HijackThis utilita + LOGY k posouzeni

mixo · Příspěvek od **mixo** » stř 3. říj 2007, 09:39

AntiVir PersonalEdition Classic
Report file date: Wednesday, October 03, 2007 08:24

Scanning for 863147 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: MMM

Version information:
BUILD.DAT : 270 15603 Bytes 19.9.2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.8.2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.8.2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.8.2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.8.2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13.9.2007 13:26:55
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28.9.2007 21:30:35
ANTIVIR3.VDF : 7.0.0.45 74240 Bytes 2.10.2007 06:03:08
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 1.10.2007 21:30:39
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.2.2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.7.2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 3.8.2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18.7.2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.8.2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.7.2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8.3.2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7.8.2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.8.2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.7.2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, October 03, 2007 08:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WINCMD32.EXE' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ICQLite.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
24 processes with 24 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\' <WIN98>
Begin scan in 'D:\' <WINXP>
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{9D9AF37E-8309-447E-AEB1-AE2016D77DF2}\RP101\A0033066.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.fej Backdoor server programs
[INFO] The file was deleted!
D:\WINDOWS\system32:lzx32.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!

End of the scan: Wednesday, October 03, 2007 09:35
Used time: 1:11:00 min

The scan has been done completely.

3302 Scanning directories
110286 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
110284 Files not concerned
1442 Archives were scanned
1 Warnings
0 Notes

rary · Příspěvek od **rary** » stř 3. říj 2007, 09:51

Vypni obnovu systému.

A poté Aplikuj prosím ComboFix:
Stáhni si combofix a ulož ho na plochu, spusť ho.Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je log umístěný na - C:\ComboFix.txt

(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)

Musíš mít účet administrátora aby ti fungoval combofix.

R1dd14k · Příspěvek od **R1dd14k** » stř 3. říj 2007, 18:21

Logfile of HijackThis v1.99.1
Scan saved at 18:13:11, on 3.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\programs\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
d:\programs\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
D:\programs\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
d:\programs\ProShowGold\ScsiAccess.exe
d:\programs\Spyware Terminator\sp_rsser.exe
D:\Programs\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
d:\programs\Avast4\ashMaiSv.exe
d:\programs\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programs\QIP\qip.exe
D:\Programs\Opera\Opera.exe
D:\Programs\HjJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.icq.com/start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Reader 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" perf "C:\Program Files\NVIDIA Corporation\nTune\Profiles\Best system.npe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] d:\programs\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programs\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - D:\Programs\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\programs\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\programs\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\programs\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - d:\programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - d:\programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - d:\programs\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - d:\programs\Borland\vbroker\bin\osagent.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - d:\programs\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\programs\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programs\Alcohol 120\StarWind\StarWindServiceAE.exe

Děkuji

likc · Příspěvek od **likc** » stř 3. říj 2007, 18:46

vidim tam jen tohle smeti
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

comp nejak zlobi?

R1dd14k · Příspěvek od **R1dd14k** » stř 3. říj 2007, 18:47

No akorat se ted posledni dobou nejak dlouho poustel ... ted to z niceho nic beha rychlejc...

likc · Příspěvek od **likc** » čtv 4. říj 2007, 12:46

Muzes pripadne pouzit nejaky cistici programky jako CCleaner nebo Regcleaner a promazat smeti, co mas v systemu.

FrankPerconte

Cau, prosim moc o kontrolu logu, pc se mi behem mesice neskutecne zpomalilo, XP se nacita snad 2 min (cerna obrazovka s logem XP) a cokoliv co spoustim tak je neskutecne pomale. SpyBot, Adaware, ZoneAlarm NOD32, nenasli zadny spyware ci vir!!

