Neustale stahovanie dat

[Koudy6]

Ahojte. Mam taky menisi problem. Stiahol som si program na monitorovanie stiahnutych dat Bandwidth Monitor. Vsetko ide ako ma ale furt mi zobrazuje ze sa mi nieco stahuje a obcas daco uploaduje. Neviete ci by sa dalo zistit oco sa jedna?

[jansv]

Ahoj, vlož sem log z HijackThis, jestli nemáš v PC nějakého šmejda.

Stáhni si HijackThis např. odtud - http://www.stahuj.centrum.cz/internet_a ... ijackthis/

Použití
1. Spusť program a stiskněte tlačítko "Do a system scan and save a log"
2. Celý obsah textového dokumentu, který po chvilce sám "vyskočí" sem vlož normálně do příspěvku a já Ti to zkontroluju, a poté uvidíme, co dále.

[Koudy6]

Ok tak vyskocilo mi toto:

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:50, on 8.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor2300WStatusDisplay] C:\WINDOWS\system32\MSTMON_P.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 9296 bytes

[petr_]

Je tam pár věcí které neznám, zkus to projet spybotem. - http://www.safer-networking.org/cz/spybotsd/index.html
Jinak zkus ještě ukončit skype, jestrli ti ńeděla supernoda.

[jansv]

Spybot není třeba. Vlož sem ještě log z ComboFix.

Návod (citace):
Stáhněte a uložte na plochu ComboFix.
Spusťte pod účtem s Administrátorským oprávněním, před spuštěním vypněte všechny aplikace včetně Antiviru a Firewallu.
Celá akce trvá okolo 10 minut, někdy i déle.
Nelekněte se, když Váš stroj bude restartován.
Po restartu aplikace vytvoří log, uložený na C:/Combofix.txt (Při opakovaném použití jsou logy označeny Combofix2.txt atd.), JEHO OBSAH SEM VLOŽTE.

[Koudy6]

Tak stroj sa mi nerestartol...tu je log

Kód: Vybrat vše

ComboFix 09-01-07.02 - Koudy 2009-01-08 16:38:33.1 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.511.219 [GMT 1:00]
Spuštěný z: c:\documents and settings\Koudy\Plocha\ComboFix.exe
 * Vytvořen nový Bod Obnovení
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Koudy\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\windows\system32\MSInitXP.Sys
c:\windows\system32\MSMainXP.Sys

.
(((((((((((((((((((((((((   Soubory vytvořené od 2008-12-08 do 2009-01-08  )))))))))))))))))))))))))))))))
.

2009-01-08 14:08 . 2009-01-08 14:08	<DIR>	d--------	c:\program files\Trend Micro
2009-01-08 08:42 . 2009-01-08 08:42	<DIR>	d--------	c:\program files\Lavasoft
2009-01-08 08:42 . 2009-01-08 08:42	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Lavasoft
2009-01-08 08:42 . 2009-01-08 08:42	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Lavasoft
2009-01-08 08:27 . 2009-01-08 10:17	<DIR>	d--------	c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-07 22:11 . 2009-01-07 22:11	<DIR>	d--------	c:\program files\BandwidthMonitor
2009-01-07 22:11 . 2009-01-07 22:11	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\BWMonitor
2009-01-07 22:11 . 2009-01-07 22:11	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\BWMonitor
2009-01-03 15:38 . 2009-01-03 15:38	<DIR>	d--------	c:\program files\Data Design Interactive
2009-01-02 13:40 . 2009-01-02 21:54	<DIR>	d--------	c:\documents and settings\All Users\Data aplikací\NFS Underground
2009-01-02 13:33 . 2009-01-02 13:33	<DIR>	d--------	c:\program files\EA GAMES
2009-01-01 17:32 . 2009-01-01 17:32	<DIR>	d--------	c:\program files\Opera
2008-12-31 19:11 . 2008-12-31 19:11	0	--a------	C:\HCT4C.tmp
2008-12-31 19:11 . 2008-12-31 19:11	0	--a------	C:\HCT4B.tmp
2008-12-25 17:32 . 2008-12-25 17:32	<DIR>	d--------	c:\program files\Common Files\DirectX
2008-12-25 17:22 . 2008-12-28 17:37	<DIR>	d--------	c:\program files\7-Zip
2008-12-24 19:10 . 2008-12-24 19:10	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Sony Corporation
2008-12-24 19:10 . 2008-12-24 19:10	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Sony Corporation
2008-12-24 18:52 . 2008-12-24 18:52	<DIR>	d--------	c:\program files\Sony
2008-12-24 18:52 . 2006-11-02 16:57	118,520	--a------	c:\windows\system32\PxInsI64.exe
2008-12-24 18:52 . 2006-10-18 19:43	115,960	--a------	c:\windows\system32\PxCpyI64.exe
2008-12-24 18:52 . 2006-11-02 16:57	36,624	--a------	c:\windows\system32\drivers\pxhelp20.sys
2008-12-24 18:52 . 2006-08-28 21:48	2,560	--a------	c:\windows\system32\drivers\cdralw2k.sys
2008-12-24 18:52 . 2006-08-28 21:48	2,432	--a------	c:\windows\system32\drivers\cdr4_xp.sys
2008-12-19 15:34 . 2008-12-19 15:34	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Ansys
2008-12-19 15:34 . 2008-12-19 15:34	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Ansys
2008-12-19 14:53 . 2008-12-22 15:42	<DIR>	d--------	c:\program files\Microsoft SQL Server
2008-12-19 14:24 . 2008-12-19 14:24	<DIR>	d--------	c:\program files\Microsoft WSE
2008-12-19 14:22 . 2008-12-19 16:02	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Autodesk
2008-12-19 14:22 . 2008-12-19 16:02	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\Autodesk
2008-12-19 14:21 . 2008-12-22 19:56	<DIR>	d--------	c:\program files\Common Files\Autodesk Shared
2008-12-19 14:21 . 2008-12-22 19:43	<DIR>	d--------	c:\program files\Autodesk
2008-12-19 14:21 . 2008-12-22 19:59	<DIR>	d--------	c:\documents and settings\All Users\Data aplikací\Autodesk
2008-12-19 14:20 . 2005-07-27 13:43	150,224	--a------	c:\windows\system32\RGB9Rast_1.dll
2008-12-18 13:04 . 2008-12-18 13:04	<DIR>	d--------	c:\program files\Windows Media Connect 2
2008-12-18 13:01 . 2008-12-18 13:01	<DIR>	d--------	c:\windows\system32\LogFiles
2008-12-18 13:01 . 2008-12-19 06:37	<DIR>	d--------	c:\windows\system32\drivers\UMDF
2008-12-10 13:37 . 2008-12-10 18:46	<DIR>	d--------	c:\program files\EAGLE-5.3.0
2008-12-10 13:36 . 2008-12-10 13:36	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\CadSoft
2008-12-10 13:36 . 2008-12-10 13:36	<DIR>	d--------	c:\documents and settings\Koudy\Data aplikací\CadSoft
2008-12-09 20:21 . 2008-12-09 20:21	<DIR>	d--------	c:\program files\MWSnap

