kontrola logu

[megi]

//log odstraněn z code, špatně se to čte
fredik

Logfile of HijackThis v1.99.1
Scan saved at 20:19:14, on 12.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\TuneUp Utilities 2008\DiskExplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Documents and Settings\Flexio\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 141.100.108.236:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


je to kuli problemu s zarenim textu u ikon,viz. http://pc-help.cz/viewtopic.php?f=46&t=29138&st=0&sk=t&sd=a&start=12

[Reklama]

[megi]

nic?

[fredik]

Měl jsi tam něco, ale podle logu to vypadá dobře.

Momentálně tam máš dva firewally tak bych ti doporučil odinstalovat přes Přidat nebo odebrat programy:
Network Access Manager

V HJT fixni tyto položky:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

Můžeš poslat pro jistotu log z ComboFix jestli tam ještě něco nezůstalo, ale bylo by dobré před spuštěním CF pozastavit rez. ochranu u Noda (ESS)
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Poznámka:
Používáš starší verzi HijackThis, pokud by jsi někdy v budoucnu dávala další log na kontrolu, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž.

[megi]

v te rychlosti sem nevyp ten ESS snad to neva..uz sem mimo strasne me ty ikony stvou..


combofix:

ComboFix 08-07-12.2 - Flexio 2008-07-13 11:42:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.424 [GMT 2:00]
Running from: C:\Documents and Settings\Flexio\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 11:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-13 11:38 . 2008-07-13 11:39 <DIR> d-------- C:\Program Files\Java
2008-07-13 11:38 . 2008-07-13 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 23:29 . 2008-07-12 23:29 249,856 --------- C:\WINDOWS\Setup1.exe
2008-07-12 23:29 . 2008-07-12 23:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-12 19:02 . 2008-07-12 19:02 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\TuneUp Software
2008-07-12 18:39 . 1996-12-09 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-07-12 18:37 . 2008-07-12 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-07-12 15:14 . 2005-07-05 17:38 292,197 --a------ C:\WINDOWS\InvaderDark1280.jpg
2008-07-12 15:13 . 2004-07-10 19:37 479,385 --a------ C:\WINDOWS\ALX_1600x1200.jpg
2008-07-12 15:12 . 2004-07-10 19:37 325,841 --a------ C:\WINDOWS\AW_1600x1200.jpg
2008-07-12 15:11 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-07-12 15:00 . 2006-08-18 13:45 68,673 --a------ C:\WINDOWS\AW_XenoMorph1280.jpg
2008-07-12 14:59 . 2008-07-12 14:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-12 14:59 . 2008-07-12 15:14 <DIR> d-------- C:\Program Files\AlienGUIse
2008-07-12 14:59 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-07-12 14:59 . 2008-07-12 14:59 56 --a------ C:\WINDOWS\wb.ini
2008-07-11 15:00 . 2008-07-11 15:02 <DIR> d-------- C:\masm32
2008-07-11 14:40 . 2008-07-11 14:43 <DIR> d-------- C:\hla
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:34 . 2008-07-11 14:35 <DIR> d-------- C:\Program Files\Programmer's Notepad
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:16 . 2008-07-11 14:16 0 --a------ C:\TP0E45BA.$$$
2008-07-07 20:14 . 2008-07-07 20:16 <DIR> d-------- C:\Program Files\QIP
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-02 18:20 . 2008-07-02 18:20 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-07-02 18:20 . 2008-07-02 18:54 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\ICQ
2008-07-02 18:20 . 2008-07-02 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-07-02 18:19 . 2008-07-02 18:22 <DIR> d-------- C:\Program Files\ICQ6
2008-06-24 20:47 . 2008-06-24 20:47 <DIR> d-------- C:\Program Files\DivX
2008-06-24 18:54 . 2008-06-24 18:54 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-06-24 15:48 . 2008-06-24 15:48 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-18 18:20 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-18 18:13 . 2008-06-23 07:41 <DIR> d-------- C:\Program Files\Quake III Arena
2008-06-18 18:13 . 2008-06-18 18:15 871 --a------ C:\WINDOWS\QIII.INI
2008-06-18 11:48 . 2008-06-18 11:48 <DIR> d-------- C:\Program Files\Native Instruments
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-06-17 22:15 . 2008-06-17 22:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 22:15 . 2008-06-17 22:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-15 11:55 . 2008-06-15 12:03 <DIR> d-------- C:\Program Files\Octoshape Streaming Services

