pc strašne spomalil -prosím o kontrolu logu

[nici]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:09, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\SPRVCA~1\LOCALS~1\Temp\mexe.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Správca\My Documents\Preberanie\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

[nici]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Správca at 2010-09-16 21:01:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (4%) free of 194 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:10, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\SPRVCA~1\LOCALS~1\Temp\mexe.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Správca\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Správca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5743 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1450960922-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1450960922-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2009-09-12 811008]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2010-08-02 1167808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents [2010-03-24 91]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-03-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2010-08-02 1167808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-02-26 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe"="C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Webteh\BSplayer\bsplayer.exe"="C:\Program Files\Webteh\BSplayer\bsplayer.exe:*:Enabled:BSplayer"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Wild Media Server\wms.exe"="C:\Program Files\Wild Media Server\wms.exe:*:Enabled:Wild Media Server (UPnP, DLNA, HTTP)"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-16 20:57:11 ----AD---- C:\WINDOWS\system32\vcmgcd32.dll
2010-09-16 20:54:48 ----D---- C:\Program Files\trend micro
2010-09-16 20:54:45 ----D---- C:\rsit
2010-09-16 17:46:00 ----D---- C:\!KillBox
2010-09-12 15:40:10 ----D---- C:\Program Files\DAEMON Tools Lite
2010-09-09 20:47:05 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-09-09 20:47:05 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-09-09 20:47:04 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-09-09 20:47:03 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-09-09 20:02:23 ----D---- C:\Program Files\City Interactive
2010-09-08 10:10:50 ----A---- C:\WINDOWS\IE4 Error Log.txt

======List of files/folders modified in the last 1 months======

2010-09-16 20:59:19 ----D---- C:\WINDOWS\temp
2010-09-16 20:59:19 ----D---- C:\WINDOWS
2010-09-16 20:58:12 ----D---- C:\WINDOWS\Prefetch
2010-09-16 20:58:05 ----D---- C:\WINDOWS\system32
2010-09-16 20:54:48 ----RD---- C:\Program Files
2010-09-16 20:42:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-16 20:40:18 ----SHD---- C:\WINDOWS\Installer
2010-09-16 20:40:16 ----D---- C:\Config.Msi
2010-09-16 20:26:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-09-16 20:25:09 ----D---- C:\Program Files\Trojan Remover
2010-09-16 20:15:21 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 14:36:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-15 16:15:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-13 18:25:56 ----D---- C:\Documents and Settings\Správca\Application Data\Skype
2010-09-13 18:00:59 ----D---- C:\Documents and Settings\Správca\Application Data\skypePM
2010-09-12 16:23:31 ----D---- C:\Program Files\Crawler
2010-09-12 15:40:55 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-09-11 12:23:42 ----D---- C:\WINDOWS\system32\config
2010-09-11 12:23:12 ----SHD---- C:\WINDOWS\CSC
2010-09-09 20:47:09 ----D---- C:\WINDOWS\system32\DirectX
2010-09-09 20:47:05 ----D---- C:\WINDOWS\inf
2010-09-09 20:46:00 ----RSD---- C:\WINDOWS\assembly
2010-09-09 19:16:45 ----D---- C:\Program Files\GoldWave
2010-09-09 18:57:52 ----D---- C:\Program Files\Tiler
2010-09-09 18:37:19 ----D---- C:\WINDOWS\Fonts
2010-08-31 10:37:15 ----D---- C:\Program Files\JDownloader
2010-08-30 09:57:18 ----A---- C:\WINDOWS\WTRAN32.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-01 47360]
R3 snpstd2;Trust WB-3100P Portable Webcam; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 347264]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 a8k6fiqq;a8k6fiqq; C:\WINDOWS\system32\drivers\a8k6fiqq.sys []
S3 AdfuUd;rockusb Device; C:\WINDOWS\System32\Drivers\rockusb.sys [2006-11-08 77772]
S3 atimpab;atimpab; C:\WINDOWS\system32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 atirage3;atirage3; C:\WINDOWS\system32\DRIVERS\atimpae.sys [2001-08-17 75136]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-03-09 37768]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-02-26 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-21 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-20 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[motji]

Dobrý večer

Odinstalujte Daemon tools toolbar
Odinstalujte trojan remover

Killbox jste použil na co?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[nici]

vkladám log z mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4637

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17.9.2010 11:33:06
mbam-log-2010-09-17 (11-33-06).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 274129
Uplynulý čas: 49 min, 43 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 1
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 1
Infikované priečinky: 0
Infikované súbory: 3

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\xprepairpro2006 (Rogue.XPRepairPro2007) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Program Files\Anti Trojan Elite\MSVCRTD.DLL (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Správca\Desktop\Hry\evolutien gt\Evolution GT\Evolution GT\1eyed.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Správca\Desktop\Hry\HRY -CD\call of duty 4 CD\Razor1911\rzr-cod4.exe (Trojan.Agent.CK) -> No action taken.

