rocna kontrola HJT logu Vyřešeno

[mates13494]

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:24, on 13.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Miranda IM KP v4.2\miranda32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\twain_32\escndv\escndv.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/luxor_2/mjolauncher.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba Google Update (gupdate1c9f66d9f64aa54) (gupdate1c9f66d9f64aa54) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7235 bytes

[Reklama]

[Damned]

Nedávej logy do code.
Odinstaluj si Crawler Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[mates13494]

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 2790
Windows 5.1.2600 Service Pack 3

13.9.2009 17:24:17
mbam-log-2009-09-13 (17-24-12).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 124224
Uplynutý cas: 5 minute(s), 20 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 2
Infikovaných priecinkov: 0
Infikovaných súborov: 3

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\prs (Trojan.FakeAlert) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\system32\drivers\2f7d560e.sys (Rootkit.Rustock) -> No action taken.
C:\Documents and Settings\fk\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\temp\wpv821251053173.exe (Trojan.Agent) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[mates13494]

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 2790
Windows 5.1.2600 Service Pack 3

13.9.2009 20:08:48
mbam-log-2009-09-13 (20-08-48).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 124737
Uplynutý cas: 5 minute(s), 6 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 2
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[Damned]

Ten rootkit tam bude, dokud mu neutrhnem nohy a ruce. Ty hodnoty asi tvoří sám. Tak ten ComboFix.

[mates13494]

ComboFix 09-09-12.A0 - fk 13.09.2009 20:11.8.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2591 [GMT 2:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1051b.msp
c:\windows\Installer\2f5d7.msi
c:\windows\SW_Win2000X24.DLL