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 13:43 --------- d-----w C:\Program Files\Trillian
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-07 18:16 --------- d-----w C:\Program Files\QIP Infium
2008-07-02 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:31 --------- d-----w C:\Program Files\ParadisePoker
2008-06-28 20:12 --------- d-----w C:\Program Files\World of Warcraft
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-17 20:21 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-17 20:20 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SystemKey
2008-05-23 15:20 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\SQLyog
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-17 12:44 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-08 15:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-03 11:04 159,869 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2007-12-14 21:40 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-10-29 16:59 87,608 ----a-w C:\Documents and Settings\Simona\Data aplikací\ezpinst.exe
2007-10-29 16:59 47,360 ----a-w C:\Documents and Settings\Simona\Data aplikací\pcouffin.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

Kód: Vybrat vše

<pre>
----a-w            15,360 2008-01-12 18:12:12  C:\WINDOWS\system32\ctfmon .exe
----a-w            15,360 2008-01-12 18:12:12  C:\WINDOWS\system32\Kopie - ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-12 12:32 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 14:48 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-12 12:32 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TV Card Remote Control Device Monitor"=C:\WINDOWS\3xHybridRMT.exe
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"LexPPS.exe"=C:\WINDOWS\system32\lexpps.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-07 16:47]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2007-03-05 12:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 14:00]
R3 C21ndis;Com21 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\C21ndis.sys [2002-04-19 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S3 3xHybrid;SAA7135 TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-05-20 22:00]
S3 qfvnue;qfvnue;C:\Documents and Settings\Flexio\Plocha\glider\qfvnue.sys []
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 10:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 10:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 10:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 10:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 10:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 10:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 10:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-13 16:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 15:22:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 11:49:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
Completion time: 2008-07-13 11:52:40
ComboFix-quarantined-files.txt 2008-07-13 09:52:24

Adresářů: 19, Volných bajtů: 88,563,040,256
Adresářů: 23, Volných bajtů: 89,011,154,944

224 --- E O F --- 2008-04-18 11:37:45



novy hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:46, on 13.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Flexio\Plocha\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 141.100.108.236:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Flexio/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/Flexio/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 7972 bytes


to network acces manager mi odinstalovat neslo,neni to ani v pridat a odebrat programy ani v uninstal manageru v tune up utilites.

[fredik]

Ten glider používáš? (máš ho na ploše)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

RenV::
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\Kopie - ctfmon .exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Spusť znovu HijackThis
Klikni na tlačítko: Open the Mics Tools section (případně tlačítko Config... pokud jsi v okně kde se zobrazuje log z HJT)
Na hoře klikni na položku: Misc Tools pokud už nebudu vybraná
pak klikni pod položkou System tools na tlačítko: Open Uninstall Manager...
tam klikni na tlačítko: Save list...
ulož si daný log a jeho výsledek sem zkopíruj

[megi]