[motji]

Vše smažte.



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[nici]

ComboFix 10-09-17.04 - Správca 18.09.2010 23:28:59.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.664 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\údržba\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\documents and settings\Správca\Application Data\Desktopicon
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 21:20 . 2010-09-18 21:20 389120 ----a-w- c:\windows\system32\CF16851.exe
2010-09-17 16:30 . 2010-09-17 16:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-09-17 16:26 . 2010-09-17 16:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-09-17 07:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 19:38 . 2010-09-17 07:09 -------- d-----w- c:\program files\Anti Trojan Elite
2010-09-16 18:58 . 2010-09-16 18:59 6469428 ----a-w- c:\windows\REGBK06.ZIP
2010-09-16 18:57 . 2010-09-16 18:57 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2010-09-16 18:54 . 2010-09-16 19:01 -------- d-----w- c:\program files\trend micro
2010-09-16 18:54 . 2010-09-16 18:55 -------- d-----w- C:\rsit
2010-09-16 15:46 . 2010-09-16 15:46 -------- d-----w- C:\!KillBox
2010-09-12 14:04 . 2010-09-12 14:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-09 18:47 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-09 18:47 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-09 18:47 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-09 18:47 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-09 18:02 . 2010-09-09 18:02 -------- d-----w- c:\program files\City Interactive
2010-09-07 13:53 . 2010-09-07 13:53 3532 ----a-w- C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 16:20 . 2008-11-01 13:05 -------- d-----w- c:\program files\Crawler
2010-09-17 07:31 . 2009-02-11 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 19:21 . 2009-09-22 19:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-09-16 19:07 . 2009-10-20 06:04 -------- d-----w- c:\program files\Trojan Remover
2010-09-16 18:42 . 2008-10-17 09:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 18:26 . 2008-12-23 16:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-12 14:23 . 2009-01-01 10:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-09 17:16 . 2010-08-16 13:33 -------- d-----w- c:\program files\GoldWave
2010-09-09 16:57 . 2010-08-01 14:33 -------- d-----w- c:\program files\Tiler
2010-08-31 08:37 . 2009-11-06 18:41 -------- d-----w- c:\program files\JDownloader
2010-08-16 13:34 . 2010-08-16 13:34 -------- d-----w- c:\program files\Lame
2010-08-02 10:35 . 2010-08-02 10:35 -------- d-----w- c:\program files\DXFViewer
2010-08-02 10:35 . 2010-08-02 10:35 -------- d-----w- c:\program files\MSXML 4.0
2010-08-02 10:27 . 2010-08-01 08:23 -------- d-----w- c:\program files\Syncrosoft
2010-08-01 10:25 . 2010-08-01 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-08-01 08:17 . 2010-08-01 08:17 -------- d-----w- c:\program files\Eleco
2010-08-01 08:17 . 2010-08-01 08:17 -------- d-----w- c:\program files\directx
2010-07-28 10:59 . 2010-07-27 07:11 -------- d-----w- c:\program files\DAP
2010-07-28 10:57 . 2010-07-27 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-07-27 11:36 . 2010-07-27 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Wild Media Server
2010-07-27 11:04 . 2008-11-27 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-27 06:52 . 2008-10-20 09:07 -------- d-----w- c:\program files\CCleaner
2010-07-01 15:14 . 2010-07-01 15:14 405 ----a-w- c:\windows\PowerReg.dat
2009-01-01 18:34 . 2009-01-01 18:32 48 --sh--w- c:\windows\SBA767E0D.tmp
.

------- Sigcheck -------

[-] 2009-02-11 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-01-16 . 4E0AB53803C1B681631AA8B9C7B37ADA . 3593728 . . [7.00.6000.20753] . . c:\windows\system32\mshtml.dll
[-] 2008-01-16 . 4E0AB53803C1B681631AA8B9C7B37ADA . 3593728 . . [7.00.6000.20753] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\system32\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\system32\dllcache\wininet.dll

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-12 811008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2010-09-16 4076544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-03-18 11:18 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-21 10:44 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Webteh\\BSplayer\\bsplayer.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [16.9.2010 21:38 9216]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 10:16 472280]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [26.1.2010 13:25 686080]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [28.1.2010 19:32 4134]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2008 11:56 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\fen7fee5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPO2C.DLL
FF - plugin: c:\program files\Opera\program\plugins\npo2cAreas.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 23:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\HTT17.tmp 326121 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7AE2132-7CDA-7231-4C1B-CD57AA2E1242}*]
"jalpolnpjhiijlfelhpk"=hex:62,61,6d,66,00,00
"jalpolnpjhiijlfelhdl"=hex:62,61,70,66,00,00

