13:21 . 2009-06-17 13:11 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 11:10 . 2009-06-17 07:37 971232 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-06-17 05:28 . 2009-06-01 19:44 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-06-16 15:32 . 2009-05-31 22:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-8 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Gadwin PrintScreen"=c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Auslogics BoostSpeed"=c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\windows\System32\oodtray.exe
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
"Spy Protector"=c:\program files\Security Task Manager\SpyProtector.exe /autostart
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"f:\\Dreambox\\DCC\\DCC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Programy\\Kodovane\\Tahaj s rapidu\\CryptLoad_1.1.5 CZ\\RouterClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.8.2009 17:48 64160]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [1.6.2009 21:44 134272]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.9.2009 6:25 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1.6.2009 2:45 604416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.9.2009 6:25 19160]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [17.8.2009 5:44 410976]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:48]

2009-09-11 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 14:48]
.
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 13:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1600)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2009-09-13 13:24
ComboFix-quarantined-files.txt 2009-09-13 11:24

Před spuštěním: Volných bajtů: 29 895 413 760
Po spuštění: Volných bajtů: 29 873 283 072

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
259 --- E O F --- 2009-09-09 04:37

[pistabaci]

Tak čo Jaro máš ešte nejaké doporučenia ? Alebo sme skončili ?

[jaro3]

Omluva za zpoždění.

Odinstaluj ( pokud tam máš):
SP: Spy Sweeper *
SP: Webroot Spy Sweeper
SpyHunter
Ad-Aware


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\ativpsrm.bin
c:\windows\Marsu-Fix Uninstaller.exe
c:\windows\isRS-000.tmp
c:\windows\Marsu-Fix 2.5 Uninstaller.exe
c:\windows\REGBK03.ZIP
c:\windows\system32\drivers\sptd.sys.15416792
c:\windows\REGBK02.ZIP
c:\windows\REGBK01.ZIP
c:\windows\system32\d3d9caps.dat

Folder::
c:\program files\DAEMON Tools Toolbar

Driver::
sptd.sys.15416792

DirLook::
c:\windows\system32\ANTIWPA

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[pistabaci]