ComboFix 08-07-12.2 - Flexio 2008-07-13 14:40:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.429 [GMT 2:00]
Running from: C:\Documents and Settings\Flexio\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Flexio\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 11:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-13 11:38 . 2008-07-13 11:39 <DIR> d-------- C:\Program Files\Java
2008-07-13 11:38 . 2008-07-13 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 23:29 . 2008-07-12 23:29 249,856 --------- C:\WINDOWS\Setup1.exe
2008-07-12 23:29 . 2008-07-12 23:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-12 19:02 . 2008-07-12 19:02 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\TuneUp Software
2008-07-12 18:39 . 1996-12-09 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-07-12 18:37 . 2008-07-12 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-07-12 15:14 . 2005-07-05 17:38 292,197 --a------ C:\WINDOWS\InvaderDark1280.jpg
2008-07-12 15:13 . 2004-07-10 19:37 479,385 --a------ C:\WINDOWS\ALX_1600x1200.jpg
2008-07-12 15:12 . 2004-07-10 19:37 325,841 --a------ C:\WINDOWS\AW_1600x1200.jpg
2008-07-12 15:11 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-07-12 15:00 . 2006-08-18 13:45 68,673 --a------ C:\WINDOWS\AW_XenoMorph1280.jpg
2008-07-12 14:59 . 2008-07-12 14:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-12 14:59 . 2008-07-12 15:14 <DIR> d-------- C:\Program Files\AlienGUIse
2008-07-12 14:59 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-07-12 14:59 . 2008-07-12 14:59 56 --a------ C:\WINDOWS\wb.ini
2008-07-11 15:00 . 2008-07-11 15:02 <DIR> d-------- C:\masm32
2008-07-11 14:40 . 2008-07-11 14:43 <DIR> d-------- C:\hla
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\Echo Software
2008-07-11 14:34 . 2008-07-11 14:35 <DIR> d-------- C:\Program Files\Programmer's Notepad
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:26 . 2008-07-11 14:27 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\PE Explorer
2008-07-11 14:16 . 2008-07-11 14:16 0 --a------ C:\TP0E45BA.$$$
2008-07-07 20:14 . 2008-07-07 20:16 <DIR> d-------- C:\Program Files\QIP
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-06 20:20 . 2008-07-11 18:09 <DIR> d-------- C:\Documents and Settings\Flexio\Data aplikací\ICQ
2008-07-02 18:20 . 2008-07-02 18:20 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-07-02 18:20 . 2008-07-02 18:54 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\ICQ
2008-07-02 18:20 . 2008-07-02 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-07-02 18:19 . 2008-07-02 18:22 <DIR> d-------- C:\Program Files\ICQ6
2008-06-24 20:47 . 2008-06-24 20:47 <DIR> d-------- C:\Program Files\DivX
2008-06-24 18:54 . 2008-06-24 18:54 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-06-24 15:48 . 2008-06-24 15:48 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-18 18:20 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-18 18:13 . 2008-06-23 07:41 <DIR> d-------- C:\Program Files\Quake III Arena
2008-06-18 18:13 . 2008-06-18 18:15 871 --a------ C:\WINDOWS\QIII.INI
2008-06-18 11:48 . 2008-06-18 11:48 <DIR> d-------- C:\Program Files\Native Instruments
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-06-17 22:15 . 2008-06-17 22:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 22:15 . 2008-06-17 22:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-15 11:55 . 2008-06-15 12:03 <DIR> d-------- C:\Program Files\Octoshape Streaming Services

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-11 00:16 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\Skype
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 19:54 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\skypePM
2008-07-10 13:43 --------- d-----w C:\Program Files\Trillian
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-09 13:12 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\uTorrent
2008-07-07 18:16 --------- d-----w C:\Program Files\QIP Infium
2008-07-02 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:31 --------- d-----w C:\Program Files\ParadisePoker
2008-06-28 20:12 --------- d-----w C:\Program Files\World of Warcraft
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-26 12:08 --------- d-----w C:\Documents and Settings\Flexio\Data aplikací\SQLyog
2008-06-17 20:21 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-17 20:20 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SystemKey
2008-05-23 15:20 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\SQLyog
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-17 12:44 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-08 15:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-03 11:04 159,869 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2007-12-14 21:40 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-10-29 16:59 87,608 ----a-w C:\Documents and Settings\Simona\Data aplikací\ezpinst.exe
2007-10-29 16:59 47,360 ----a-w C:\Documents and Settings\Simona\Data aplikací\pcouffin.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_11.52.09.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 10:32:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2008-01-12 10:32:57 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\Kopie - ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-12 20:12 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 14:48 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-12 20:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TV Card Remote Control Device Monitor"=C:\WINDOWS\3xHybridRMT.exe
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"LexPPS.exe"=C:\WINDOWS\system32\lexpps.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-07 16:47]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2007-03-05 12:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 14:00]
R3 C21ndis;Com21 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\C21ndis.sys [2002-04-19 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S3 3xHybrid;SAA7135 TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-05-20 22:00]
S3 qfvnue;qfvnue;C:\Documents and Settings\Flexio\Plocha\glider\qfvnue.sys []
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 10:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 10:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 10:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 10:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 10:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 10:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 10:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-13 16:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 15:22:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 14:44:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
Completion time: 2008-07-13 14:56:56
ComboFix-quarantined-files.txt 2008-07-13 12:56:52
ComboFix2.txt 2008-07-13 09:52:43

Adresářů: 19, Volných bajtů: 88,952,266,752
Adresářů: 23, Volných bajtů: 89,107,853,312

