zmiznutie ,,vypnut pc,, z ponuky start...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:02, on 25.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] -C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6676065984
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - -"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6024 bytes

ComboFix 07-08-25.2 - "peter" 2007-08-25 15:17:23.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.134 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))


2007-08-25 15:05 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-25 15:05 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\MegauploadToolbar
2007-08-25 14:52 57,344 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2007-08-25 14:52 53,504 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2007-08-25 14:52 <DIR> d-------- C:\Program Files\Avira Premium Security Suite
2007-08-25 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira Premium Security Suite
2007-08-25 02:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-25 00:05 253,952 --a------ C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dat
2007-08-25 00:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-24 20:52 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\DAEMON Tools Pro
2007-08-24 20:47 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-24 18:58 <DIR> d-------- C:\TP
2007-08-20 17:26 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Corel
2007-08-20 17:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-20 17:24 88 -r-hs---- C:\WINDOWS\system32\44435F73D3.sys
2007-08-20 17:24 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-20 17:24 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-08-20 17:23 <DIR> d-------- C:\Program Files\Corel
2007-08-19 21:58 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Zoner
2007-08-12 22:23 600 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-12 22:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-12 22:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-12 22:22 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-12 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-12 20:01 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-08-12 17:30 6,017 --a------ C:\WINDOWS\assys.dll
2007-08-12 17:30 12,558 --a------ C:\WINDOWS\gstcore.dll
2007-08-12 17:29 40,177 --a------ C:\WINDOWS\ffnsys.dll
2007-08-12 17:29 38,982 --a------ C:\WINDOWS\rsczsys.dll
2007-08-12 17:29 30,559 --a------ C:\WINDOWS\mfnsys.dll
2007-08-12 17:29 227,851 --a------ C:\WINDOWS\uawin.dll
2007-08-12 17:29 13,277 --a------ C:\WINDOWS\snsys.dll
2007-08-12 15:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-08-12 12:57 146,432 --a------ C:\WINDOWS\R.COM
2007-08-12 12:57 135,680 --a------ C:\WINDOWS\system32\T.COM
2007-08-12 12:51 <DIR> d-------- C:\Program Files\CCleaner
2007-08-11 22:50 487,424 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-08-10 17:17 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Media Player Classic
2007-08-10 17:10 <DIR> d-------- C:\DOCUME~1\peter\Incomplete
2007-08-10 17:10 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\LimeWire
2007-08-10 17:01 <DIR> d--hs---- C:\RECYCLER
2007-08-09 19:36 <DIR> d-------- C:\Program Files\nLite
2007-08-09 19:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-09 19:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-09 19:18 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-09 19:17 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-09 19:08 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-09 19:05 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-09 19:05 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-09 19:05 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-09 18:48 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-09 18:17 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-09 18:17 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-08-09 18:14 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-09 18:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-09 18:14 <DIR> d-------- C:\DOCUME~1\peter\UserData
2007-08-09 17:38 72,462 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\firstlsp.reg.dat
2007-08-09 16:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-09 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-09 16:06 <DIR> d-------- C:\Downloads
2007-08-09 16:05 <DIR> d-------- C:\Program Files\BitComet
2007-08-09 15:59 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-08-09 15:57 <DIR> d-------- C:\Program Files\MSBuild
2007-08-09 15:57 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-09 15:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-09 15:52 <DIR> d-------- C:\MSOCache
2007-08-09 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-09 15:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-09 15:44 <DIR> d-------- C:\Program Files\LimeWire
2007-08-09 15:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-09 15:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-09 15:35 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-09 15:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-09 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-09 15:33 <DIR> d-------- C:\Program Files\Disk Cleaner
2007-08-09 15:32 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\ICQ
2007-08-09 15:31 <DIR> d-------- C:\Program Files\ICQ6
2007-08-09 15:29 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Ahead
2007-08-09 15:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-09 15:26 <DIR> d-------- C:\Program Files\Nero
2007-08-09 15:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-09 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-09 15:25 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-09 15:25 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-08-09 15:24 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-08-09 15:24 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-09 15:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-09 15:24 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-08-09 15:24 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-08-09 15:24 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-08-09 15:22 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-08-09 15:22 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-08-09 15:22 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-08-09 15:22 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 20:33 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-09 16:06 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-09 14:35 5194 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-08-09 14:34 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira Premium Security Suite\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoThumbnailCache"=1 (0x1)
"NoClose"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 risdptsk;risdptsk;C:\WINDOWS\system32\DRIVERS\risdptsk.sys
R1 avfwot;avfwot;\??\C:\WINDOWS\system32\drivers\avfwot.sys
R1 avgio;avgio;\??\C:\Program Files\Avira Premium Security Suite\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira Premium Security Suite\avmailc.exe"
R2 AntiVirScheduler;Avira Premium Security Suite Scheduler;"C:\Program Files\Avira Premium Security Suite\sched.exe"
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira Premium Security Suite\avesvc.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\Avira Premium Security Suite\avgntflt.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp

*Newly Created Service* - ANTIVIRFIREWALLSERVICE
*Newly Created Service* - ANTIVIRMAILSERVICE
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVESERVICE
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - SSMDRV

Contents of the 'Scheduled Tasks' folder
2007-08-24 15:28:15 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 15:19:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]
"ImagePath"="\"C:\Program Files\Avira Premium Security Suite\sched.exe\""

Completion time: 2007-08-25 15:20:44
C:\ComboFix-quarantined-files.txt ... 2007-08-25 15:20

--- E O F ---

Uz mi konci nocna, ale..Tvoj problem sposobil nejaky program, co zmenil registre, upravil zasady skupiny. Ak nemas urobenu zalohu obnova pojde tazko, ak teda nejde obnova z bodu..(este by som vyskusal), tak bud reinstal, alebo este manualne cez gpedit.msc.
Kedze Ti chyba start-spustit, mozes pouzit aj prave tlacitko na listu, potom panel nastrojov a zafajkni adresa. Do tohto policka, ked zadas gpedit.msc mozes vratit napriklad gombik "vypnut" v ponuka start a aj ostatne..
Pracovna plocha by mala byt este v pc, asi bude len premenovana, alebo mas vytvoreny iny ucet?. Si pozri. Ja uz pojdem, takze snad poradi este niekto iny.

neviem ako, ale dostal som naspat do ponuky start ,,run,, takze ako v tom mam pokracovat, myslim v tom gpedit.msc aby som dostal naspat aj to na vypnutie PC??? vlasnte ak to tam dostanem tak je vsetko vyriesne, alebo ne???

ComboFix 07-08-09.3 - "peter" 2007-08-25 17:08:58.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.83 [GMT 2:00]
Command switches used :: C:\Documents and Settings\peter\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\firstlsp.reg.dat
C:\WINDOWS\assys.dll
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\uawin.dll
C:\WINDOWS\zts2.exe


((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))