ComboFix 09-09-12.A0 - Štefan 13.09.2009 17:25.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.153 [GMT 2:00]
Spuštěný z: c:\documents and settings\Štefan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štefan\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spy Sweeper *disabled* (Outdated) {00000000-9290-004F-9809-4D0000000000}
SP: Spy Sweeper *enabled* (Updated) {00000000-0000-0000-0000-000000000000}
SP: Webroot Spy Sweeper *disabled* (Updated) {00000000-9290-004F-9809-4D0001000000}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-13 do 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 14:54 . 2009-09-13 14:54 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-09-11 06:29 . 2009-09-11 06:29 -------- d-----w- C:\MS Rapid Downloads
2009-09-11 06:17 . 2009-09-11 06:17 -------- d-----w- C:\Downloads
2009-09-10 04:25 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 04:25 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 04:25 . 2009-09-13 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 04:30 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 05:44 . 2009-09-08 05:45 -------- d-----w- c:\program files\Trojan Remover
2009-09-07 13:01 . 2009-09-07 13:01 -------- d-----w- c:\program files\Remove Empty Directories
2009-09-07 05:32 . 2009-09-07 05:32 -------- d-----w- c:\program files\VisiPics
2009-09-07 04:35 . 2009-09-07 04:35 -------- d-----w- c:\program files\Windows Updates Downloader
2009-09-05 21:10 . 2009-09-05 21:10 -------- d-----w- c:\windows\system32\ANTIWPA
2009-09-04 18:35 . 2009-09-04 18:36 -------- d-----w- c:\windows\Downloaded Program Files
2009-09-04 16:00 . 2009-09-04 16:00 -------- d-----w- c:\program files\Auslogics
2009-09-04 08:04 . 2009-09-04 08:04 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-04 08:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-04 08:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-04 08:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-04 07:51 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-04 07:48 . 2009-09-04 07:48 -------- d-----w- c:\program files\Microsoft Works
2009-09-04 07:46 . 2009-09-04 07:46 -------- d-----w- c:\program files\Microsoft.NET
2009-09-04 07:44 . 2009-09-04 07:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-04 07:43 . 2009-09-04 07:47 -------- d-----w- c:\windows\SHELLNEW
2009-09-04 07:42 . 2009-09-04 07:42 -------- d-----r- C:\MSOCache
2009-09-04 03:57 . 2009-09-04 03:57 -------- d-----w- c:\program files\Secunia
2009-09-01 04:42 . 2009-09-01 19:37 -------- d-----w- c:\program files\Security Task Manager
2009-08-30 18:26 . 2009-08-30 18:26 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-08-25 03:00 . 2009-08-25 03:09 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-24 16:00 . 2009-08-24 19:08 -------- d-----w- c:\program files\QIP
2009-08-22 18:26 . 2009-08-22 18:26 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-22 10:02 . 2001-08-23 17:30 44544 ----a-w- c:\windows\system32\hticons.dll
2009-08-22 10:02 . 2009-08-22 10:03 -------- d-----w- c:\windows\Cursors
2009-08-22 10:00 . 2009-09-07 19:36 -------- d-----w- c:\windows\system32\Logfiles
2009-08-22 10:00 . 2009-08-22 10:06 -------- d-----w- C:\Inetpub
2009-08-22 09:50 . 2009-08-22 09:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-21 16:06 . 2009-08-21 15:48 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-21 15:57 . 2009-08-21 15:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 15:50 . 2009-08-21 15:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-21 15:48 . 2009-08-21 15:48 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-21 04:49 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-18 15:48 . 2009-08-18 15:48 -------- d-----w- c:\program files\ESET
2009-08-18 12:18 . 2009-08-18 12:32 159802 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe
2009-08-17 03:44 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-08-17 03:44 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-08-17 03:44 . 2009-08-17 03:44 -------- d-----w- c:\program files\Ashampoo
2009-08-15 04:38 . 2009-08-15 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 09:18 . 2009-06-01 19:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 02:39 . 2001-10-25 12:00 91706 ----a-w- c:\windows\system32\perfc005.dat
2009-09-13 02:39 . 2001-10-25 12:00 473158 ----a-w- c:\windows\system32\perfh005.dat
2009-09-12 20:49 . 2009-06-03 03:05 -------- d-----w- c:\program files\FlashFXP
2009-09-12 06:39 . 2009-06-06 18:15 -------- d-----w- c:\program files\Microsoft Bootvis
2009-09-07 05:17 . 2009-05-31 20:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 07:47 . 2009-06-01 11:17 -------- d-----w- c:\program files\MSBuild