226 --- E O F --- 2008-04-18 11:37:45








µTorrent
3DMark05
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Acala 3GP Movies Free 2.4.4
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
AGEIA PhysX v7.09.13
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB942615)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB944533)
Aktualizace zabezpečení systému Windows XP (KB941693)
Aktualizace zabezpečení systému Windows XP (KB943055)
Aktualizace zabezpečení systému Windows XP (KB945553)
Aktualizace zabezpečení systému Windows XP (KB946026)
Aktualizace zabezpečení systému Windows XP (KB948590)
Aktualizace zabezpečení systému Windows XP (KB948881)
AlienGUIse Theme Manager
Apple Software Update
ArcSoft TotalMedia
ArcSoft TotalMedia 3
Archlord
Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Balíček ovladače systému Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Balíček ovladače systému Windows - Nokia Modem (02/15/2007 3.1)
Balíček ovladače systému Windows - Nokia Modem (02/15/2007 3.1)
Balíček ovladače systému Windows - Nokia Modem (05/24/2007 6.84.0.1)
Balíček zprostředkovatele služby Microsoft Base Smart Card Cryptographic Service
Bluesoleil2.6.0.8 Release 070517
BlueVoda Website Builder 9.1G
BPM-Studio 4 Profi
BSPlayer
ConnectionServices
ConvertXtoDVD 2.1.14.223
Crimson Editor (remove only)
CUE Splitter
Disc2Phone
DivX Web Player
ESET Smart Security
EVEREST Ultimate Edition v4.20
FaxTools
FIFA 08
FL Studio 7
HijackThis 2.0.2
hla v1.98
ICQ6
Java(TM) 6 Update 7
Lexmark 1200 Series
LimeWire 4.14.10
Marsu-Fix
McDonald's Dragons
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - CSY
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio .NET Professional 2003 - English
Mozilla Firefox (3.0)
MSXML 4.0 SP2 (KB936181)
MySQL Server 6.0
Native Instruments Traktor DJ Studio 3
Nero 6 Ultra Edition
Nero Digital
Nero Mega Plugin Pack
neroxml
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Nvu 1.0
O&O Defrag Professional Edition
Opera 9.27
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
ParadisePoker
PC Connectivity Solution
PremiumSoft Navicat MySQL 7.2
Programmer's Notepad 2
Psi (remove only)
QIP Infium 1.0.9010 RC2
Qip Infium pack verze: 9010 RC2 s IRC protokolem
Quake III Arena
Quake III Arena Point Release 1.32
Realtek High Definition Audio Driver
RocketDock 1.3.5
ScreenShots (pouze odebrat) - nedelej to! :)
Skype™ 3.6
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Sound Forge 8.0b
Spybot - Search & Destroy
Spyware Terminator
SQLyog Enterprise Trial 6.54
Switch
TortoiseSVN 1.4.8.12137 (32 bit)
Total Commander (Remove or Repair)
Total Uninstall 4.25
Trillian
TuneUp Utilities 2008
Unreal Tournament 3
VCRedistSetup
VideoCAM Trek
Virtual DJ - Atomix Productions
Virtual DJ Home Edition - Atomix Productions
Warsow 0.42
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR
World of Warcraft
XAMPP 1.6.2


glider nepouzivam ani nevim co to je..a na plose fakt nic takoveho nemam

[megi]

nikdo nic? :(

[fredik]

Vytvoř si nový CFScript a použij ho stejným postupem jako ten předchozí ale s tím rozdílem že tam vlož tentokrát toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
qfvnue

Je tam, akorát má delší název:
NVIDIA ForceWare Network Access Manager

Vzhledem k tomu že jsi použil na ESS fix tak bych ti ho doporučil odinstalovat a minimálně přeinstalovat i ESS a nepoužít ho.

[megi]

ja vim,ten fix je na neomezenou trial verzi ...ale stejne to neresi muj problem,se sviticim textem u ikon

[megi]

ComboFix 08-07-12.2 - Flexio 2008-07-13 20:45:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.415 [GMT 2:00]
Running from: C:\Documents and Settings\Flexio\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Flexio\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QFVNUE
-------\Service_qfvnue


