kontrola logu prosím

[jaro3]

Tak by to mělo být pryč, ještě pošli nový log z HJT.

[Reklama]

[mafian]

ale neni a i ta složka existuje a ma 1.3mb


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:03, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Program Files\SaveSnap\SaveSnap.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Nastavení myši Labtec.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6693 bytes

[jaro3]

Toto patří k MWAVU: C:\WINDOWS\system32\systems.txt-tedy pokud je to složka...
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[mafian]

jenže já se do nouzovýho režimu nedostanu naběhne jen TestDisk 1234 F.nic jinýho.

[jaro3]

Vypni rez. ochranu u Avastu a štít u ST.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[mafian]

ComboFix 08-11-26.03 - User 2008-11-26 20:12:27.1 - [color=red][b]FAT32[/b][/color]x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.373 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
* Vytvořen nový Bod Obnovení

[COLOR=RED][B]VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
---- Previous Run -------
.
c:\documents and settings\All Users\Data aplikací\1pdfdec.dll
c:\windows\regedit.com
c:\windows\rs.txt
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\nm
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-26 09:55 . 2008-11-26 09:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 09:20 . 2008-11-26 09:19 121,064 --a------ C:\[u]0[/u]001.tif
2008-11-26 09:20 . 2008-11-26 09:20 21,630 --ah----- C:\packet.ico
2008-11-26 09:20 . 2008-11-26 09:18 1,482 --a------ C:\scanman.ini
2008-11-26 09:20 . 2008-11-26 09:20 367 --ah----- C:\FRBatch.opt
2008-11-26 09:20 . 2008-11-26 09:18 173 --ah----- C:\textlang.dat
2008-11-26 09:20 . 2008-11-26 09:20 139 --ah----- C:\_FRBatch.pac
2008-11-26 09:20 . 2008-11-26 09:20 115 --ah----- C:\desktop.ini
2008-11-26 09:20 . 2008-11-26 09:20 110 --a------ C:\[u]0[/u]001.frf
2008-11-25 17:31 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-25 12:55 . 2008-11-25 12:55 <DIR> d-------- c:\documents and settings\User\Data aplikací\Malwarebytes
2008-11-25 12:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 12:54 . 2008-11-25 12:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 12:54 . 2008-11-25 12:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-25 12:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 19:28 . 2008-11-23 19:28 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 10:44 . 2008-11-21 10:45 4,884,337 --a------ c:\windows\REGBK29.ZIP
2008-11-16 21:26 . 2008-11-16 21:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2008-11-16 21:26 . 2008-02-03 20:46 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-11-16 21:26 . 2008-11-16 21:26 28,672 --a------ c:\windows\system32\eEmpty.exe
2008-11-16 21:26 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2008-11-14 21:17 . 2008-11-14 21:17 2,440 --a------ C:\Nový objekt - Textový dokument OpenDocument.odt
2008-11-13 16:55 . 2008-11-13 16:57 4,889,358 --a------ c:\windows\REGBK28.ZIP
2008-11-10 19:29 . 1,442,965,504 C:\Harold & Kumar Escape from Guantanamo Bay.avi
2008-11-02 20:13 . 2008-11-02 20:13 <DIR> d-------- c:\program files\John Deere American Farmer Deluxe
2008-11-02 19:05 . 2008-11-02 19:05 <DIR> d-------- c:\program files\John Deere North American Farmer
2008-11-02 11:05 . 2008-11-02 11:05 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-02 11:02 . 2008-11-02 11:02 <DIR> d-------- c:\documents and settings\User\Data aplikací\DAEMON Tools
2008-11-02 11:02 . 2008-11-02 11:02 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-26 20:57 . 2008-10-26 20:57 <DIR> dr-h----- c:\documents and settings\User\Data aplikací\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 19:25 4,881,635 ----a-w c:\windows\REGBK27.ZIP
2008-10-07 08:37 --------- d-----w c:\program files\SaveSnap
2008-10-07 08:21 --------- d-----w c:\program files\ScreenShots
2008-10-06 18:49 --------- d-----w c:\program files\Exportizer
2008-08-29 20:56 4,868,624 ----a-w c:\windows\REGBK26.ZIP
2007-07-20 18:07 0 ----a-w c:\program files\uziv.dat
2007-05-11 19:36 1,024 ----a-w c:\documents and settings\All Users\Data aplikací\sowdp88.dat
2007-04-26 16:06 201 ----a-w c:\program files\config.ini
2005-02-05 08:38 1,024,000 ----a-w c:\program files\Milan's GUI 4.exe
2005-02-03 15:45 3,505 ----a-w c:\program files\release notes.txt
2004-06-30 12:20 160,768 ----a-w c:\program files\fmod.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2007-04-01 11:33 80 --sh--r c:\windows\system32\4E03E8BDEE.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-25 1783808]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2007-12-10 1103752]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\Mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SaveSnap.lnk - c:\program files\SaveSnap\SaveSnap.exe [2008-10-07 1264128]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Nastavenˇ myçi Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2008-01-20 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^OpenOffice.org 1.1.3.lnk]
backup=c:\windows\pss\OpenOffice.org 1.1.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Community Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OptimAccess Dial

