Hijack - prosím o kontrolu

[bledulka]

Neprovredlo se to, máš to tam pořád všechno.
Tíma dresářem to určitě není.
Dáme ještě jednou skript? Pokud ano, napiš, upravím ten původní.

[simonides2000]

ano dáme...

[bledulka]

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

KillAll::

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22467:TCP"=-
"5940:TCP"=-
"16388:TCP"=-

Driver::
XJfiyjxqe

Netsvc::
XJfiyjxqe

Collect::
c:\windows\system32\fdcebf2_z.dll

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]



 

-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[simonides2000]

ComboFix 10-08-05.06 - Milan 06.08.2010 16:57:56.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3582.3102 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\xyz.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\windows\system32\fdcebf2_z.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fdcebf2_z.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XJFIYJXQE
-------\Service_XJfiyjxqe


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-06 do 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 13:54 . 2010-08-06 14:01 -------- d-----w- C:\xyz23629x
2010-08-06 12:31 . 2010-08-06 12:33 -------- d-----w- C:\xyz
2010-08-06 12:31 . 2010-08-06 12:31 389632 ----a-w- c:\windows\system32\CF3337.exe
2010-08-06 10:29 . 2006-06-14 09:00 82944 -c----w- c:\windows\system32\dllcache\wdmaud.sys
2010-08-06 10:29 . 2006-06-14 08:47 6400 -c----w- c:\windows\system32\dllcache\splitter.sys
2010-08-06 10:29 . 2006-06-14 08:47 172416 -c----w- c:\windows\system32\dllcache\kmixer.sys
2010-08-06 10:28 . 2006-06-01 18:49 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll
2010-08-06 10:28 . 2006-06-01 18:49 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll
2010-08-06 09:46 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-06 09:28 . 2009-10-20 14:58 263552 -c----w- c:\windows\system32\dllcache\http.sys
2010-08-06 09:28 . 2009-11-27 16:40 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-08-06 09:28 . 2009-11-27 16:40 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-08-05 22:53 . 2003-10-02 10:48 53248 ----a-r- c:\windows\system32\P17CPI.dll
2010-08-05 22:53 . 2005-07-07 08:14 1389056 ----a-r- c:\windows\system32\drivers\P17.sys
2010-08-05 22:53 . 2005-06-13 05:03 137728 ----a-r- c:\windows\system32\P17res.dll
2010-08-05 22:53 . 2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll
2010-08-05 22:53 . 2005-06-27 10:37 133632 ----a-r- c:\windows\system32\CtDvInst.dll
2010-08-05 22:52 . 2010-08-05 22:52 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-05 22:49 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-08-05 22:49 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-05 22:48 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-05 22:48 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2010-08-05 22:47 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-05 22:47 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-05 22:47 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-05 22:47 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-05 22:45 . 2010-08-05 22:45 15600 ----a-w- c:\windows\gdrv.sys
2010-08-05 22:30 . 2010-08-06 10:42 -------- d--h--w- c:\windows\$hf_mig$
2010-08-05 21:30 . 2004-08-18 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-08-05 21:28 . 2004-08-18 12:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2010-08-05 21:27 . 2004-08-18 12:00 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2010-08-05 21:25 . 2004-08-18 12:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2010-08-05 21:25 . 2004-08-18 12:00 7168 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2010-08-05 21:25 . 2004-08-18 12:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
2010-08-05 21:25 . 2004-08-18 12:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2010-08-05 21:25 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2010-08-05 21:25 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\atrace.dll
2010-08-05 21:25 . 2004-08-18 12:00 40960 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2010-08-05 21:25 . 2004-08-18 12:00 12288 -c--a-w- c:\windows\system32\dllcache\wb32.exe
2010-08-05 21:25 . 2004-08-18 12:00 12288 -c--a-w- c:\windows\system32\dllcache\nmevtmsg.dll
2010-08-05 21:25 . 2004-08-18 12:00 12288 -c--a-w- c:\windows\system32\dllcache\cb32.exe
2010-08-05 21:25 . 2004-08-18 12:00 12288 ----a-w- c:\windows\system32\nmevtmsg.dll