((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 11:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-13 11:38 . 2008-07-13 11:39 <DIR> d-------- C:\Program Files\Java
2008-07-13 11:38 . 2008-07-13 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-12 23:29 . 2008-07-12 23:29 249,856 --------- C:\WINDOWS\Setup1.exe
2008-07-12 23:29 . 2008-07-12 23:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-12 18:39 . 1996-12-09 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-07-12 15:14 . 2005-07-05 17:38 292,197 --a------ C:\WINDOWS\InvaderDark1280.jpg
2008-07-12 15:13 . 2004-07-10 19:37 479,385 --a------ C:\WINDOWS\ALX_1600x1200.jpg
2008-07-12 15:12 . 2004-07-10 19:37 325,841 --a------ C:\WINDOWS\AW_1600x1200.jpg
2008-07-12 15:11 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-07-12 15:00 . 2006-08-18 13:45 68,673 --a------ C:\WINDOWS\AW_XenoMorph1280.jpg
2008-07-12 14:59 . 2008-07-12 14:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-12 14:59 . 2008-07-12 15:14 <DIR> d-------- C:\Program Files\AlienGUIse
2008-07-12 14:59 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-07-12 14:59 . 2008-07-12 14:59 56 --a------ C:\WINDOWS\wb.ini
2008-07-11 15:00 . 2008-07-11 15:02 <DIR> d-------- C:\masm32
2008-07-11 14:40 . 2008-07-11 14:43 <DIR> d-------- C:\hla
2008-07-11 14:34 . 2008-07-11 14:35 <DIR> d-------- C:\Program Files\Programmer's Notepad
2008-07-11 14:16 . 2008-07-11 14:16 0 --a------ C:\TP0E45BA.$$$
2008-07-07 20:14 . 2008-07-07 20:16 <DIR> d-------- C:\Program Files\QIP
2008-07-02 18:20 . 2008-07-02 18:20 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-07-02 18:19 . 2008-07-02 18:22 <DIR> d-------- C:\Program Files\ICQ6
2008-06-24 20:47 . 2008-06-24 20:47 <DIR> d-------- C:\Program Files\DivX
2008-06-24 18:54 . 2008-06-24 18:54 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-06-24 15:48 . 2008-06-24 15:48 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-18 18:20 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-18 18:13 . 2008-06-23 07:41 <DIR> d-------- C:\Program Files\Quake III Arena
2008-06-18 18:13 . 2008-06-18 18:15 871 --a------ C:\WINDOWS\QIII.INI
2008-06-18 11:48 . 2008-06-18 11:48 <DIR> d-------- C:\Program Files\Native Instruments
2008-06-17 22:20 . 2008-06-17 22:21 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-17 22:15 . 2008-06-17 22:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 22:15 . 2008-06-17 22:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-15 11:55 . 2008-06-15 12:03 <DIR> d-------- C:\Program Files\Octoshape Streaming Services

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 15:50 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-13 15:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 13:43 --------- d-----w C:\Program Files\Trillian
2008-07-07 18:16 --------- d-----w C:\Program Files\QIP Infium
2008-06-28 21:31 --------- d-----w C:\Program Files\ParadisePoker
2008-06-28 20:12 --------- d-----w C:\Program Files\World of Warcraft
2008-06-17 20:21 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-17 20:20 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-17 12:44 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-08 15:08 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-03 11:04 159,869 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_11.52.09.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 09:37:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 18:52:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-01-12 10:32:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2008-01-12 10:32:57 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-12 18:12:12 15,360 ----a-w C:\WINDOWS\system32\Kopie - ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-12 20:12 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 14:48 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-13 17:49 2776576]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-12 20:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TV Card Remote Control Device Monitor"=C:\WINDOWS\3xHybridRMT.exe
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"LexPPS.exe"=C:\WINDOWS\system32\lexpps.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-07 16:47]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2007-03-05 12:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 14:00]
R3 C21ndis;Com21 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\C21ndis.sys [2002-04-19 12:01]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
S3 3xHybrid;SAA7135 TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-05-20 22:00]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 10:45]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 10:45]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 10:45]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 10:45]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 10:46]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 10:46]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 10:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-13 16:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 15:22:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 20:52:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
.
**************************************************************************
.
Completion time: 2008-07-13 21:12:04 - machine was rebooted [Flexio]
ComboFix-quarantined-files.txt 2008-07-13 19:11:00
ComboFix2.txt 2008-07-13 12:56:58
ComboFix3.txt 2008-07-13 09:52:43

Adresářů: 19, Volných bajtů: 88,821,346,304
Adres ý…: 23, Volněch bajt…: 88,843,890,688

225 --- E O F --- 2008-04-18 11:37:45


probehl automaticky restart...ale ikony furt sviti :(

[megi]

ten manager nelze odinstalovat..kliknu na odebrat a nic se nedeje

[megi]

uz je to teda OK?