Prosim o kontrolu logu z hijackthis

[superbagr]

Prosim o kontrolu logu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:17, on 12.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Reader Link Helper - {A8607BAF-0EB3-473C-84C9-F3A5B901A796} - C:\WINDOWS\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE473EE-675D-4578-BED3-CE0061AB3A9E}: NameServer = 212.96.160.50
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Martin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--

[BUBINO]

Mas Norton Antivirus a Avast. Potencionalny problem. Jeden odinstaluj.

Len tak letmo prever, ci ti je tento obrazok znamy :
C:/DOCUME~1/Martin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

Sem-tam ho zvyknu davat viry.

[superbagr]

Mas Norton Antivirus a Avast. Potencionalny problem. Jeden odinstaluj.

Len tak letmo prever, ci ti je tento obrazok znamy :
C:/DOCUME~1/Martin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

Sem-tam ho zvyknu davat viry.

Mensi oprava jedna se o Norton Ghost pravdepodobne jsi to prehledl.

Ten obrazek mi nic nerika.

Jeste doplnim ze pri otevreni okna IE mi neustale pise:

Your computer was infected by unknown trojan.
It´s dangerous for your system (critical files can be lost)!
Click OK do download antispyware program to clean your system! (Recomended)

Projel jsem komp ad-adware a nic mi nenasel. Proto jsem sem vlozil log, treba mi nekdo poradi jak se toho zbavit.

[BUBINO]

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe >> Norton Internet Security or Norton Antivirus
http://www.neuber.com/taskmanager/proce ... r.exe.html

Daj sem log z combofixu:

stahnete a ulozte na plochu [http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url]

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Baron Prášil]

norton se dá snadno odinstalovat tímto
http://service1.symantec.com/SUPPORT/ts ... 3108162039

[superbagr]

log z combofix:

ComboFix 08-02-12.3 - Administrator 2008-02-12 17:49:02.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.816 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Martin\Data aplikací\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 15:55 . 2008-02-12 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-02-12 15:55 . 2006-09-22 08:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-12 15:55 . 2006-09-22 09:46 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-02-12 15:39 . 2008-02-12 15:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-12 15:39 . 2008-02-12 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-02-12 15:33 . 2008-02-12 15:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-12 15:33 . 2008-02-12 15:33 3,445 --a------ C:\WINDOWS\unins000.dat
2008-02-12 15:27 . 2008-02-12 15:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-12 15:27 . 2008-02-12 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-12 14:34 . 2008-02-12 14:34 231,424 --a------ C:\WINDOWS\AcroIEHelper.dll
2008-02-12 14:34 . 2008-02-12 14:34 48 --a------ C:\tmp.bat
2008-02-08 19:44 . 2008-02-08 19:44 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-08 19:44 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-08 19:44 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-08 19:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-08 19:44 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-08 19:44 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-08 19:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-08 19:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-08 19:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-08 19:40 . 2008-02-08 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-02-07 15:00 . 2008-02-07 15:00 <DIR> d-------- C:\Program Files\Zoner
2008-02-07 14:58 . 2008-02-12 15:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 09:59 . 2008-01-29 09:59 <DIR> d-------- C:\Documents and Settings\Martin\Data aplikací\Grass Valley
2008-01-29 09:59 . 2008-01-29 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grass Valley
2008-01-29 09:56 . 2008-01-29 09:56 <DIR> d-------- C:\Program Files\Grass Valley
2008-01-29 09:56 . 2008-01-29 09:56 <DIR> d-------- C:\Program Files\Common Files\Snell & Wilcox Shared
2008-01-29 09:56 . 2008-01-29 09:56 <DIR> d-------- C:\Program Files\Common Files\Grass Valley
2008-01-29 09:56 . 2008-01-29 09:57 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2008-01-29 09:56 . 2006-03-08 15:36 1,085,520 --a------ C:\WINDOWS\system32\csedvh.dll
2008-01-28 18:06 . 2008-01-28 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Corporation
2008-01-28 18:06 . 2004-08-17 15:49 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-28 18:03 . 2008-01-28 18:04 <DIR> d-------- C:\Documents and Settings\Martin\Data aplikací\Sony Corporation
2008-01-28 18:00 . 2008-01-28 18:00 <DIR> d-------- C:\Drivers
2008-01-28 18:00 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-01-28 18:00 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-01-28 18:00 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-01-28 18:00 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-01-28 18:00 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-01-28 18:00 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-01-28 17:58 . 2008-01-29 10:24 <DIR> d-------- C:\Program Files\Sony
2008-01-25 11:38 . 2008-01-25 18:15 <DIR> d-------- C:\Program Files\Counter-Strike
2008-01-24 19:59 . 2008-01-24 19:59 <DIR> d-------- C:\Program Files\Valve
2008-01-24 19:42 . 2008-01-24 19:42 <DIR> d-------- C:\Program Files\OpenSSL
2008-01-21 13:57 . 2008-01-21 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\YoYoGames
2008-01-13 20:41 . 2008-01-13 20:41 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 12:49 --------- d-----w C:\Program Files\IDOS
2008-01-29 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 18:36 --------- d-----w C:\Documents and Settings\Martin\Data aplikací\uTorrent
2008-01-27 14:49 --------- d-----w C:\Documents and Settings\Martin\Data aplikací\Vso
2008-01-24 18:42 155,648 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-01-05 09:41 --------- d-----w C:\Program Files\PDF Password Remover v2.5
2008-01-05 09:35 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2008-01-01 18:54 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-12-25 18:46 --------- d-----w C:\Documents and Settings\Martin\Data aplikací\EPSON
2007-12-25 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 16:54 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\UDL
2007-12-25 16:53 --------- d-----w C:\Program Files\epson
2007-12-25 16:50 --------- d-----w C:\Documents and Settings\Martin\Data aplikací\InstallShield
2007-12-25 16:49 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\EPSON
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-09-10 18:36 47,360 ----a-w C:\Documents and Settings\Martin\Data aplikací\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8607BAF-0EB3-473C-84C9-F3A5B901A796}]
2008-02-12 14:34 231424 --a------ C:\WINDOWS\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetCacheMode"="ptipbmf.dll" [2003-01-18 14:11 24576 C:\WINDOWS\system32\ptipbmf.dll]
"nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 14:30 58992]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 18:09 1537648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12 483328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-22 09:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 10:29 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12 90112]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23 3035136]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 17:45 389120]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 09:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S3 BQS88CDC;BenQ S88 Driver;C:\WINDOWS\system32\DRIVERS\bqs88cdc.sys [2004-12-07 05:52]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 17:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-12 17:52:50
ComboFix-quarantined-files.txt 2008-02-12 16:52:42
.
2008-01-10 16:30:06 --- E O F ---

[BUBINO]

Combo nieco zmazal. Stiahni si KillBox:
http://www.viry.cz/forum/viewtopic.php?t=43207

Do okna skopiruj tuto cestu :
C:\tmp.bat

Oznac v kruzku DELETE ON REBOOT a klikni na cerveny krizik.


Tieto veci otestuj na virustotal.com:
C:\WINDOWS\system32\csedvh.dll
C:\WINDOWS\system32\lsdelete.exe
Vysledky daj sem.

[superbagr]

Problem vyresen jinak. Dekuji za pomoc

[BUBINO]

Nemas zac.Mohol by som vediet, ako si ho vyriesil?

[superbagr]

Pomoci sdfix jsem se toho zbavil.