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 15:17 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 15:17 . 2009-09-13 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 15:17 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:59 . 2009-09-10 17:59 -------- d-----w- c:\program files\Ventrilo
2009-09-05 11:12 . 2009-09-05 11:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-28 13:56 . 2009-09-13 18:02 -------- d-----w- c:\documents and settings\fk\Application Data\Hamachi
2009-08-28 13:56 . 2009-08-28 13:56 -------- d-----w- c:\program files\Hamachi
2009-08-27 15:43 . 2009-08-27 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-08-16 17:23 . 2009-08-16 17:23 -------- d-----w- c:\documents and settings\fk\.thumbnails
2009-08-16 17:23 . 2009-08-16 17:23 -------- d-----w- c:\documents and settings\fk\.gegl-0.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 17:00 . 2009-03-09 12:49 -------- d-----w- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-09-13 13:37 . 2008-12-15 15:29 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-13 13:36 . 2008-12-15 15:29 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-13 08:27 . 2009-03-09 13:31 -------- d-----w- c:\program files\WinClamAVShield
2009-09-12 19:37 . 2009-05-20 11:55 -------- d-----w- c:\documents and settings\fk\Application Data\Skype
2009-09-11 20:58 . 2008-03-02 17:11 -------- d-----w- c:\documents and settings\fk\Application Data\skypePM
2009-09-11 11:34 . 2009-01-25 12:34 -------- d-----w- c:\documents and settings\fk\Application Data\gtk-2.0
2009-09-11 11:30 . 2009-03-09 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-10 17:59 . 2009-04-03 13:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 13:56 . 2008-06-30 08:51 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-27 17:29 . 2009-07-25 17:30 -------- d-----w- c:\documents and settings\fk\Application Data\uTorrent
2009-08-27 15:41 . 2007-12-13 20:21 -------- d-----w- c:\program files\ATI Technologies
2009-08-25 18:26 . 2009-07-23 14:38 -------- d-----w- c:\program files\Miranda IM KP v4.2
2009-08-21 16:57 . 2007-12-13 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 09:51 . 2009-03-09 12:49 -------- d-----w- c:\program files\Spyware Terminator
2009-08-12 15:25 . 2009-08-12 15:25 -------- d-----w- c:\program files\Microsoft WSE
2009-08-11 10:32 . 2009-08-11 10:32 -------- d-----w- c:\documents and settings\fk\Application Data\teamspeak2
2009-08-10 20:09 . 2009-08-10 20:09 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-07-27 14:10 . 2007-12-16 13:59 -------- d-----w- c:\program files\Google
2009-07-27 09:48 . 2007-12-13 20:14 19408 ----a-w- c:\documents and settings\fk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 08:57 . 2009-07-27 08:57 -------- dc----w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-25 17:30 . 2009-07-25 17:30 -------- d-----w- c:\program files\uTorrent
2009-07-23 14:35 . 2008-10-03 11:58 -------- d--h--w- c:\program files\Miranda IM
2009-07-15 10:54 . 2009-07-15 10:54 287 ----a-w- c:\windows\EReg072.dat
2009-07-15 04:20 . 2007-06-15 01:58 4407808 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-15 02:29 . 2007-12-13 20:32 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-15 02:27 . 2007-06-15 01:59 336896 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-15 02:10 . 2007-06-15 01:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-15 02:10 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-15 02:10 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-15 02:10 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-15 02:09 . 2007-06-15 01:51 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-15 02:08 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-15 02:06 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-15 02:00 . 2007-12-13 20:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-15 01:58 . 2007-06-15 01:41 3281408 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-15 01:48 . 2009-02-04 05:57 12693504 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-15 01:44 . 2007-06-15 01:31 2053888 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-15 01:27 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-07-15 01:27 . 2009-02-04 03:58 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-15 01:23 . 2007-06-15 01:18 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-15 01:22 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-15 01:22 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-15 01:21 . 2009-02-04 03:53 159744 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-15 01:20 . 2009-02-04 02:40 3289088 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-15 01:20 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-15 01:19 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-15 01:18 . 2007-06-15 01:14 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-15 01:14 . 2007-06-15 01:11 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-14 19:05 . 2007-12-13 20:32 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-02 16:44 . 2007-12-13 20:32 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-02 16:44 . 2007-12-13 20:32 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-06-23 19:18 . 2007-12-17 14:19 335 ----a-w- c:\windows\nsreg.dat
2009-06-23 19:18 . 2007-12-17 16:54 11374 ----a-w- c:\windows\mozver.dat
2009-06-23 19:17 . 2009-06-23 19:17 118784 ----a-w- c:\windows\GREUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-13 3055616]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-13 2173440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\fk\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-8-28 625952]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Dx9.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Dx10.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Launcher.exe"=
"e:\\games\\NHL 2009\\nhl2009.exe"=
"c:\\Program Files\\Miranda IM KP v4.2\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\games\\HAWX\\HAWX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.3.2009 14:49 142592]
S2 gupdate1c9f66d9f64aa54;Služba Google Update (gupdate1c9f66d9f64aa54);c:\program files\Google\Update\GoogleUpdate.exe [26.6.2009 16:37 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 14:37]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 14:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2f7d560e]
"ImagePath"="\SystemRoot\System32\drivers\2f7d560e.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\s-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e

[HKEY_USERS\s-1-5-21-1993962763-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:59,be,7b,6e,fd,34,5a,6d,dc,9d,a4,a4,46,aa,83,4e,11,85,19,49,33,
06,e7,64,31,88,dd,66,1b,ca,86,a0,9f,93,44,22,a2,ef,c6,a9,c0,13,37,6a,cb,9e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Completion time: 2009-09-13 20:21
ComboFix-quarantined-files.txt 2009-09-13 18:21

Pre-Run: 26 109 898 752 bytes free
Post-Run: 11 adresárov, 26 534 440 960 voľných bajtov

189 --- E O F --- 2008-04-10 11:34

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\d3d9caps.dat
c:\windows\EReg072.dat
w:\FXDrv32.sys
c:\Windows\System32\drivers\2f7d560e.sys

DirLook::
c:\documents and settings\fk\.thumbnails
c:\documents and settings\fk\.gegl-0.0
c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

Driver::
FXDrv32;FXDrv32
FXDrv32
2f7d560e

Rootkit::
SystemRoot\System32\drivers\2f7d560e.sys
c:\Windows\System32\drivers\2f7d560e.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2f7d560e]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[mates13494]