[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,c4,c5,61,d5,5e,b9,45,a5,f8,34,19,64,92,4f,75,ce,6b,7b,98,67,
80,33,6b,ce,a8,5a,6f,2a,d1,a4,99,6f,53,be,be,6b,f8,73,0d,63,e5,ae,43,cc,b1,\
"rkeysecu"=hex:2b,6c,89,86,bf,f5,63,d5,78,16,5d,17,66,72,18,b6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-18 23:34:13
ComboFix-quarantined-files.txt 2010-09-18 21:34
ComboFix2.txt 2010-09-17 16:07

Pre-Run: 11 743 395 840 bytes free
Post-Run: 23 adresárov, 11 711 758 336 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1EDFE74C64DB6875C98C4D0AAFD9F8C9

[motji]

odinstalujte c:\program files\Anti Trojan Elite

Otestujte na www.virustotal.com

c:\windows\system32\winlogon.exe

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[nici]

http://www.virustotal.com/file-scan/rep ... 1284846592

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Regnull::
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7AE2132-7CDA-7231-4C1B-CD57AA2E1242}*]

File::
c:\windows\TEMP\HTT17.tmp

Firefox::
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\fen7fee5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search

DDS::
uStart Page = about:blank
mStart Page = about:blank

Restore::
c:\windows\system32\winlogon.exe
c:\windows\system32\mshtml.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dllcache\wininet.dll
c:\windows\system32\dllcache\iexplore.exe

Folder::
c:\program files\DAEMON Tools Toolbar

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[nici]

ComboFix 10-09-17.04 - Správca 19.09.2010 10:49:28.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.613 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Správca\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
* Resident AV is active


FILE ::
"c:\windows\TEMP\HTT17.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml

Infected copy of c:\windows\system32\dllcache\iexplore.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\iexplore.exe

Infected copy of c:\windows\system32\dllcache\wininet.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wininet.dll

Infected copy of c:\windows\system32\mshtml.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mshtml.dll

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 15:10 . 2010-09-19 15:10 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-09-19 15:10 . 2010-09-19 15:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-09-19 15:01 . 2010-09-19 15:04 -------- d-----w- C:\WINDOWS.1
2010-09-19 14:45 . 2010-09-19 14:45 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2010-09-19 14:45 . 2010-09-19 14:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2010-09-19 14:44 . 2006-10-04 19:33 181788 ----a-w- C:\pmtimer.exe
2010-09-19 14:44 . 2006-10-04 19:24 20992 ----a-w- C:\makePNF.exe
2010-09-19 14:44 . 2006-10-04 19:33 185970 ----a-w- C:\DSPdsblr.exe
2010-09-19 14:44 . 2006-10-04 19:32 218884 ----a-w- C:\DPsFnshr.exe
2010-09-19 14:44 . 2006-10-04 19:24 55808 ----a-w- C:\devcon.exe
2010-09-19 14:39 . 2010-09-19 14:43 -------- d-----w- C:\D
2010-09-19 14:31 . 2010-09-19 14:46 -------- d-----w- C:\WINDOWS.0
2010-09-19 08:49 . 2008-04-14 04:42 93184 -c--a-w- c:\windows\system32\dllcache\iexplore.exe
2010-09-18 21:20 . 2010-09-18 21:20 389120 ----a-w- c:\windows\system32\CF16851.exe
2010-09-17 16:30 . 2010-09-17 16:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-09-17 16:26 . 2010-09-17 16:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-09-17 07:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-16 19:38 . 2010-09-18 21:47 -------- d-----w- c:\program files\Anti Trojan Elite
2010-09-16 18:58 . 2010-09-16 18:59 6469428 ----a-w- c:\windows\REGBK06.ZIP
2010-09-16 18:57 . 2010-09-16 18:57 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2010-09-16 18:54 . 2010-09-16 19:01 -------- d-----w- c:\program files\trend micro
2010-09-16 18:54 . 2010-09-16 18:55 -------- d-----w- C:\rsit
2010-09-16 15:46 . 2010-09-16 15:46 -------- d-----w- C:\!KillBox
2010-09-12 14:04 . 2010-09-12 14:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-09 18:47 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-09 18:47 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-09 18:47 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-09 18:47 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-09 18:02 . 2010-09-09 18:02 -------- d-----w- c:\program files\City Interactive
2010-09-07 13:53 . 2010-09-07 13:53 3532 ----a-w- C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 16:20 . 2008-11-01 13:05 -------- d-----w- c:\program files\Crawler
2010-09-17 07:31 . 2009-02-11 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 19:07 . 2009-10-20 06:04 -------- d-----w- c:\program files\Trojan Remover
2010-09-16 18:42 . 2008-10-17 09:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 18:26 . 2008-12-23 16:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-12 14:23 . 2009-01-01 10:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-09 17:16 . 2010-08-16 13:33 -------- d-----w- c:\program files\GoldWave
2010-09-09 16:57 . 2010-08-01 14:33 -------- d-----w- c:\program files\Tiler
2010-08-31 08:37 . 2009-11-06 18:41 -------- d-----w- c:\program files\JDownloader
2010-08-16 13:34 . 2010-08-16 13:34 -------- d-----w- c:\program files\Lame
2010-08-02 10:35 . 2010-08-02 10:35 -------- d-----w- c:\program files\DXFViewer
2010-08-02 10:35 . 2010-08-02 10:35 -------- d-----w- c:\program files\MSXML 4.0
2010-08-02 10:27 . 2010-08-01 08:23 -------- d-----w- c:\program files\Syncrosoft
2010-08-01 10:25 . 2010-08-01 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-08-01 08:17 . 2010-08-01 08:17 -------- d-----w- c:\program files\Eleco
2010-08-01 08:17 . 2010-08-01 08:17 -------- d-----w- c:\program files\directx
2010-07-28 10:59 . 2010-07-27 07:11 -------- d-----w- c:\program files\DAP
2010-07-28 10:57 . 2010-07-27 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-07-27 11:36 . 2010-07-27 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Wild Media Server
2010-07-27 11:04 . 2008-11-27 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-27 06:52 . 2008-10-20 09:07 -------- d-----w- c:\program files\CCleaner
2010-07-01 15:14 . 2010-07-01 15:14 405 ----a-w- c:\windows\PowerReg.dat
2009-01-01 18:34 . 2009-01-01 18:32 48 --sh--w- c:\windows\SBA767E0D.tmp
.

