Internet Explorer-samospouštění Vyřešeno

[Riky]

Zdravím všechny a žádám o radu či pomoc.

Vždy po spuštění pc se cca za 10 minut spustí automaticky Internet Explorer a začne načítat sám od sebe adresu: www.minigates.com. Po ukončení načítání naběhne stránka s informací, že taková adresa neexistuje a nabídne mi jiné (podobné) tvary této adresy, jinak nic zvláštího se neděje. Virus mi to nehlásí ani spyware ani adware či jiné potvory. Kdybyste někdo, prosím, věděl, jak tomu zamezit, dejte mi co nejdříve vědět.

Díky moc a zdravím.

Jo a výchozí prohlížeč mám Mozillu.

Riky

[Reklama]

[mmmartin]

Vybral jsi správnou sekci, jenom ten HiJackThis log jsi jaksi zapomněl připojit.

[Riky]

pro mmmartin:

Díky, ale jsem tu úplně nováčkem, co to je a jak se to dělá?

[fredik]

Návod na to jak udělat log z HJT a vložit ho sem najdeš zde

[Riky]

Díky za info, níže přikládám HiJackThis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:31, on 24.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Web Technologies\wcs.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aktualne.cz/?ms=ae
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aktualne.cz/?ms=ae
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Windows Internet Explorer: Aktuálně.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Documents and Settings\Owner\Plocha\fwupdate.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhty.exe] C:\WINDOWS\system32\kdhty.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dc98cac8] rundll32.exe "C:\WINDOWS\system32\fiijlmoj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKCU\..\Run: [AntivirusPCSuite] C:\Program Files\AntivirusPCSuite\pgs.exe /min
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKLM\..\Policies\Explorer\Run: [this] C:\Program Files\Web Technologies\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {085DC8B2-91F1-4225-901E-1ABD470E04EC} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {58B66E6C-6BD0-4A32-AB5A-FD5751A18264} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {5CD80C75-C66F-41FF-A7F1-DFB0D8AF6CF1} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {633A7A4C-2FDA-4E36-BE03-7AFBBDDA4810} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {77BBDCB5-A7E9-4471-AC89-A18B9AB1CBA9} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {921B279B-9AF4-40AB-957A-5E02963A9377} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Sportplus - {A0663626-BAD7-4D52-B0F1-8D1E9324791A} - http://sportplus.centrum.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {B2BBA780-9DC2-4301-9D34-B8427FEEBE87} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {E4800C77-B498-4FA1-B035-B9CFB6752E2C} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {FF3EA5F8-AE39-4999-9253-F4624D2E0120} - http://www.bleskove.cz (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6567629796
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: homeridae - {95dde900-8bf3-428c-b9be-8345c9d194f7} - C:\WINDOWS\system32\vzfhprk.dll (file missing)
O22 - SharedTaskScheduler: endopsychic - {92050ffb-b796-4146-ae27-7e5e1d93b8a8} - C:\WINDOWS\system32\veptlh.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 11328 bytes

[fredik]

Odinstaluj přes Přidat nebo odebrat programy pokud tam bude:
AntivirusPCSuite *** (kde místo * bude nějaká číselná verze)

Stáhni si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Riky]

Zdravím, přikládám obsah logu C:ComboFix.txt.
Ten AntivirusPCSuite jsem bohužel nenašel...