2009-09-04 05:38 . 2009-06-02 04:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-04 04:17 . 2009-06-01 01:14 -------- d-----w- c:\program files\Winamp
2009-09-03 12:17 . 2009-06-01 01:23 -------- d-----w- c:\program files\KeePass Password Safe
2009-09-03 01:05 . 2009-06-26 03:40 -------- d-----w- c:\program files\Opera
2009-08-22 16:58 . 2009-06-02 04:54 -------- d-----w- c:\program files\Advanced System Optimizer
2009-08-21 15:44 . 2009-06-01 18:26 -------- d-----w- c:\program files\Lavasoft
2009-08-17 15:21 . 2009-07-24 18:53 159740 ----a-w- c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-08-14 05:32 . 2009-08-14 05:32 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-14 04:00 . 2009-08-14 04:00 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-08-14 04:00 . 2009-08-14 03:59 -------- d-----w- c:\program files\UltraISO
2009-08-12 04:07 . 2009-08-12 04:06 6213528 ----a-w- c:\windows\REGBK03.ZIP
2009-08-12 02:41 . 2009-08-12 02:24 -------- d-----w- c:\program files\SpeedFan
2009-08-11 15:57 . 2009-08-11 04:20 -------- d-----w- c:\program files\Driver Checker
2009-08-11 14:28 . 2009-06-05 17:20 -------- d-----w- c:\program files\Uniblue
2009-08-11 14:11 . 2009-07-31 05:22 -------- d-----w- c:\program files\Common Files\GTK
2009-08-09 13:15 . 2009-08-09 13:15 -------- d-----w- c:\program files\Sony
2009-08-08 17:45 . 2009-08-08 17:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys.15416792
2009-08-05 19:39 . 2009-06-02 09:01 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2009-05-31 22:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 05:31 . 2009-08-05 05:30 5860576 ----a-w- c:\windows\REGBK02.ZIP
2009-08-01 09:13 . 2009-08-01 09:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-01 04:50 . 2009-06-01 00:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-31 05:19 . 2009-05-31 23:15 -------- d-----w- c:\program files\ApexDC++
2009-07-29 04:36 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-06-02 09:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2002-09-20 16:03 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-06-01 00:25 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2002-09-20 16:05 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2002-09-20 16:04 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2002-09-20 16:04 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2002-09-20 16:04 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2002-09-20 16:04 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2002-09-20 16:04 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2001-10-25 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18 . 2001-10-25 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 10:45 . 2009-06-18 17:57 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-06-22 05:30 . 2009-06-18 18:58 388000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-06-22 05:30 . 2009-06-01 19:44 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-06-20 15:13 . 2009-06-20 15:12 5648343 ----a-w- c:\windows\REGBK01.ZIP
2009-06-17 13:21 . 2009-06-17 13:11 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 11:10 . 2009-06-17 07:37 971232 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-06-17 05:28 . 2009-06-01 19:44 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-06-16 15:32 . 2009-05-31 22:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\ANTIWPA ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Gadwin PrintScreen"=c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Auslogics BoostSpeed"=c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\windows\System32\oodtray.exe
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
"Spy Protector"=c:\program files\Security Task Manager\SpyProtector.exe /autostart
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"f:\\Dreambox\\DCC\\DCC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Programy\\Kodovane\\Tahaj s rapidu\\CryptLoad_1.1.5 CZ\\RouterClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.8.2009 17:48 64160]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [1.6.2009 21:44 134272]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.9.2009 6:25 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1.6.2009 2:45 604416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.9.2009 6:25 19160]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [17.8.2009 5:44 410976]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:48]
.
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 17:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1596)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-09-13 17:42
ComboFix-quarantined-files.txt 2009-09-13 15:42
ComboFix2.txt 2009-09-13 11:24

