pcmark.info

log je víceméně v pořádku (až na ten QIP searchbar)... chybí firewall

ahojte...mohl by prosim nekdo odbornym okem zkouknout muj log? dikec

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:53, on 29.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Lacik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Lacik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9658 bytes

rádo se stalo

dekuji za vyreseni;)

tak podle mě OK;-)

takze jsem to smazl a resetoval PC... je to OK..

protože ComboFix ten soubor pro mě z neznámého důvodu smazat nemůže, tak kvůli tomu píšu aby jsi ho smazal ručně pokud půjde

Ryan píše:pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\rwwnw64d.exe

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

mno vy ste mi to doporucil a ted mam zase smazat?..jsem ztoho vedle...

někde něco děláš špatně... zkus ručně smazat:

C:\WINDOWS\system32\rwwnw64d.exe

takze ten script presunut do combofixu umistenem na plose a spusteno v nouzovem rezim bez AV:
ComboFix 08-03-22.3 - máca 2008-03-25 14:55:22.3 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1776 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF6716.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF6716.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF6716.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-24 21:51 . 2008-03-24 21:51 <DIR> d--hs---- C:\found.007
2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-25 14:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-25 14:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-25 14:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-24 17:07 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-24 17:07 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-25 14:52 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-25 14:53 136,639 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 13:53 --------- d-----w C:\Program Files\ESET
2008-03-25 06:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-23 23:21 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-12 21:51 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-23 15:10 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 11:40 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NOD32 - on-demand scanner"="C:\Program Files\ESET\nod32.exe" [2008-03-25 14:52 494712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 14:52 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 14:58:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-25 14:58:55
ComboFix-quarantined-files.txt 2008-03-25 13:58:29
ComboFix2.txt 2008-03-23 18:41:16
ComboFix3.txt 2008-03-23 16:38:24

přesto prosím o provedení mé poslední rady ještě jednou postupem kterým jsem napsal... Díky

mno problem zmizel.. nod uz nic nehlasi..tak to bude ok

Chjo... proveď moji poslední radu jeětě jednou, ale v NOUZOVÉM REŽIMU a s vypnutými veškerými AV/AS (antiviry, antispyware) programy

ComboFix 08-03-22.3 - máca 2008-03-23 19:39:55.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1221 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\m ca.DOMA\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 16:00 . 2008-03-23 17:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 19:13 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
Stop Pending3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TrnOEH.dll
.
Completion time: 2008-03-23 19:41:15
ComboFix-quarantined-files.txt 2008-03-23 18:40:48
ComboFix2.txt 2008-03-23 16:38:24
.
2008-03-18 05:21:42 --- E O F ---

