no nevm co ted mam rict ale moc ti dekuju za tvoji trpelivost a hlavne za tvoji pomoc sem ti moc vdecny... plocha se vzpamatovala a jine problemy uz nevidim tady posilam ten log a jeste jednou moc diky
ComboFix 07-09-08 - "Libor Nov k" 2007-09-09 16:02:43.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.88 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\DaemonTools_WhenUSave_Installer
((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.
2007-09-09 15:44 299,520 --a------ C:\WINDOWS\uninst.exe
2007-09-09 14:15 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-07 18:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 16:56 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-07 16:56 2,088 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-07 16:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-07 16:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-07 16:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 20:01 <DIR> d-------- C:\Program Files\MASHED
2007-09-01 19:37 <DIR> d-------- C:\Program Files\Postal2
2007-09-01 13:03 <DIR> d-------- C:\Program Files\Mplayer
2007-08-31 17:31 302,592 --a------ C:\WINDOWS\unin040a.exe
2007-08-31 16:44 <DIR> d-------- C:\Program Files\WinAce
2007-08-28 09:17 <DIR> d-------- C:\download
2007-08-27 13:30 <DIR> d-------- C:\3gptemp
2007-08-27 13:28 <DIR> d-------- C:\Program Files\MIKSOFT
2007-08-27 13:22 <DIR> d-------- C:\Program Files\ImTOO
2007-08-24 10:54 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-08-24 10:54 <DIR> d-------- C:\OpenSSL
2007-08-22 18:31 <DIR> d-------- C:\Program Files\Google
2007-08-22 15:31 <DIR> d-------- C:\DOCUME~1\LIBORN~1\Incomplete
2007-08-21 18:16 <DIR> d-------- C:\Program Files\Akordy
2007-08-17 15:51 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-17 14:34 <DIR> d-------- C:\Program Files\Guitar Pro 4 Demo
2007-08-13 11:48 911,317 --a------ C:\WINDOWS\system32\Are You Man Enough.scr
2007-08-13 11:48 <DIR> d-------- C:\Program Files\Are You Man Enough
2007-08-12 18:16 <DIR> d-------- C:\DOCUME~1\LIBORN~1\avidemux
2007-08-12 17:53 <DIR> d-------- C:\Program Files\KC Softwares
2007-08-12 17:47 <DIR> d-------- C:\Program Files\Gabest
2007-08-12 13:03 1,396,544 --a------ C:\WINDOWS\FSX_Screensaver.scr
2007-08-12 13:03 <DIR> d-------- C:\Program Files\FSX_Screensaver
2007-08-11 14:59 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-11 14:59 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-11 14:59 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 14:09 937 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-07 18:40 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-07 18:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-07 16:40 --------- d-------- C:\Program Files\ICQToolbar
2007-09-01 17:46 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-09-01 17:46 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-09-01 17:46 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-09-01 17:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 15:54 --------- d-------- C:\Program Files\GamePark
2007-08-12 10:23 --------- d-------- C:\Program Files\Opera
2007-08-05 13:05 106496 --a------ C:\uninstall.exe
2007-07-27 22:05 --------- d-------- C:\Program Files\DVDVIDEOSOFT
2007-07-16 18:23 --------- d-------- C:\Program Files\Webteh
2007-07-13 22:00 --------- d-------- C:\Program Files\ICQLite
2007-07-13 21:46 --------- d-------- C:\Program Files\directx
2007-07-12 21:24 720896 --a------ C:\WINDOWS\iun6002ev.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-08_184606,74 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-05 09:43:25 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 3,837,952 2007-09-09 12:15:58 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 241,664 2007-09-09 12:15:58 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-05 09:43:25 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 3,837,952 2007-09-09 12:15:50 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
----a-w 241,664 2007-09-09 12:15:50 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 18:24 C:\WINDOWS\SOUNDMAN.EXE]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-03-10 15:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 14:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14]
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-09 16:05:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-09 16:06:57
C:\ComboFix-quarantined-files.txt ... 2007-09-09 16:06
C:\ComboFix2.txt ... 2007-09-08 18:52
C:\ComboFix3.txt ... 2007-09-08 18:46
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:37, on 9.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\TC PowerPack\totalcmd.exe
D:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A284454-9F8A-4E6D-8F74-35C19F40D845}: NameServer = 213.180.36.130,213.180.36.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A284454-9F8A-4E6D-8F74-35C19F40D845}: NameServer = 213.180.36.130,213.180.36.131
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 4555 bytes