ComboFix 09-09-13.05 - fk 14.09.2009 11:48.9.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2796 [GMT 2:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fk\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\EReg072.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\System32\drivers\2f7d560e.sys"
"w:\FXDrv32.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EReg072.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXDRV32
-------\Service_FXDrv32


((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-13 15:17 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 15:17 . 2009-09-13 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 15:17 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:59 . 2009-09-10 17:59 -------- d-----w- c:\program files\Ventrilo
2009-08-28 13:56 . 2009-09-14 09:52 -------- d-----w- c:\documents and settings\fk\Application Data\Hamachi
2009-08-28 13:56 . 2009-08-28 13:56 -------- d-----w- c:\program files\Hamachi
2009-08-27 15:43 . 2009-08-27 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-08-16 17:23 . 2009-08-16 17:23 -------- d-----w- c:\documents and settings\fk\.thumbnails
2009-08-16 17:23 . 2009-08-16 17:23 -------- d-----w- c:\documents and settings\fk\.gegl-0.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 18:29 . 2009-03-09 12:49 -------- d-----w- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-09-13 13:37 . 2008-12-15 15:29 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-13 13:36 . 2008-12-15 15:29 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-13 08:27 . 2009-03-09 13:31 -------- d-----w- c:\program files\WinClamAVShield
2009-09-12 19:37 . 2009-05-20 11:55 -------- d-----w- c:\documents and settings\fk\Application Data\Skype
2009-09-11 20:58 . 2008-03-02 17:11 -------- d-----w- c:\documents and settings\fk\Application Data\skypePM
2009-09-11 11:34 . 2009-01-25 12:34 -------- d-----w- c:\documents and settings\fk\Application Data\gtk-2.0
2009-09-11 11:30 . 2009-03-09 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-10 17:59 . 2009-04-03 13:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 13:56 . 2008-06-30 08:51 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-27 17:29 . 2009-07-25 17:30 -------- d-----w- c:\documents and settings\fk\Application Data\uTorrent
2009-08-27 15:41 . 2007-12-13 20:21 -------- d-----w- c:\program files\ATI Technologies
2009-08-25 18:26 . 2009-07-23 14:38 -------- d-----w- c:\program files\Miranda IM KP v4.2
2009-08-21 16:57 . 2007-12-13 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 09:51 . 2009-03-09 12:49 -------- d-----w- c:\program files\Spyware Terminator
2009-08-12 15:25 . 2009-08-12 15:25 -------- d-----w- c:\program files\Microsoft WSE
2009-08-11 10:32 . 2009-08-11 10:32 -------- d-----w- c:\documents and settings\fk\Application Data\teamspeak2
2009-08-10 20:09 . 2009-08-10 20:09 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-07-27 14:10 . 2007-12-16 13:59 -------- d-----w- c:\program files\Google
2009-07-27 09:48 . 2007-12-13 20:14 19408 ----a-w- c:\documents and settings\fk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 08:57 . 2009-07-27 08:57 -------- dc----w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-25 17:30 . 2009-07-25 17:30 -------- d-----w- c:\program files\uTorrent
2009-07-23 14:35 . 2008-10-03 11:58 -------- d--h--w- c:\program files\Miranda IM
2009-07-15 04:20 . 2007-06-15 01:58 4407808 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-15 02:29 . 2007-12-13 20:32 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-15 02:27 . 2007-06-15 01:59 336896 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-15 02:10 . 2007-06-15 01:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-15 02:10 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-15 02:10 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-15 02:10 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-15 02:09 . 2007-06-15 01:51 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-15 02:08 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-15 02:06 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-15 02:00 . 2007-12-13 20:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-15 01:58 . 2007-06-15 01:41 3281408 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-15 01:48 . 2009-02-04 05:57 12693504 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-15 01:44 . 2007-06-15 01:31 2053888 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-15 01:27 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-07-15 01:27 . 2009-02-04 03:58 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-15 01:23 . 2007-06-15 01:18 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-15 01:22 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-15 01:22 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-15 01:21 . 2009-02-04 03:53 159744 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-15 01:20 . 2009-02-04 02:40 3289088 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-15 01:20 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-15 01:19 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-15 01:18 . 2007-06-15 01:14 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-15 01:14 . 2007-06-15 01:11 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-14 19:05 . 2007-12-13 20:32 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-02 16:44 . 2007-12-13 20:32 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-02 16:44 . 2007-12-13 20:32 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-06-23 19:18 . 2007-12-17 14:19 335 ----a-w- c:\windows\nsreg.dat
2009-06-23 19:18 . 2007-12-17 16:54 11374 ----a-w- c:\windows\mozver.dat
2009-06-23 19:17 . 2009-06-23 19:17 118784 ----a-w- c:\windows\GREUninstall.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} ----