ComboFix 08-07-27.5 - Owner 2008-07-28 17:27:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.494 [GMT 2:00]
Running from: C:\Documents and Settings\Owner\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080719145658765.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080719155715250.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080721201008796.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080722165651484.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080722204439562.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080722205737156.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080722220640046.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080722221226046.log
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\LOG\20080723165638046.log
C:\Documents and Settings\Owner\Data aplikací\inst.exe
C:\Documents and Settings\Owner\ResErrors.log
C:\Program Files\Online Video Add-on
C:\Program Files\Online Video Add-on\ot.ico
C:\Program Files\Online Video Add-on\Thumbs.db
C:\Program Files\Online Video Add-on\ts.ico
C:\Program Files\Online Video Add-on\uninst.exe
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\wcu.exe
C:\WINDOWS\system32\bsnzafqa.bin
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\ddcDSmJc.dll
C:\WINDOWS\system32\gapxjimc.ini
C:\WINDOWS\system32\imlcnjbe.ini
C:\WINDOWS\system32\jomljiif.ini
C:\WINDOWS\system32\JQsCeMoq.ini
C:\WINDOWS\system32\JQsCeMoq.ini2
C:\WINDOWS\system32\kdhty.exe
C:\WINDOWS\system32\lraqowsm.ini
C:\WINDOWS\system32\opnlMDWq.dll
C:\WINDOWS\system32\qoMeCsQJ.dll
C:\WINDOWS\system32\tcdqscyu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR


((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-28 17:43 . 2008-07-28 17:43 294 ---hs---- C:\WINDOWS\system32\tcdqscyu.ini
2008-07-24 21:15 . 2008-07-24 21:15 94,848 --a------ C:\WINDOWS\system32\uycsqdct.dll
2008-07-24 20:47 . 2008-07-24 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:24 . 2008-07-23 18:35 <DIR> d-------- C:\Program Files\Microsoft AntiSpyware
2008-07-23 17:35 . 2008-07-23 17:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\ćablony
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d---s---- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:06 --------- d-----w C:\Program Files\ICQToolbar
2008-07-22 18:47 --------- d-----w C:\Program Files\ESET
2008-07-19 12:48 --------- d-----w C:\Program Files\Java
2008-07-12 15:29 94,208 ----a-w C:\WINDOWS\DUMP5ae1.tmp
2008-07-12 15:28 94,208 ----a-w C:\WINDOWS\DUMP6c75.tmp
2008-07-12 12:26 94,208 ----a-w C:\WINDOWS\DUMP5cd5.tmp
2008-07-12 12:26 94,208 ----a-w C:\WINDOWS\DUMP5c77.tmp
2008-07-12 12:23 94,208 ----a-w C:\WINDOWS\DUMP5c1a.tmp
2008-07-12 12:17 94,208 ----a-w C:\WINDOWS\DUMP5c69.tmp
2008-07-12 12:06 94,208 ----a-w C:\WINDOWS\DUMP70cb.tmp
2008-07-07 19:13 94,208 ----a-w C:\WINDOWS\DUMP5c68.tmp
2008-07-05 21:48 94,208 ----a-w C:\WINDOWS\DUMP5e1d.tmp
2008-07-05 21:47 94,208 ----a-w C:\WINDOWS\DUMP5dfe.tmp
2008-07-05 21:44 94,208 ----a-w C:\WINDOWS\DUMP7436.tmp
2008-07-01 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 19:58 360 ----a-w C:\drmHeader.bin
2008-06-18 15:40 --------- d-----w C:\Program Files\SlySoft
2008-06-18 15:23 --------- d-----w C:\Program Files\DVDFab Gold 3
2008-06-18 15:21 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-18 15:21 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-06-18 15:21 --------- d-----w C:\Program Files\DVDFab Platinum
2008-06-18 14:30 --------- d-----w C:\Program Files\FT DVD Clone 4.0
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-03 13:20 --------- d-----w C:\Program Files\Winamp
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 11:43 69632]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PowerBar"="C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 15:28 928448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-01-16 14:11 843776]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02 786521]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-11-02 08:55 1397760]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"dc98cac8"="C:\WINDOWS\system32\uycsqdct.dll" [2008-07-24 21:15 94848]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\VUGames\\ContentExpansion\\System\\Swat4X.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\VUGames\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1998-05-07 11:48]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1998-05-07 11:48]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1998-05-07 11:48]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 18:44]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
R3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 10:21]
R3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 10:21]
R3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 14:37]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 12:41]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 13:50]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AntivirusPCSuite - C:\Program Files\AntivirusPCSuite\pgs.exe
HKCU-Run-BPS Spyware Remover - C:\Program Files\BPS Remover\BPSRem.exe
HKLM-Run-C:\WINDOWS\system32\kdhty.exe - C:\WINDOWS\system32\kdhty.exe
HKLM-Run-LGODDFU - C:\Documents and Settings\Owner\Plocha\fwupdate.exe
HKLM-Explorer_Run-this - C:\Program Files\Web Technologies\wcs.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.atlas.cz/?from=icqhp
R0 -: HKLM-Main,Start Page = hxxp://www.aktualne.cz/?ms=ae
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2008-07-28 17:46:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 15:46:45

