no uz sa mi to tam podarilo dostat a toto je ten log co mi spravilo potom
ComboFix 08-05-15.3 - Misko 2008-05-18 16:55:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.169 [GMT 2:00]
Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Misko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 14:09 . 2008-05-18 14:09 0 --a------ C:\23990098.$$$
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-05-18 12:39 . 2008-05-18 12:39 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-05-18 12:31 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM
2008-05-18 12:31 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-05-18 12:31 . 2008-05-18 15:30 50 --a------ C:\WINDOWS\Lic.xxx
2008-05-18 11:29 . 2008-05-18 11:29 <DIR> d-------- C:\Program Files\FileSubmit
2008-05-18 11:24 . 2008-05-18 15:27 <DIR> d-------- C:\Program Files\Error Repair Professional
2008-05-17 23:29 . 2006-05-25 10:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-17 23:28 . 2008-05-17 23:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-16 21:18 . 2008-05-16 21:18 <DIR> d-------- C:\Casino
2008-05-14 22:05 . 2008-05-14 22:05 <DIR> d-------- C:\Program Files\JufSoft
2008-05-14 22:05 . 2000-12-12 12:12 149,504 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-05-14 22:05 . 2008-05-14 22:05 5,640 --a------ C:\WINDOWS\system32\UNWISE.INI
2008-05-14 16:52 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-14 16:45 . 2002-07-24 04:30 32,128 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-05-14 16:44 . 2008-05-14 16:44 <DIR> d-------- C:\Documents and Settings\Misko\WINDOWS
2008-05-14 16:43 . 2008-05-18 10:24 <DIR> d-------- C:\Program Files\VIA
2008-05-14 16:43 . 2008-05-14 16:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 16:40 . 2008-05-14 16:40 <DIR> d-------- C:\Program Files\VIA Technologies, Inc
2008-05-14 16:40 . 2002-07-30 16:42 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-14 16:40 . 2001-09-22 15:25 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-05-14 16:34 . 2008-05-14 16:34 <DIR> d-------- C:\Program Files\XPC Tools
2008-05-13 21:49 . 2008-05-13 21:49 <DIR> d-------- C:\Program Files\Lavalys
2008-05-13 21:27 . 2008-05-16 17:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-13 21:27 . 2008-05-13 21:28 <DIR> d-------- C:\Program Files\CCleaner
2008-05-13 15:03 . 2008-05-13 15:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 15:03 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\Misko\Application Data\SUPERAntiSpyware.com
2008-05-13 15:03 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-13 15:02 . 2008-05-13 15:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 13:00 . 2008-05-10 13:02 818,141 --a------ C:\WINDOWS\Free Windows XP Themes Screens.scr
2008-05-10 13:00 . 2008-05-10 13:02 230,306 --a------ C:\WINDOWS\uninstall Free Windows XP Themes Screens.exe
2008-05-10 10:03 . 2008-05-12 16:46 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 10:03 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-10 10:03 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-08 10:54 . 2008-05-10 10:04 1,291 --a------ C:\WINDOWS\mozver.dat
2008-05-08 10:42 . 2008-05-08 10:42 0 --a------ C:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 15:40 --------- d-----w C:\Documents and Settings\Misko\Application Data\Skype
2008-05-16 15:26 --------- d-----w C:\Documents and Settings\Misko\Application Data\skypePM
2008-05-07 15:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-07 15:34 --------- d-----w C:\Program Files\Skype
2008-05-07 15:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-07 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-07 15:33 --------- d-----w C:\Program Files\ICQ6
2008-05-07 15:33 --------- d-----w C:\Documents and Settings\Misko\Application Data\ICQ
2008-05-07 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 15:30 --------- d-----w C:\Documents and Settings\Misko\Application Data\ESET
2008-05-07 15:27 --------- d-----w C:\Program Files\ESET
2008-05-07 15:27 --------- d-----w C:\Documents and Settings\Misko\Application Data\InstallShield
2008-05-07 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-07 15:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-07 15:00 --------- d-----w C:\Program Files\Windows Media Connect 2
.
((((((((((((((((((((((((((((( snapshot@2008-05-18_15.46.09.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 13:25:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 14:18:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-12-04 16:44]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-18 16:58:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-18 16:59:55
ComboFix-quarantined-files.txt 2008-05-18 14:59:53
ComboFix2.txt 2008-05-18 13:46:27
Pre-Run: 7,387,688,960 bytes free
Post-Run: 7,392,448,512 bytes free
117