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 12:37	12,400	----a-w	c:\windows\system32\drivers\secdrv.sys
2009-01-02 11:02	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\ICQ
2009-01-02 11:02	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\ICQ
2008-12-31 09:26	---------	d-----w	c:\program files\JetAudio
2008-12-29 13:55	---------	d-----w	c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-28 19:40	---------	d-----w	c:\program files\SpeedFan
2008-12-28 16:35	---------	d-----w	c:\program files\EAGLE-4.15
2008-12-24 17:55	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-12-19 05:45	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Nokia
2008-12-19 05:45	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Nokia
2008-12-19 05:36	---------	d-----w	c:\documents and settings\All Users\Data aplikací\PC Suite
2008-12-18 14:56	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Desktopicon
2008-12-18 14:56	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Desktopicon
2008-12-18 14:24	---------	d-----w	c:\program files\SendBlaster
2008-12-17 20:45	---------	d-----w	c:\program files\Common Files\InstallShield
2008-12-15 16:30	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Hamachi
2008-12-15 16:30	---------	d-----w	c:\documents and settings\Koudy\Data aplikací\Hamachi
2008-11-29 09:25	---------	d-----w	c:\program files\Lavalys
2008-11-19 09:25	98,304	----a-w	c:\windows\system32\CmdLineExt.dll
2008-11-19 09:14	---------	d-----w	c:\program files\Aspyr Media, Inc
2008-11-18 20:05	25,280	----a-w	c:\windows\system32\drivers\hamachi.sys
2008-11-18 20:05	---------	d-----w	c:\program files\Hamachi
2008-11-11 20:01	---------	d-----w	c:\program files\VDOWNLOADER
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\gdi32.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 10:39	660,480	----a-w	c:\windows\system32\wininet.dll
2008-10-15 08:00	73,216	----a-w	c:\windows\ST6UNST.EXE
2008-10-15 08:00	335,872	------w	c:\windows\Setup1.exe
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54	1555480	--a------	c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-08-11 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"BandwidthMonitor"="c:\program files\BandwidthMonitor\BWMonitor.exe" [2008-10-07 577536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"KONICA MINOLTA magicolor2300WStatusDisplay"="c:\windows\system32\MSTMON_P.EXE" [2003-12-22 176128]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Koudy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-24 385024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-08-10 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-08-10 741987]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Miranda\\miranda32.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-31 111184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-07-31 20560]
R4 MLPTDR_P;MLPTDR_P;c:\windows\system32\MLPTDR_P.SYS [2003-07-09 20032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3812a2d2-9c6f-11dd-aa3d-001109c7c9e4}]
\Shell\AutoRun\command - E:\Web'n'walk_Helper.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ErrorRepairPro - c:\program files\Error Repair Professional\autostart.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Connection Wizard,ShellNext = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Koudy\Data aplikací\Mozilla\Firefox\Profiles\lxn0fajp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.sk/
FF - component: c:\documents and settings\Koudy\Data aplikací\Mozilla\Firefox\Profiles\lxn0fajp.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Data aplikacĂ­\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 16:40:09
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ... 

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ... 

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-01-08 16:41:37
ComboFix-quarantined-files.txt  2009-01-08 15:41:25

Před spuštěním: Volných bajtů: 46 103 838 720
Po spuštění: Volných bajtů: 46,204,661,760

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

208	--- E O F ---	2008-12-20 08:11:16

[jansv]

Dobře, ale pro příště, prosím, nevkládejte logy do Kód. Blbě se to čte, děkuji.

Je možné, že si nějaký program aktualizuje svojí databázi a tak komunikuje s internetem. Ale pro jistotu, že to není havětí, sem ještě vložte log z MBAMu.

Nyní stahněte a spusťte
Stáhněte Malwarebytes' Anti-Malware - http://viry.cz/forum/viewtopic.php?f=29&t=67229
Dejte úplný sken C systém
Log sem, nic nemazat až po posouzení logu