Pre-Run: Volných bajtů: 105,305,366,528
Post-Run: Volněch bajt…: 105,328,381,952

208 --- E O F --- 2008-06-23 15:20:41

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\tcdqscyu.ini
C:\WINDOWS\system32\uycsqdct.dll
C:\WINDOWS\DUMP5ae1.tmp
C:\WINDOWS\DUMP6c75.tmp
C:\WINDOWS\DUMP5cd5.tmp
C:\WINDOWS\DUMP5c77.tmp
C:\WINDOWS\DUMP5c1a.tmp
C:\WINDOWS\DUMP5c69.tmp
C:\WINDOWS\DUMP70cb.tmp
C:\WINDOWS\DUMP5c68.tmp
C:\WINDOWS\DUMP5e1d.tmp
C:\WINDOWS\DUMP5dfe.tmp
C:\WINDOWS\DUMP7436.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dc98cac8"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.

[Riky]

Přikládám log z ComboFix a níže log z HJT...
Díky


ComboFix 08-07-27.5 - Owner 2008-07-28 22:12:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.554 [GMT 2:00]
Running from: C:\Documents and Settings\Owner\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\DUMP5ae1.tmp
C:\WINDOWS\DUMP5c1a.tmp
C:\WINDOWS\DUMP5c68.tmp
C:\WINDOWS\DUMP5c69.tmp
C:\WINDOWS\DUMP5c77.tmp
C:\WINDOWS\DUMP5cd5.tmp
C:\WINDOWS\DUMP5dfe.tmp
C:\WINDOWS\DUMP5e1d.tmp
C:\WINDOWS\DUMP6c75.tmp
C:\WINDOWS\DUMP70cb.tmp
C:\WINDOWS\DUMP7436.tmp
C:\WINDOWS\system32\tcdqscyu.ini
C:\WINDOWS\system32\uycsqdct.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\DUMP5ae1.tmp
C:\WINDOWS\DUMP5c1a.tmp
C:\WINDOWS\DUMP5c68.tmp
C:\WINDOWS\DUMP5c69.tmp
C:\WINDOWS\DUMP5c77.tmp
C:\WINDOWS\DUMP5cd5.tmp
C:\WINDOWS\DUMP5dfe.tmp
C:\WINDOWS\DUMP5e1d.tmp
C:\WINDOWS\DUMP6c75.tmp
C:\WINDOWS\DUMP70cb.tmp
C:\WINDOWS\DUMP7436.tmp
C:\WINDOWS\system32\tcdqscyu.ini
C:\WINDOWS\system32\uycsqdct.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-24 20:47 . 2008-07-24 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:24 . 2008-07-23 18:35 <DIR> d-------- C:\Program Files\Microsoft AntiSpyware
2008-07-23 17:35 . 2008-07-23 17:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\ćablony
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-07-05 23:50 . 2008-07-12 17:49 <DIR> d---s---- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:06 --------- d-----w C:\Program Files\ICQToolbar
2008-07-22 18:47 --------- d-----w C:\Program Files\ESET
2008-07-19 12:48 --------- d-----w C:\Program Files\Java
2008-07-01 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 19:58 360 ----a-w C:\drmHeader.bin
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 15:40 --------- d-----w C:\Program Files\SlySoft
2008-06-18 15:23 --------- d-----w C:\Program Files\DVDFab Gold 3
2008-06-18 15:21 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-18 15:21 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-06-18 15:21 --------- d-----w C:\Program Files\DVDFab Platinum
2008-06-18 14:30 --------- d-----w C:\Program Files\FT DVD Clone 4.0
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-03 13:20 --------- d-----w C:\Program Files\Winamp
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-28_17.46.34.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:38:19 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:16 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-03-02 12:00:00 247,296 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:42:16 247,296 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:38:19 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:16 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2006-03-02 12:00:00 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:42:16 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2007-11-30 11:18:25 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:09 18,296 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 11:43 69632]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PowerBar"="C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe" [2007-02-21 15:28 928448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37 110592]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-01-16 14:11 843776]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02 786521]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-11-02 08:55 1397760]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\VUGames\\ContentExpansion\\System\\Swat4X.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\VUGames\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1998-05-07 11:48]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1998-05-07 11:48]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1998-05-07 11:48]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 18:44]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13]
R3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 10:21]
R3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 10:21]
R3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 14:37]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 12:41]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 13:50]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdhty.exe - C:\WINDOWS\system32\kdhty.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 22:16:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-07-28 22:19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 20:19:24
ComboFix2.txt 2008-07-28 15:46:50

