Prosim o kontrolu logu

spomalipo sa mi pc. Prosim o kontrolu logu
Logfile of HijackThis v1.99.1
Scan saved at 21:51:20, on 21.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Instal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.sk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\152E8D~1.2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRA~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fero\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\152E8D~1.2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\152E8D~1.2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Ac ... lient1.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

prejdi komp antivirakom, antispywarem

skus este combofix: http://www.bleepingcomputer.com/combofi ... e-combofix
stiahni si ho z jedneho z troch modrych odkazov. a log vloz sem
..inak kedy dame particku pokra?

Prebehol som tom ComboFixom tu je log
ComboFix 08-03-21.2 - Fero 2008-03-22 10:18:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.153 [GMT 1:00]
Running from: C:\Documents and Settings\Fero\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Fero\Application Data\tmp1C1C.tmp.exe
C:\Documents and Settings\Fero\Application Data\tmp1C1E.tmp.exe
C:\Documents and Settings\Fero\Application Data\tmp1E81.tmp.exe
C:\Documents and Settings\Fero\Application Data\tmp37.tmp.exe
C:\Documents and Settings\Fero\Application Data\tmpF00.tmp.exe
C:\Documents and Settings\Fero\Application Data\tmpF05.tmp.exe
C:\Program Files\Common Files\{2C276~1
C:\Program Files\Common Files\{2C276~2
C:\Program Files\Common Files\{3C276~1
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\components
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES


((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-19 12:22 . 2008-03-19 13:01 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\Hamachi
2008-03-19 12:20 . 2008-03-19 12:22 <DIR> d-------- C:\Program Files\Hamachi
2008-03-19 12:20 . 2008-03-19 12:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-16 09:26 . 2008-03-16 09:26 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\kantaris
2008-03-08 17:39 . 2008-03-08 17:39 <DIR> d-------- C:\Program Files\Java
2008-03-08 17:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-08 17:37 . 2008-03-08 17:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-08 17:03 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Unlocker
2008-03-08 17:03 . 2008-03-21 21:30 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\Desktopicon
2008-03-08 12:53 . 2008-03-08 12:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-08 12:53 . 2008-03-21 19:25 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\skypePM
2008-03-08 12:53 . 2008-03-08 12:53 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-06 16:31 . 2008-03-06 16:31 <DIR> d-------- C:\Program Files\MumboJumbo
2008-03-06 14:17 . 2008-03-19 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-05 17:55 . 2008-03-05 17:55 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-05 15:30 . 2008-03-06 14:04 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\PlayFirst
2008-03-04 19:12 . 2008-03-04 19:12 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\vlc
2008-03-02 20:50 . 2008-03-02 21:19 <DIR> d-------- C:\Program Files\The KMPlayer
2008-03-01 17:51 . 2008-03-01 17:51 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-01 17:51 . 2008-03-01 17:51 <DIR> d-------- C:\Program Files\QuickTime
2008-02-28 16:06 . 2008-02-28 16:06 244 --ah----- C:\sqmnoopt06.sqm
2008-02-28 16:06 . 2008-02-28 16:06 232 --ah----- C:\sqmdata06.sqm
2008-02-28 16:04 . 2008-02-28 16:04 244 --ah----- C:\sqmnoopt05.sqm
2008-02-28 16:04 . 2008-02-28 16:04 232 --ah----- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 21:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 21:15 --------- d-----w C:\Documents and Settings\Fero\Application Data\SUPERAntiSpyware.com
2008-03-21 20:05 --------- d-----w C:\Program Files\DC++
2008-03-21 18:39 --------- d-----w C:\Documents and Settings\Fero\Application Data\Skype
2008-03-20 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 14:19 --------- d-----w C:\Program Files\Oberon Media
2008-03-20 14:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 17:19 --------- d-----w C:\Program Files\LimeWire
2008-03-19 16:16 --------- d-----w C:\Program Files\ICQToolbar
2008-03-16 09:23 --------- d-----w C:\Program Files\XoftSpySE
2008-03-16 08:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 19:28 --------- d-----w C:\Program Files\PartyGaming
2008-03-02 10:16 --------- d-----w C:\Program Files\TV JOJ Media Player
2008-03-01 17:01 --------- d-----w C:\Program Files\Winamp
2008-03-01 16:43 --------- d-----w C:\Documents and Settings\Fero\Application Data\Nokia Multimedia Player
2008-03-01 16:42 --------- d-----w C:\Documents and Settings\Fero\Application Data\Nokia
2008-02-24 19:16 --------- d-----w C:\Program Files\Opera
2008-02-18 18:30 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-18 18:05 663 ----a-w C:\Documents and Settings\Fero\Application Data\waver_2.95.dat
2008-02-13 12:02 --------- d-----w C:\Documents and Settings\Fero\Application Data\PC Suite
2008-02-13 12:00 --------- d-----w C:\Program Files\DIFX
2008-02-13 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-13 11:59 --------- d-----w C:\Program Files\Nokia
2008-02-13 11:59 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-13 11:59 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 11:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-13 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-09 17:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 16:58 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-09 16:21 --------- d-----w C:\Program Files\ICQ6
2008-02-09 14:35 --------- d-----w C:\Documents and Settings\Fero\Application Data\InstallShield
2008-02-08 05:43 --------- d-----w C:\Program Files\ESET
2008-02-03 18:29 --------- d-----w C:\Program Files\Skype
2008-02-03 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-03 18:28 --------- d-----w C:\Program Files\Sygate
2008-02-01 07:42 --------- d-----w C:\Program Files\bwin
2008-01-23 10:19 --------- d-----w C:\Program Files\PokerStars
2007-12-30 17:27 284 ----a-w C:\Documents and Settings\Fero\Application Data\ViewerApp.dat
2007-12-23 17:18 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-08-29 08:50 0 ----a-w C:\Program Files\Common Files\dht342126
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-06 07:24 949376]
"avp"="C:\WINDOWS\system32\winver.exe" [2004-08-03 23:56 5632]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-03-05 21:09 2573536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{2C2766E8-0708-1051-0713-0505111701a5}"= "C:\Program Files\Common Files\{2C2766E8-0708-1051-0713-0505111701a5}\Update.exe" mc-110-12-0000272