------- Sigcheck -------

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\system32\wininet.dll

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-18_21.32.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-19 08:34 . 2010-09-19 08:34 16384 c:\windows\temp\Perflib_Perfdata_b8.dat
+ 2010-09-19 08:57 . 2010-09-19 08:57 16384 c:\windows\temp\Perflib_Perfdata_9c.dat
+ 2010-09-19 09:05 . 2010-09-19 09:05 16384 c:\windows\temp\Perflib_Perfdata_29c.dat
+ 2010-09-19 09:14 . 2010-09-19 09:14 16384 c:\windows\temp\Perflib_Perfdata_27c.dat
+ 2010-09-19 09:11 . 2010-09-19 09:11 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat
+ 2004-08-04 12:00 . 2008-04-14 04:42 507904 c:\windows\system32\winlogon.exe
- 2004-08-04 12:00 . 2009-02-11 19:52 507904 c:\windows\system32\winlogon.exe
+ 2008-01-16 15:20 . 2008-04-14 04:42 3066880 c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-12 811008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-03-18 11:18 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-21 10:44 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Webteh\\BSplayer\\bsplayer.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 10:16 472280]
S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [26.1.2010 13:25 686080]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [28.1.2010 19:32 4134]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2008 11:56 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\fen7fee5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPO2C.DLL
FF - plugin: c:\program files\Opera\program\plugins\npo2cAreas.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 15:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,c4,c5,61,d5,5e,b9,45,a5,f8,34,19,64,92,4f,75,ce,6b,7b,98,67,
80,33,6b,ce,a8,5a,6f,2a,d1,a4,99,6f,53,be,be,6b,f8,73,0d,63,e5,ae,43,cc,b1,\
"rkeysecu"=hex:2b,6c,89,86,bf,f5,63,d5,78,16,5d,17,66,72,18,b6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-19 15:18:53 - machine was rebooted

[motji]

Jak to vypadá s počítačem?
Vy jste včera přeinstalovával windows nebo tak něco?

[nici]

PC nešiel spustiť ani cez Poslednú známu konfiguráciu.

[nici]

stále je však akoby spomalený

[motji]

To Vám nešel spustit po našem skriptu, nebo jste ho prostě vypl a už nešel spustit?


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[nici]

ww.malwarebytes.org

Verzia databázy: 4658

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21.9.2010 0:04:57
mbam-log-2010-09-21 (00-04-57).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 306657
Uplynulý čas: 2 hod, 1 min, 56 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 1
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)