2010-08-05 21:25 . 2004-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-05 20:58 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-05 20:58 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-05 20:58 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-05 20:58 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-05 18:17 . 2010-08-05 18:17 390144 ----a-w- c:\windows\system32\CF18442.exe
2010-08-05 17:31 . 2010-08-05 17:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-05 17:26 . 2010-08-05 17:26 -------- d-----w- c:\program files\Common Files\Skype
2010-08-05 13:56 . 2010-08-05 13:56 -------- d-----w- c:\program files\Google Chrome Backup
2010-08-03 14:49 . 2010-08-03 14:49 -------- d-----w- c:\program files\VS Revo Group
2010-08-03 09:05 . 2010-08-05 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 13:23 . 2010-07-25 13:23 -------- d-----w- c:\windows\system32\URTTEMP
2010-07-25 13:21 . 2004-08-18 12:00 726078 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2010-07-25 13:21 . 2004-08-18 12:00 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-07-25 13:21 . 2004-08-18 12:00 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2010-07-25 13:19 . 2010-07-25 13:19 -------- d-----w- c:\windows\system32\winrm
2010-07-25 13:18 . 2010-01-14 15:06 158720 ----a-w- c:\windows\system32\rdpinit.exe
2010-07-25 13:18 . 2010-01-14 15:07 45056 ----a-w- c:\windows\system32\winlogonnotification.dll
2010-07-25 13:18 . 2010-01-14 15:07 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-07-25 13:18 . 2010-01-14 15:07 12800 ----a-w- c:\windows\system32\wksprtps.dll
2010-07-25 13:18 . 2010-01-14 15:06 134144 ----a-w- c:\windows\system32\tspubwmi.dll
2010-07-25 13:18 . 2010-01-14 15:06 243200 ----a-w- c:\windows\system32\rdpshell.exe
2010-07-25 13:18 . 2010-01-14 15:06 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2010-07-25 13:18 . 2010-01-14 15:04 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-07-25 13:17 . 2010-07-25 13:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 14:59 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-08-06 14:59 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-08-06 14:46 . 2008-10-16 12:10 -------- d-----w- c:\program files\Nezmeskej
2010-08-06 10:25 . 2008-10-16 18:59 -------- d-----w- c:\program files\Translat
2010-08-06 10:20 . 2010-08-06 10:19 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-05 22:40 . 2008-10-15 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 22:40 . 2008-10-15 17:00 -------- d-----w- c:\program files\Creative
2010-08-05 21:24 . 2008-10-15 16:26 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-05 17:26 . 2009-03-10 13:58 -------- d-----w- c:\program files\ICQ6.5
2010-08-05 17:25 . 2008-10-29 15:46 -------- d-----w- c:\program files\Spyware Doctor
2010-08-05 13:59 . 2010-01-01 00:12 -------- d-----w- c:\program files\Replay Media Catcher
2010-08-05 12:20 . 2010-06-30 20:31 72 ---ha-w- c:\windows\popcreg.dat
2010-08-05 12:20 . 2010-06-30 20:31 24 ----a-w- c:\windows\popcinfot.dat
2010-07-25 13:20 . 2009-12-11 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 09:25 . 2008-10-15 18:06 -------- d-----w- c:\program files\Banka
2010-06-27 10:09 . 2009-02-07 23:33 -------- d-----w- c:\program files\Rapidshare
2010-06-22 11:12 . 2009-02-08 13:26 -------- d-----w- c:\program files\Share Rapid Uploader
2010-06-17 22:20 . 2010-06-17 22:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-17 16:44 . 2009-08-01 10:48 -------- d-----w- c:\program files\Opera
2010-06-16 10:04 . 2010-06-16 10:04 -------- d-----w- c:\program files\ESET
2010-06-14 14:30 . 2010-07-25 13:20 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:24 . 2010-06-13 18:22 -------- d-----w- c:\program files\Sony
2010-06-13 18:15 . 2010-01-01 00:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-13 18:15 . 2010-01-01 00:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-13 18:15 . 2010-01-01 00:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-06-08 21:43 . 2008-10-16 10:58 -------- d-----w- c:\program files\DreamCom
2006-06-15 18:33 . 2009-08-03 21:02 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2009-08-03 21:02 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2009-08-03 21:02 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2009-08-03 21:02 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2009-08-03 21:01 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 . 2009-08-03 21:02 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2009-08-03 21:01 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2009-08-03 21:01 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2009-08-03 21:01 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2009-08-03 21:01 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-08-03 21:02 . 2009-08-03 21:02 81 --sha-r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-08-06_14.00.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-06 15:08 . 2010-08-06 15:08 16384 c:\windows\temp\Perflib_Perfdata_160.dat