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2002-07-05 16:37 491008 C:\WINDOWS\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
C:\WINDOWS\system32\drvnoh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
--a------ 2007-06-29 12:44 1990704 C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\1.5.2\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 06:10 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2C2766E8-0707-1051-0713-0505111701a5}]
C:\Program Files\Common Files\{2C2766E8-0707-1051-0713-0505111701a5}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2C2766E8-0708-1051-0713-0505111701a5}]
C:\Program Files\Common Files\{2C2766E8-0708-1051-0713-0505111701a5}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Documents and Settings\\Fero\\Desktop\\Hry\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:BitComet 10044 UDP
"7140:TCP"= 7140:TCP:BitComet 7140 TCP
"7140:UDP"= 7140:UDP:BitComet 7140 UDP

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 14:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 Ca50xav;Philips ThumbCam Video Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys [2002-10-20 20:37]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys [2003-05-26 13:05]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 NFWVAD_ds2dhw;NFW Virtual Audio;C:\WINDOWS\system32\drivers\nfwvad.sys [2007-10-16 15:20]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
S3 USBCamera;Philips ThumbCam Still Camera;C:\WINDOWS\system32\Drivers\Bulk50x.sys [2002-07-24 20:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 22:51:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 23:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-01-08 09:19:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 10:24:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-22 10:27:57 - machine was rebooted [Fero]
ComboFix-quarantined-files.txt 2008-03-22 09:27:51

S tym pokrom mozeme hocikedy

Stiahni si Avenger http://swandog46.geekstogo.com/avenger.exe
Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC



potom stiahni vundofix a prescanuj PC: http://www.majorgeeks.com/VundoFix_d4954.html a log vloz sem

Vsetko som spravil, ale vundoFix nevypisal zadny log iba ze nie su ziadne subory na fixovanie.

posli este log z avengera...mal by byt v C:\avenger.txt + este raz combofix

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pioukqkb

*******************

Script file located at: \??\C:\wppgxbqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\d3dx.dat deleted successfully.
File C:\sqmnoopt06.sqm deleted successfully.
File C:\sqmdata06.sqm deleted successfully.
File C:\sqmnoopt05.sqm deleted successfully.
File C:\sqmdata05.sqm deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