Před spuštěním: Volných bajtů: 29 842 669 568
Po spuštění: Volných bajtů: 29 803 552 768
Hlasi mi antispyware Spy Sweeper ale neviem ho ani odinstalovat ani najst.

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /
fastdetect/noguiboot

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
250 --- E O F --- 2009-09-09 04:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:57, on 13.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: QIP Infium - {2691C3E6-0886-4CB7-B775-5CE281346DD5} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2089383156
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5774 bytes

Vdaka za pomoc ale zatial to je bez ucinku na otvorenie zazipovaneho suboru.

[jaro3]

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Opakuj ten samý script CF jak je výše.Stejný postup.

Odinstaloval si přebytečné spyware programy?
Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

[pistabaci]

Ad-Aware a Spy Sweeper neviem odinstalovat - Ad-Aware nie je k mani na your Uninstal a Spy Sweeper vôbec neviem najsť v Pc.
SuperAntispyware nenašiel nič.

ComboFix 09-09-13.04 - Štefan 13.09.2009 21:43.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.192 [GMT 2:00]
Spuštěný z: c:\documents and settings\Štefan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štefan\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spy Sweeper *disabled* (Outdated) {00000000-9290-004F-9809-4D0000000000}
SP: Spy Sweeper *enabled* (Updated) {00000000-0000-0000-0000-000000000000}
SP: Webroot Spy Sweeper *disabled* (Updated) {00000000-9290-004F-9809-4D0001000000}

FILE ::
"c:\windows\ativpsrm.bin"
"c:\windows\isRS-000.tmp"
"c:\windows\Marsu-Fix 2.5 Uninstaller.exe"
"c:\windows\Marsu-Fix Uninstaller.exe"
"c:\windows\REGBK01.ZIP"
"c:\windows\REGBK02.ZIP"
"c:\windows\REGBK03.ZIP"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\drivers\sptd.sys.15416792"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ativpsrm.bin
c:\windows\Marsu-Fix 2.5 Uninstaller.exe
c:\windows\Marsu-Fix Uninstaller.exe
c:\windows\REGBK01.ZIP
c:\windows\REGBK02.ZIP
c:\windows\REGBK03.ZIP
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\sptd.sys.15416792