---- Directory of c:\documents and settings\fk\.gegl-0.0 ----

2009-08-16 17:23 . 2009-08-16 17:23 616 ----a-w- c:\documents and settings\fk\.gegl-0.0\plug-ins\Makefile

---- Directory of c:\documents and settings\fk\.thumbnails ----

2009-09-11 11:34 . 2009-09-11 11:34 14303 ----a-w- c:\documents and settings\fk\.thumbnails\normal\614ecfa30977e0af202ed85d29c33812.png
2009-09-10 17:12 . 2009-09-10 17:12 27923 ----a-w- c:\documents and settings\fk\.thumbnails\normal\795975c177a98c7121e881746591a81a.png
2009-09-03 11:40 . 2009-09-03 11:40 13035 ----a-w- c:\documents and settings\fk\.thumbnails\normal\1e4bfe755e4c6083de297b8ea0ded91a.png
2009-08-27 17:48 . 2009-08-27 17:48 25123 ----a-w- c:\documents and settings\fk\.thumbnails\normal\97341f7d9414a5a4f9843b949f624e07.png
2009-08-19 15:16 . 2009-08-19 15:16 25480 ----a-w- c:\documents and settings\fk\.thumbnails\normal\72a7ab191ccff849e4c0a1e30faa755c.png
2009-08-17 13:15 . 2009-08-17 13:15 20452 ----a-w- c:\documents and settings\fk\.thumbnails\normal\9b6a7d827b9383ae1026efff7ad5da37.png
2009-08-16 17:26 . 2009-08-16 17:26 20642 ----a-w- c:\documents and settings\fk\.thumbnails\normal\d6ac030e2bd710985b1e0e2acc298faf.png
2009-08-16 17:23 . 2009-08-16 17:23 24402 ----a-w- c:\documents and settings\fk\.thumbnails\normal\8977b894cde277bedf611dd06c155d75.png


((((((((((((((((((((((((((((( SnapShot@2009-09-13_18.20.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 09:52 . 2009-09-14 09:52 16384 c:\windows\temp\Perflib_Perfdata_268.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-13 3055616]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-13 2173440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\fk\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-8-28 625952]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Dx9.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Dx10.exe"=
"e:\\games\\Assasin Creed\\AssassinsCreed_Launcher.exe"=
"e:\\games\\NHL 2009\\nhl2009.exe"=
"c:\\Program Files\\Miranda IM KP v4.2\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\games\\HAWX\\HAWX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.3.2009 14:49 142592]
S2 gupdate1c9f66d9f64aa54;Služba Google Update (gupdate1c9f66d9f64aa54);c:\program files\Google\Update\GoogleUpdate.exe [26.6.2009 16:37 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 14:37]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 14:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 11:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e

[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:59,be,7b,6e,fd,34,5a,6d,dc,9d,a4,a4,46,aa,83,4e,11,85,19,49,33,
06,e7,64,31,88,dd,66,1b,ca,86,a0,9f,93,44,22,a2,ef,c6,a9,c0,13,37,6a,cb,9e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(3372)
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-14 12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-14 10:10
ComboFix2.txt 2009-09-13 18:21

Pre-Run: 26 542 133 248 bytes free
Post-Run: 11 adresárov, 26 383 609 856 voľných bajtov

238 --- E O F --- 2008-04-10 11:34

[mates13494]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:41, on 14.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate1c9f66d9f64aa54) (gupdate1c9f66d9f64aa54) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6267 bytes



zda sa mi ze PC precuje rychlejsie a inac neviem

[Damned]

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.