2007-08-25 16:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-25 14:52 57,344 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2007-08-25 14:52 53,504 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2007-08-25 14:52 <DIR> d-------- C:\Program Files\Avira Premium Security Suite
2007-08-25 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira Premium Security Suite
2007-08-25 02:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-25 00:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-24 20:52 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\DAEMON Tools Pro
2007-08-24 20:47 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-24 18:58 <DIR> d-------- C:\TP
2007-08-20 17:26 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Corel
2007-08-20 17:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-20 17:24 88 -r-hs---- C:\WINDOWS\system32\44435F73D3.sys
2007-08-20 17:24 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-20 17:24 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-08-20 17:23 <DIR> d-------- C:\Program Files\Corel
2007-08-19 21:58 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Zoner
2007-08-12 22:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-12 22:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-12 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-12 20:01 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-08-12 15:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 14:43 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-08-12 12:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-08-12 12:57 146,432 --a------ C:\WINDOWS\R.COM
2007-08-12 12:57 135,680 --a------ C:\WINDOWS\system32\T.COM
2007-08-12 12:51 <DIR> d-------- C:\Program Files\CCleaner
2007-08-11 22:50 487,424 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-08-10 17:17 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Media Player Classic
2007-08-10 17:10 <DIR> d-------- C:\DOCUME~1\peter\Incomplete
2007-08-10 17:10 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\LimeWire
2007-08-10 17:01 <DIR> d--hs---- C:\RECYCLER
2007-08-09 19:36 <DIR> d-------- C:\Program Files\nLite
2007-08-09 19:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-09 19:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-09 19:18 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-09 19:17 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-09 19:08 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-09 19:05 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-09 19:05 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-09 19:05 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-09 18:48 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-09 18:17 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-09 18:17 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-08-09 18:14 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-09 18:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-09 18:14 <DIR> d-------- C:\DOCUME~1\peter\UserData
2007-08-09 16:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-09 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-09 16:06 <DIR> d-------- C:\Downloads
2007-08-09 16:05 <DIR> d-------- C:\Program Files\BitComet
2007-08-09 15:59 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-08-09 15:57 <DIR> d-------- C:\Program Files\MSBuild
2007-08-09 15:57 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-09 15:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-09 15:52 <DIR> d-------- C:\MSOCache
2007-08-09 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-09 15:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-09 15:44 <DIR> d-------- C:\Program Files\LimeWire
2007-08-09 15:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-09 15:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-09 15:35 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-09 15:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-09 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-09 15:33 <DIR> d-------- C:\Program Files\Disk Cleaner
2007-08-09 15:32 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\ICQ
2007-08-09 15:31 <DIR> d-------- C:\Program Files\ICQ6
2007-08-09 15:29 <DIR> d-------- C:\DOCUME~1\peter\APPLIC~1\Ahead
2007-08-09 15:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-09 15:26 <DIR> d-------- C:\Program Files\Nero
2007-08-09 15:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-09 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-09 15:25 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-09 15:25 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-08-09 15:24 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-08-09 15:24 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-09 15:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-09 15:24 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-08-09 15:24 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-08-09 15:24 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-08-09 15:22 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-08-09 15:22 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-08-09 15:22 85,020 --a--c--- C:\WINDOWS\system32\dllcache\dgsetup.dll
2007-08-09 15:22 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-08-09 15:22 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-08-09 15:22 8,704 --a--c--- C:\WINDOWS\system32\dllcache\batt.dll
2007-08-09 15:22 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-08-09 15:22 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-08-09 15:22 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdhept.dll
2007-08-09 15:22 774,144 --a--c--- C:\WINDOWS\system32\dllcache\spttseng.dll
2007-08-09 15:22 77,824 --a--c--- C:\WINDOWS\system32\dllcache\spcommon.dll
2007-08-09 15:22 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-08-09 15:22 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-08-09 15:22 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-08-09 15:22 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdcz.dll
2007-08-09 15:22 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-08-09 15:22 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-08-09 15:22 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-08-09 15:22 61,440 --a--c--- C:\WINDOWS\system32\dllcache\spcplui.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 20:33 359808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-09 20:33 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-09 16:06 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a--c--- C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-26 16:35 665600 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 08:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 10:12 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 10:12 616960 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 10:12 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 10:12 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 10:12 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 10:12 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 10:12 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 10:12 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 10:12 3064320 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 10:12 251904 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 10:12 205824 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 10:12 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 10:12 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 10:12 1498112 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 10:12 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 10:12 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 10:12 1022976 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 12:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira Premium Security Suite\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoThumbnailCache"=1 (0x1)
"NoClose"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 risdptsk;risdptsk;C:\WINDOWS\system32\DRIVERS\risdptsk.sys
R1 avfwot;avfwot;\??\C:\WINDOWS\system32\drivers\avfwot.sys
R1 avgio;avgio;\??\C:\Program Files\Avira Premium Security Suite\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira Premium Security Suite\avmailc.exe"
R2 AntiVirScheduler;Avira Premium Security Suite Scheduler;"C:\Program Files\Avira Premium Security Suite\sched.exe"
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira Premium Security Suite\avesvc.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\Avira Premium Security Suite\avgntflt.sys
R3 MTsensor;ATK0100 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-08-24 15:28:15 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 17:13:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x49c"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=str(7):"e:\smbus\smbus\smbusati.inf"

scanning hidden files ...

C:\WINDOWS\0.log
**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]
"ImagePath"="\"C:\Program Files\Avira Premium Security Suite\sched.exe\""

Completion time: 2007-08-25 17:16:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-25 17:15
C:\ComboFix2.txt ... 2007-08-25 15:20

--- E O F ---