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-13 do 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 19:34 . 2009-09-13 19:34 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-09-13 18:04 . 2009-09-13 18:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 18:04 . 2009-09-13 18:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 06:29 . 2009-09-11 06:29 -------- d-----w- C:\MS Rapid Downloads
2009-09-11 06:17 . 2009-09-11 06:17 -------- d-----w- C:\Downloads
2009-09-10 04:25 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 04:25 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 04:25 . 2009-09-13 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 04:30 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 05:44 . 2009-09-08 05:45 -------- d-----w- c:\program files\Trojan Remover
2009-09-07 13:01 . 2009-09-07 13:01 -------- d-----w- c:\program files\Remove Empty Directories
2009-09-07 05:32 . 2009-09-07 05:32 -------- d-----w- c:\program files\VisiPics
2009-09-07 04:35 . 2009-09-07 04:35 -------- d-----w- c:\program files\Windows Updates Downloader
2009-09-05 21:10 . 2009-09-05 21:10 -------- d-----w- c:\windows\system32\ANTIWPA
2009-09-04 18:35 . 2009-09-04 18:36 -------- d-----w- c:\windows\Downloaded Program Files
2009-09-04 08:04 . 2009-09-04 08:04 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-04 08:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-04 08:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-09-04 08:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-04 07:51 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-04 07:48 . 2009-09-04 07:48 -------- d-----w- c:\program files\Microsoft Works
2009-09-04 07:46 . 2009-09-04 07:46 -------- d-----w- c:\program files\Microsoft.NET
2009-09-04 07:44 . 2009-09-04 07:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-04 07:43 . 2009-09-04 07:47 -------- d-----w- c:\windows\SHELLNEW
2009-09-04 07:42 . 2009-09-04 07:42 -------- d-----r- C:\MSOCache
2009-09-04 03:57 . 2009-09-04 03:57 -------- d-----w- c:\program files\Secunia
2009-09-01 04:42 . 2009-09-01 19:37 -------- d-----w- c:\program files\Security Task Manager
2009-08-30 18:26 . 2009-08-30 18:26 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-08-25 03:00 . 2009-08-25 03:09 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-24 16:00 . 2009-09-13 18:25 -------- d-----w- c:\program files\QIP
2009-08-22 10:02 . 2001-08-23 17:30 44544 ----a-w- c:\windows\system32\hticons.dll
2009-08-22 10:02 . 2009-08-22 10:03 -------- d-----w- c:\windows\Cursors
2009-08-22 10:00 . 2009-09-13 17:56 -------- d-----w- c:\windows\system32\Logfiles
2009-08-22 10:00 . 2009-08-22 10:06 -------- d-----w- C:\Inetpub
2009-08-22 09:50 . 2009-08-22 09:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-21 16:06 . 2009-08-21 15:48 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-21 15:57 . 2009-08-21 15:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 15:50 . 2009-08-21 15:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-21 15:48 . 2009-08-21 15:48 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-21 04:49 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-18 15:48 . 2009-08-18 15:48 -------- d-----w- c:\program files\ESET
2009-08-17 03:44 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-08-17 03:44 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-08-17 03:44 . 2009-08-17 03:44 -------- d-----w- c:\program files\Ashampoo
2009-08-15 04:38 . 2009-08-15 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 09:18 . 2009-06-01 19:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 02:39 . 2001-10-25 12:00 91706 ----a-w- c:\windows\system32\perfc005.dat
2009-09-13 02:39 . 2001-10-25 12:00 473158 ----a-w- c:\windows\system32\perfh005.dat
2009-09-12 20:49 . 2009-06-03 03:05 -------- d-----w- c:\program files\FlashFXP
2009-09-12 06:39 . 2009-06-06 18:15 -------- d-----w- c:\program files\Microsoft Bootvis
2009-09-07 05:17 . 2009-05-31 20:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 07:47 . 2009-06-01 11:17 -------- d-----w- c:\program files\MSBuild
2009-09-04 05:38 . 2009-06-02 04:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-04 04:17 . 2009-06-01 01:14 -------- d-----w- c:\program files\Winamp
2009-09-03 12:17 . 2009-06-01 01:23 -------- d-----w- c:\program files\KeePass Password Safe
2009-09-03 01:05 . 2009-06-26 03:40 -------- d-----w- c:\program files\Opera
2009-08-22 16:58 . 2009-06-02 04:54 -------- d-----w- c:\program files\Advanced System Optimizer
2009-08-21 15:44 . 2009-06-01 18:26 -------- d-----w- c:\program files\Lavasoft
2009-08-14 05:32 . 2009-08-14 05:32 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-14 04:00 . 2009-08-14 04:00 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-08-14 04:00 . 2009-08-14 03:59 -------- d-----w- c:\program files\UltraISO
2009-08-12 02:41 . 2009-08-12 02:24 -------- d-----w- c:\program files\SpeedFan
2009-08-11 15:57 . 2009-08-11 04:20 -------- d-----w- c:\program files\Driver Checker
2009-08-11 14:28 . 2009-06-05 17:20 -------- d-----w- c:\program files\Uniblue
2009-08-11 14:11 . 2009-07-31 05:22 -------- d-----w- c:\program files\Common Files\GTK
2009-08-09 13:15 . 2009-08-09 13:15 -------- d-----w- c:\program files\Sony
2009-08-05 19:39 . 2009-06-02 09:01 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2009-05-31 22:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 09:13 . 2009-08-01 09:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-01 04:50 . 2009-06-01 00:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-31 05:19 . 2009-05-31 23:15 -------- d-----w- c:\program files\ApexDC++
2009-07-29 04:36 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-06-02 09:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2002-09-20 16:03 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-06-01 00:25 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2002-09-20 16:05 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2002-09-20 16:04 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2002-09-20 16:04 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2002-09-20 16:04 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2002-09-20 16:04 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2002-09-20 16:04 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2001-10-25 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18 . 2001-10-25 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 10:45 . 2009-06-18 17:57 1390730 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-06-22 05:30 . 2009-06-18 18:58 388000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-06-22 05:30 . 2009-06-01 19:44 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-06-17 13:21 . 2009-06-17 13:11 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 11:10 . 2009-06-17 07:37 971232 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-06-17 05:28 . 2009-06-01 19:44 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\ANTIWPA ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Gadwin PrintScreen"=c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Auslogics BoostSpeed"=c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\windows\System32\oodtray.exe
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Spy Protector"=c:\program files\Security Task Manager\SpyProtector.exe /autostart
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"f:\\Dreambox\\DCC\\DCC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Programy\\Kodovane\\Tahaj s rapidu\\CryptLoad_1.1.5 CZ\\RouterClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.8.2009 17:48 64160]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [1.6.2009 21:44 134272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4.9.2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4.9.2009 14:49 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.9.2009 6:25 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1.6.2009 2:45 604416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.9.2009 6:25 19160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4.9.2009 14:50 7408]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [17.8.2009 5:44 410976]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:48]
.
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 21:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1700)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-09-13 22:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-13 20:02
ComboFix2.txt 2009-09-13 15:42
ComboFix3.txt 2009-09-13 11:24

Před spuštěním: Volných bajtů: 29 552 959 488
Po spuštění: Volných bajtů: 29 514 887 168

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
281 --- E O F --- 2009-09-09 04:37

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
ESET Smart Security


Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
Secunia PSI
Trojan Remover 6.8.0
HijackThis 2.0.2
TuneUp Utilities 2009
CCleaner (remove only)
Wise Registry Cleaner 4 Professional V4.73
Java(TM) 6 Update 15
Adobe Flash Player 10
Adobe Reader 9.1.3 - Czech
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe


``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

[jaro3]

Stáhni AVP Tools
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
na svojí plochu.
Zaškrtni :
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Pokračuj podle instrukcí.Poté vlož log .(save log)

// upravil jsem odkaz, omluva za špatné vložení..jaro3