log z ComboFixu
ComboFix 08-03-21.2 - Fero 2008-03-22 11:31:08.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.146 [GMT 1:00]
Running from: C:\Instal\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 10:59 . 2008-03-22 10:59 <DIR> d-------- C:\VundoFix Backups
2008-03-19 12:22 . 2008-03-19 13:01 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\Hamachi
2008-03-19 12:20 . 2008-03-19 12:22 <DIR> d-------- C:\Program Files\Hamachi
2008-03-19 12:20 . 2008-03-19 12:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-16 09:26 . 2008-03-16 09:26 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\kantaris
2008-03-08 17:39 . 2008-03-08 17:39 <DIR> d-------- C:\Program Files\Java
2008-03-08 17:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-08 17:37 . 2008-03-08 17:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-08 17:03 . 2008-03-21 21:24 <DIR> d-------- C:\Program Files\Unlocker
2008-03-08 17:03 . 2008-03-21 21:30 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\Desktopicon
2008-03-08 12:53 . 2008-03-08 12:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-08 12:53 . 2008-03-21 19:25 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\skypePM
2008-03-08 12:53 . 2008-03-08 12:53 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-06 16:31 . 2008-03-06 16:31 <DIR> d-------- C:\Program Files\MumboJumbo
2008-03-06 14:17 . 2008-03-19 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-05 15:30 . 2008-03-06 14:04 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\PlayFirst
2008-03-04 19:12 . 2008-03-04 19:12 <DIR> d-------- C:\Documents and Settings\Fero\Application Data\vlc
2008-03-02 20:50 . 2008-03-02 21:19 <DIR> d-------- C:\Program Files\The KMPlayer
2008-03-01 17:51 . 2008-03-01 17:51 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-01 17:51 . 2008-03-01 17:51 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 10:29 --------- d-----w C:\Program Files\ICQToolbar
2008-03-21 21:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 21:15 --------- d-----w C:\Documents and Settings\Fero\Application Data\SUPERAntiSpyware.com
2008-03-21 20:05 --------- d-----w C:\Program Files\DC++
2008-03-21 18:39 --------- d-----w C:\Documents and Settings\Fero\Application Data\Skype
2008-03-20 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 14:19 --------- d-----w C:\Program Files\Oberon Media
2008-03-20 14:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 17:19 --------- d-----w C:\Program Files\LimeWire
2008-03-16 09:23 --------- d-----w C:\Program Files\XoftSpySE
2008-03-16 08:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 19:28 --------- d-----w C:\Program Files\PartyGaming
2008-03-02 10:16 --------- d-----w C:\Program Files\TV JOJ Media Player
2008-03-01 17:01 --------- d-----w C:\Program Files\Winamp
2008-03-01 16:43 --------- d-----w C:\Documents and Settings\Fero\Application Data\Nokia Multimedia Player
2008-03-01 16:42 --------- d-----w C:\Documents and Settings\Fero\Application Data\Nokia
2008-02-24 19:16 --------- d-----w C:\Program Files\Opera
2008-02-18 18:30 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-18 18:05 663 ----a-w C:\Documents and Settings\Fero\Application Data\waver_2.95.dat
2008-02-13 12:02 --------- d-----w C:\Documents and Settings\Fero\Application Data\PC Suite
2008-02-13 12:00 --------- d-----w C:\Program Files\DIFX
2008-02-13 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-13 11:59 --------- d-----w C:\Program Files\Nokia
2008-02-13 11:59 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-13 11:59 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 11:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-13 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-09 17:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 16:58 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-09 16:21 --------- d-----w C:\Program Files\ICQ6
2008-02-09 14:35 --------- d-----w C:\Documents and Settings\Fero\Application Data\InstallShield
2008-02-08 05:43 --------- d-----w C:\Program Files\ESET
2008-02-03 18:29 --------- d-----w C:\Program Files\Skype
2008-02-03 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-03 18:28 --------- d-----w C:\Program Files\Sygate
2008-02-01 07:42 --------- d-----w C:\Program Files\bwin
2008-01-23 10:19 --------- d-----w C:\Program Files\PokerStars
2007-12-30 17:27 284 ----a-w C:\Documents and Settings\Fero\Application Data\ViewerApp.dat
2007-12-23 17:18 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-08-29 08:50 0 ----a-w C:\Program Files\Common Files\dht342126
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-06 07:24 949376]
"avp"="C:\WINDOWS\system32\winver.exe" [2004-08-03 23:56 5632]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-03-05 21:09 2573536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{2C2766E8-0708-1051-0713-0505111701a5}"= "C:\Program Files\Common Files\{2C2766E8-0708-1051-0713-0505111701a5}\Update.exe" mc-110-12-0000272

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2002-07-05 16:37 491008 C:\WINDOWS\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
C:\WINDOWS\system32\drvnoh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
--a------ 2007-06-29 12:44 1990704 C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\1.5.2\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 06:10 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2C2766E8-0707-1051-0713-0505111701a5}]
C:\Program Files\Common Files\{2C2766E8-0707-1051-0713-0505111701a5}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2C2766E8-0708-1051-0713-0505111701a5}]
C:\Program Files\Common Files\{2C2766E8-0708-1051-0713-0505111701a5}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Documents and Settings\\Fero\\Desktop\\Hry\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:BitComet 10044 UDP
"7140:TCP"= 7140:TCP:BitComet 7140 TCP
"7140:UDP"= 7140:UDP:BitComet 7140 UDP

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 14:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 Ca50xav;Philips ThumbCam Video Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys [2002-10-20 20:37]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys [2003-05-26 13:05]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 NFWVAD_ds2dhw;NFW Virtual Audio;C:\WINDOWS\system32\drivers\nfwvad.sys [2007-10-16 15:20]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
S3 USBCamera;Philips ThumbCam Still Camera;C:\WINDOWS\system32\Drivers\Bulk50x.sys [2002-07-24 20:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 09:51:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 23:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-01-08 09:19:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:34:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-03-22 11:35:19
ComboFix-quarantined-files.txt 2008-03-22 10:35:11
ComboFix2.txt 2008-03-22 09:27:58

Este vloz do avengeru:



potom stiahni atf cleaner a precisti si PC: http://www.majorgeeks.com/ATF_Cleaner_d4949.html

Dufam ze je to v poriadku, vsetko som spravil. Dakujem velmi pekne za pomoc