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-17 13:49 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-07 12:55 1871872 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 16:50 4620288 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-10-29 16:50 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-11-30 02:04 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 02:50 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-10-29 16:50 921600 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\soundtrack\\utorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:TCP_3050

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2008-01-20 9088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2007-06-20 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s []
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s []
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys [2006-01-29 26880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2671b06c-5a81-11d9-a481-806d6172696f}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler start.html

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\58b4blep.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atlas.cz/?from=icqhp
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 20:20:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-26 20:23:53
ComboFix-quarantined-files.txt 2008-11-26 19:23:48

Před spuštěním: 2 599 419 904
Po spuštění: 4,082,466,816

206 --- E O F --- 2008-09-14 18:39:08
moc děkuji za rady

[jaro3]

Toto otestuj na Virustotal
c:\windows\REGBK29.ZIP
c:\windows\REGBK28.ZIP
c:\windows\REGBK27.ZIP
c:\windows\REGBK26.ZIP
c:\documents and settings\All Users\Data aplikací\sowdp88.dat
c:\windows\system32\4E03E8BDEE.dll

Vlož sem pak výsledky.

[mafian]

Tak všechny tyto soubory byly v pořádku.Tudíž MbAM má asi vidiny nebo já nevim proč mi to furt něco nalezne,

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\desktop.ini
c:\windows\MOTA113.exe
c:\windows\system32\Smab.dll

Folder::
C:\SDFix


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[mafian]

ComboFix 08-11-26.03 - User 2008-11-27 13:52:35.2 - [color=red][b]FAT32[/b][/color]x86

Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt

[COLOR=RED][B]VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !![/B][/COLOR]