+ 2004-08-18 12:00 . 2010-08-06 14:59 67448 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2010-08-05 22:52 67448 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-08-06 14:59 432492 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-08-05 22:52 432492 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Namedate"="c:\program files\Nezmeskej\nezmeskej.exe" [2007-05-01 923136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-18 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-05 18:06 136176 ----atw- c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2007-05-01 10:00 923136 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 -c--a-r- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-03 07:52 16841216 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 14:55 339968 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-08 00:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
2008-10-22 18:57 28672 ----a-w- c:\program files\Vyčistit Počítač\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
2008-06-24 13:21 28672 ----a-w- c:\program files\Vyčistit Soubory\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 12:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\Milan\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10.5.2009 14:40 207280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 21:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 21:07 810120]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27.12.2007 15:39 51816]
S2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c);c:\program files\Google\Update\GoogleUpdate.exe [13.6.2009 20:47 133104]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [12.11.2008 16:30 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [12.11.2008 16:31 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [12.11.2008 16:31 34789]
S3 ATE_PROCMON;ATE_PROCMON; [x]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [13.6.2010 20:23 39048]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6.8.2010 11:46 27064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29.10.2008 17:46 365280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.4.2009 13:38 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-08-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-18 18:44]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
.
.
------- Doplňkový sken -------
.
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 17:08
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94CDB5857A359AC78A869E5D4064D655D0D77BBF0BACA420D0AE6B02B94557CCC85B016D62953C62DEB4C5C0D32CC14D955606B56ABC74F98468742A34334278E57D1BC666D99533737A9842A18740B71192B3AD85E4AD094CCF3AD1953DF18CA330B2A2EFE29DF82CCD5B36CE9F6A6274997DDA5CB9AF4E45AA8930DC81AA5BAD908AD61CF99D75E1436733B508B021E39CF036A835ACCC8162C43BBE02073922E17A00BB4933EFDF192815E4B255CC79EE307A55B4AE8D098662B3A3A57100938CEDF85561D0B3E62E9E7B9EF96EBFC10C6FA98279901F54C66D98A9362C8F8A9AE36721343C8DA9875DC7DA19685A3D0FF8080229820FD0F9032E1FE24C4780B9EE2F8E1B8D5251CB0EA244AF008062B7289BDC4D0875621B56008ABEB90D65BE38F93F5034D67A476DF53744C919986D70324FD3F867DDC5ADD9A23E314B9C9FF8B706737177B2EACAF1C73EAB903D38D55B470C80058D3E62CCD4BCC4EE7C77811AEE87DB1180C90B0A3C69E0D5A1C4726BE8AC9EECAF6864AEC279576B4F04B416B6745B085B9AA6748FF678DC8BE3737A8A50A7437550B3183E15A2B355A98A664F05AF412EBB28AB6F7B531EB28A99E43A7243328522E766529733C2416F8E0B5C6969A8D9ABB170BE6EA914C5D1B9CAB4F56DE57AB02B3A3BE9EA173A7F5EC2BA34EE2CB20EF6C593AC073E64763E10701FF48E6071BCF9675C7CB1DBA9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-08-06 17:13:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-06 15:13
ComboFix2.txt 2010-08-06 14:01
ComboFix3.txt 2010-08-05 18:36

Před spuštěním: Volných bajtů: 113 916 112 896
Po spuštění: Volných bajtů: 113 966 915 584

- - End Of File - - 96DB49086500072D2D13E94B81ED8DB7

[bledulka]

Co ted na to počítač?

[simonides2000]

Katastrofa...

[bledulka]

tak ted už asi jen ten reinstal.

[simonides2000]

Už to mám připravené. Zítra začnu. Díky za vše.

[bledulka]

No bohužel není zač.