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

ComboFix 08-03-22.3 - máca 2008-03-23 17:31:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1421 [GMT 1:00]
Running from: C:\Documents and Settings\máca.DOMA\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF29804.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF29804.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29804.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\kikina\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\Deewoo.lnk
C:\Documents and Settings\máca.DOMA\Nabídka Start\Programy\Po spuštění\DW_Start.lnk
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 16:00 . 2008-03-23 16:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2008-03-23 16:00 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 16:00 . 2003-03-19 11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 09:04 . 2008-03-23 09:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-23 09:04 . 2008-03-23 09:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-23 09:04 . 2008-03-23 09:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 23:19 . 2008-03-23 16:55 0 --a------ C:\WINDOWS\XXLGSC
2008-03-21 23:09 . 2008-03-21 23:09 491,520 --a------ C:\WINDOWS\WebIE.dll
2008-03-21 23:09 . 2008-03-21 23:09 356,352 --a------ C:\WINDOWS\TrnOutl.dll
2008-03-21 23:09 . 2008-03-21 23:09 294,912 --a------ C:\WINDOWS\TrnWord.dll
2008-03-21 23:09 . 2008-03-21 23:09 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-03-21 23:09 . 2008-03-21 23:09 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-03-21 23:09 . 2008-03-21 23:09 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-03-21 23:09 . 2008-03-21 23:09 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-03-21 23:08 . 2008-03-22 12:24 <DIR> d-------- C:\TRANSLAT
2008-03-21 23:08 . 2008-03-21 23:08 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-03-21 23:08 . 2008-03-23 16:55 4,479 --a------ C:\WINDOWS\WTRAN32.INI
2008-03-21 23:08 . 2008-03-21 23:08 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-03-21 23:08 . 2008-03-21 23:09 2,476 --a------ C:\WINDOWS\TRNCOM.INI
2008-03-21 23:08 . 2008-03-23 17:29 1,678 --a------ C:\WINDOWS\MAILTRAN.INI
2008-03-21 23:08 . 2008-03-21 23:08 1,581 --a------ C:\WINDOWS\WDICT32.INI
2008-03-16 16:23 . 2008-03-16 16:23 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-16 15:09 . 2008-03-16 15:09 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-15 14:28 . 2008-03-15 14:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 12:22 . 2008-03-15 14:30 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Autodesk
2008-03-15 09:50 . 2008-03-15 09:50 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-14 23:35 . 2008-03-14 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-14 23:24 . 2008-03-14 23:24 49,156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-14 06:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-03-14 06:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-13 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\InstallShield
2008-03-12 22:51 . 2008-03-12 22:51 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-10 17:04 . 2008-03-10 17:05 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-09 09:21 . 2008-03-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Ubisoft
2008-03-07 18:41 . 2008-03-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2008-03-07 18:15 . 2008-03-07 18:15 <DIR> d-------- C:\Program Files\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:15 . 2008-03-23 14:43 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\uTorrent
2008-03-07 18:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-07 17:58 . 2008-03-07 17:58 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-04 06:40 . 2008-03-04 06:40 <DIR> d--hs---- C:\found.006
2008-03-03 18:03 . 2008-03-23 09:08 120,038 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-03 16:07 . 2008-03-03 16:07 <DIR> d-------- C:\Program Files\OO Software
2008-03-02 15:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-01 15:50 . 2008-03-01 15:50 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 08:21 . 2008-02-28 08:21 0 --a------ C:\WINDOWS\oodcnt.INI
2008-02-26 19:48 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-26 19:47 . 2008-02-26 19:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-26 19:45 . 2008-02-26 19:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-26 19:44 . 2008-02-26 19:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 19:43 . 2008-02-26 19:43 <DIR> dr-h----- C:\MSOCache
2008-02-26 19:43 . 2008-03-12 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:40 . 2008-02-26 19:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\DAEMON Tools
2008-02-26 19:38 . 2008-02-26 19:38 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-26 16:41 . 2008-02-26 16:41 <DIR> d-------- C:\Documents and Settings\kikina\Data aplikací\Media Player Classic
2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 20:15 . 2008-02-23 20:15 <DIR> d-------- C:\Documents and Settings\máca.DOMA\kbpki
2008-02-23 16:10 . 2008-02-23 16:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 12:40 . 2008-02-23 12:40 <DIR> d-------- C:\Documents and Settings\máca.DOMA\Data aplikací\Media Player Classic
2008-02-23 09:09 . 2008-03-12 22:51 737,280 --a------ C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:12 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-23 08:09 --------- d-----w C:\Program Files\ESET
2008-03-21 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 22:35 --------- d-----w C:\Program Files\Nero
2008-03-14 22:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2008-03-14 22:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-14 22:22 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-09 08:18 --------- d-----w C:\Program Files\ATI Technologies
2008-03-04 06:08 --------- d-----w C:\Program Files\ICQ6
2008-02-26 18:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 19:16 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\OpenOffice.org2
2008-02-25 12:31 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:53 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ICQ
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 21:11 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\InstallShield
2008-02-22 20:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 05:13 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\DivX
2008-02-22 05:12 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\Nero
2008-02-21 19:56 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:31 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Ventrilo
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 19:30 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\Nero
2008-02-21 05:35 --------- d-----w C:\Program Files\Java
2008-02-20 20:27 --------- d-----w C:\Documents and Settings\kikina\Data aplikací\ATI
2008-02-20 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2008-02-20 17:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 17:38 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\ATI
2008-02-20 16:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 16:27 --------- d-----w C:\Documents and Settings\máca.DOMA\Data aplikací\TuneUp Software
2008-02-20 14:51 558,142 ----a-w C:\WINDOWS\java\Packages\LNP3RNT7.ZIP
2008-02-20 14:51 155,995 ----a-w C:\WINDOWS\java\Packages\OELNZB5B.ZIP
2008-02-19 20:10 --------- d-----w C:\Documents and Settings\máca\Data aplikací\OpenOffice.org2
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-17 06:58 --------- d-----w C:\Documents and Settings\kiki\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-16 21:51 --------- d-----w C:\Program Files\AMD
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\ICQLite
2008-02-14 07:56 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\OpenOffice.org2
2008-02-13 14:13 --------- d-----w C:\Program Files\ICQToolbar
2008-02-13 14:13 --------- d-----w C:\Documents and Settings\mamka\Data aplikací\MEGAUPLOADTOOLBAR
2008-02-10 21:29 --------- d-----w C:\Documents and Settings\máca\Data aplikací\MegauploadToolbar
2008-02-08 23:48 --------- d-----w C:\Program Files\HLSW
2008-02-05 10:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 17:09 --------- d-----w C:\Program Files\HDD Regenerator
2008-02-02 17:44 --------- d-----w C:\Program Files\DivX
2008-02-02 12:43 --------- d-----w C:\Program Files\ZZZZZZZZZZZZZZZ
2008-01-30 08:18 --------- d-----w C:\Program Files\ICQLite
2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 18:30 22,328 ----a-w C:\Documents and Settings\máca\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2008-03-21 23:09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"{24-49-9C-C7-DW}"="C:\windows\system32\jpwnw64o.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-23 09:03 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\CesarFTP\\Server.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ilussion422\\counter-strike\\hl.exe"=
"D:\\QIP Infium\\infium.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-14 23:22]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:36:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 17:36:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-03-23 17:38:23
ComboFix-quarantined-files.txt 2008-03-23 16:37:19
.
2008-03-18 05:21:42 --- E O F ---

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko OK:



v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Zdravim, ted tam ten vir mam urcite: NOD32 ho pokazde zachyti a hodi do karanteny.. ale dela to pri kazdem restartu.. zde je log.. cervene je zviraznen problem.

Logfile of HijackThis v1.99.1
Scan saved at 15:32:35, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
D:\QIP Infium\infium.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Shared\NL3\NeroPatentActivation.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\máca.DOMA\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{24-49-9C-C7-DW}] C:\windows\system32\jpwnw64o.exe DWoli5
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntqkwd.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64o.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3533190468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

maličkost

ok..dekuji za pomoc;)