FILE ::
C:\desktop.ini
c:\windows\MOTA113.exe
c:\windows\system32\Smab.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\MOTA113.exe
c:\windows\system32\Smab.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-27 do 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-26 09:55 . 2008-11-26 09:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-26 09:20 . 2008-11-26 09:19 121,064 --a------ C:\[u]0[/u]001.tif
2008-11-26 09:20 . 2008-11-26 09:20 21,630 --ah----- C:\packet.ico
2008-11-26 09:20 . 2008-11-26 09:18 1,482 --a------ C:\scanman.ini
2008-11-26 09:20 . 2008-11-26 09:20 367 --ah----- C:\FRBatch.opt
2008-11-26 09:20 . 2008-11-26 09:18 173 --ah----- C:\textlang.dat
2008-11-26 09:20 . 2008-11-26 09:20 139 --ah----- C:\_FRBatch.pac
2008-11-26 09:20 . 2008-11-26 09:20 110 --a------ C:\[u]0[/u]001.frf
2008-11-25 12:55 . 2008-11-25 12:55 <DIR> d-------- c:\documents and settings\User\Data aplikací\Malwarebytes
2008-11-25 12:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 12:54 . 2008-11-25 12:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 12:54 . 2008-11-25 12:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-25 12:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 19:28 . 2008-11-23 19:28 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 10:44 . 2008-11-21 10:45 4,884,337 --a------ c:\windows\REGBK29.ZIP
2008-11-16 21:26 . 2008-11-16 21:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2008-11-16 21:26 . 2008-02-03 20:46 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-11-16 21:26 . 2008-11-16 21:26 28,672 --a------ c:\windows\system32\eEmpty.exe
2008-11-16 21:26 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2008-11-14 21:17 . 2008-11-14 21:17 2,440 --a------ C:\Nový objekt - Textový dokument OpenDocument.odt
2008-11-13 16:55 . 2008-11-13 16:57 4,889,358 --a------ c:\windows\REGBK28.ZIP
2008-11-10 19:29 . 1,442,965,504 C:\Harold & Kumar Escape from Guantanamo Bay.avi
2008-11-02 20:13 . 2008-11-02 20:13 <DIR> d-------- c:\program files\John Deere American Farmer Deluxe
2008-11-02 19:05 . 2008-11-02 19:05 <DIR> d-------- c:\program files\John Deere North American Farmer
2008-11-02 11:05 . 2008-11-02 11:05 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-02 11:02 . 2008-11-02 11:02 <DIR> d-------- c:\documents and settings\User\Data aplikací\DAEMON Tools
2008-11-02 11:02 . 2008-11-02 11:02 717,296 --a------ c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 19:57 --------- d--h--r c:\documents and settings\User\Data aplikací\SecuROM
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 19:25 4,881,635 ----a-w c:\windows\REGBK27.ZIP
2008-10-07 08:37 --------- d-----w c:\program files\SaveSnap
2008-10-07 08:21 --------- d-----w c:\program files\ScreenShots
2008-10-06 18:49 --------- d-----w c:\program files\Exportizer
2008-08-29 20:56 4,868,624 ----a-w c:\windows\REGBK26.ZIP
2007-07-20 18:07 0 ----a-w c:\program files\uziv.dat
2007-05-11 19:36 1,024 ----a-w c:\documents and settings\All Users\Data aplikací\sowdp88.dat
2007-04-26 16:06 201 ----a-w c:\program files\config.ini
2005-02-05 08:38 1,024,000 ----a-w c:\program files\Milan's GUI 4.exe
2005-02-03 15:45 3,505 ----a-w c:\program files\release notes.txt
2004-06-30 12:20 160,768 ----a-w c:\program files\fmod.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2007-04-01 11:33 80 --sh--r c:\windows\system32\4E03E8BDEE.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_20.21.43,46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-27 08:08:56 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-25 1783808]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2007-12-10 1103752]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\Mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SaveSnap.lnk - c:\program files\SaveSnap\SaveSnap.exe [2008-10-07 1264128]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Nastavenˇ myçi Labtec.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2008-01-20 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^OpenOffice.org 1.1.3.lnk]
backup=c:\windows\pss\OpenOffice.org 1.1.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-17 13:49 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-07 12:55 1871872 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 16:50 4620288 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-10-29 16:50 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-11-30 02:04 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 02:50 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-10-29 16:50 921600 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\soundtrack\\utorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:TCP_3050

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 14:02:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-27 14:05:40
ComboFix-quarantined-files.txt 2008-11-27 13:05:34
ComboFix2.txt 2008-11-26 19:24:00

Před spuštěním: 4 125 884 416
Po spuštění: 4,108,681,216

275 --- E O F --- 2008-09-14 18:39:08






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:40, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SaveSnap\SaveSnap.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-2052111302-115176313-682003330-1003\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-2052111302-115176313-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-115176313-682003330-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2052111302-115176313-682003330-1003 Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe (User '?')
O4 - Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Nastavení myši Labtec.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7159 bytes

[jaro3]

Logy O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Napiš jak vypadá comp.

[mafian]

tak sem to udelal a MbAM pořád vidí ten soubor systems.txt jako vir kašlu na to ale dík za pomoc