Pre-Run: Volných bajtů: 105,565,126,656
Post-Run: Volněch bajt…: 105,552,924,672

196 --- E O F --- 2008-07-28 16:00:54

--------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:13, on 28.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aktualne.cz/?ms=ae
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhty.exe] C:\WINDOWS\system32\kdhty.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Documents and Settings\Owner\Plocha\Od Michala\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {085DC8B2-91F1-4225-901E-1ABD470E04EC} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {58B66E6C-6BD0-4A32-AB5A-FD5751A18264} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {5CD80C75-C66F-41FF-A7F1-DFB0D8AF6CF1} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {633A7A4C-2FDA-4E36-BE03-7AFBBDDA4810} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {77BBDCB5-A7E9-4471-AC89-A18B9AB1CBA9} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {921B279B-9AF4-40AB-957A-5E02963A9377} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Sportplus - {A0663626-BAD7-4D52-B0F1-8D1E9324791A} - http://sportplus.centrum.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {B2BBA780-9DC2-4301-9D34-B8427FEEBE87} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {E4800C77-B498-4FA1-B035-B9CFB6752E2C} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {FF3EA5F8-AE39-4999-9253-F4624D2E0120} - http://www.bleskove.cz (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6567629796
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 10408 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhty.exe] C:\WINDOWS\system32\kdhty.exe
po zaškrtnutí klikni na tlačítko Fix Checked

Případně můžeš ještě fixnout položky které nejsou potřeba aby se spouštěly při startu Win:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background => pokud nepoužíváš Messenger, můžeš fixnou jeho položku v HJT nebo případně ho můžeš rovnou odebrat

Máš ještě nějaké problémy?

[Riky]

To:fredik

což problémů by bylo, že? A kdo nemá
...
díky moc za odstranění a vyřešení problémů s PC a viry, snad už tam nic není (ty spyware jsou opravdu mrchy!). Vše funguje tak, jak má, dokonce se mi PC zrychlil, jako byl rychlý dříve (až jsem "čuměl"). Ty 3 poslední jsem nefixnul, ne že by to byla nedůvěra, ba naopak, ale kupoval jsem si nového noťase i s orig. instalačkami a v prodejně mi je sami nainstalovali, mám je tam od samého začátku. Kdyby mi nějak zaplňovaly RAM, tak je můžu snadno ukončit přes Správce úloh. Přesto vážně moc děkuju za ochotu.

Jen jeden dotaz: co bylo to: O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhty.exe] C:\WINDOWS\system32\kdhty.exe ?

Měj se.
Riky

[fredik]

Určitě, jak říkáš

Má to souvislost s tím co jsi tam měl, ale k čemu přesně to patřilo ti neřeknu.

Nemáš za co , kdyby byl nějaký problém tak dej vědět.