AMD Athlon 64 3800+ , ASUS M2N-E SLI, 2x512 667mhz Kingmax, Gainward GF7600GT 256DDR3 Golden Sample, Seagate 7200ot Barracude 20GB

dik jak svina

Logfile of HijackThis v1.99.1
Scan saved at 12:23:02, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Utillity\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cod.alliancze.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

likc · Příspěvek od **likc** » ned 28. říj 2007, 05:57

Z logu zadny vir nekouka. Co se pomalosti tyce, tak ono se toho natahuje pomerne dost. Defragmentacni nastroj, nejaka ta vec na hru, vstupni zarizeni, pomerne dost nera a tak, tak ze to chvili da.
Kazdopadne hodne lidi s podobnymi problemy pouzivalo flashget. Minimalne neregistrovana verze tahala svinstva, i kdyz se nyni vyrobce u verze 2.0 chlubi 100% clean, ale zas to bude asi po zaregistrovani. Doporucoval jsem tu alternativu, ale vzdy to zapomenu, bude v nejakem mem prispevku tak 3 mesice zpatky.

FrankPerconte

diky, ale nechapu to, driv sem mel uplne to same (programy) a najednou totok. Treba vubec nechapu proc je tam 3x rundll32.exe ??

likc · Příspěvek od **likc** » ned 28. říj 2007, 15:49

ja spis nevim, proc je ten rundll pokazde napsany jinak...
koukni do spravce uloh, jestli nejaky z tech procesu nevyuziva neumerne moc procesoru, kdyz je pc v klidu.
Mrkni taky, co ti pousti firewall do sveta, jestli jsi to nahodou nekdy omylem nepovolil.

FrankPerconte

prave, nvm proc jich je tam tolik , proc se jmenuje kazdy jinak.
mno ve spravci uloh jsou psany vsechny stejne "rundll32.exe" procesor neberou vubec, pameti:
1. 4.8 MB
2. 13MB
3. 3.8MB

videl sem spustu viru co se pojmenujou krapet jinak nez ruzne systemove soubory. Ale divny ze mi to NOD ani AVAST nenasel

likc · Příspěvek od **likc** » pon 29. říj 2007, 04:48

No tak pokud nejaky nebere treba 80% CPU, tak to je dobry.
Pres rundll se spousti systemove knihovny, jak uz jeho nazev napovida.

je mozne, jak Ti tam bezi treba ta defragmentace, tak to potrebuje mit zavedenou nejakou knihovnu.
Ja jsem myslel, ze tam mas nejaky adware, ale pak jsem dokouknul, ze jsi adaware pouzil. No muzes treba zkusit jeste nejaky jiny antispy, napr. Spyware terminator. Taky treba procistit PC, veci jako CCleaner nebo regclean. To by mohlo PC trochu popohnat.

Dex_Holland · Příspěvek od **Dex_Holland** » ned 11. lis 2007, 15:49

ahoj natáhl jsem si do kompu nějakou potvoru,problém je v tom ,že ad aware,spybot a dokonce ani kis(ten nějakyho trojana našel a smazal), to nedokažou dat uplně do pořádku.
Pořát mi vyskakuje nějaká chyba,ale nejde vidě tco v tom okýnku je protože se to rozmazáva podle podkladu.
log z hijack

Logfile of HijackThis v1.99.1
Scan saved at 15:06:03, on 11.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Driver\i386\ms-java.exe
C:\WINDOWS\Driver\i386\winlogon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Driver\i386\mssvc.exe
C:\Documents and Settings\Aleš\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2567262000
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\Driver\i386\ms-java.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

tady je ještě ta chyba co mi to hází
http://img255.imageshack.us/my.php?image=chybaqy7.jpg

BUBINO · Příspěvek od **BUBINO** » ned 11. lis 2007, 18:10

Sutam neake BAD veci .

Pre istotu sem dajte este log z ComboFixu:
Stiahnite si ComboFix
Restartuje pocitac do nudzoveho rezimu.
Behom skenu bude vas pocitac restartovany.
Po restartu vytvori log, uložený v C:/Combofix.txt .
Jeho obsah vlozte sem.

Dex_Holland · Příspěvek od **Dex_Holland** » ned 11. lis 2007, 18:34

ComboFix 07-11-08.1 - Aleš 2007-11-11 18:24:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1454 [GMT 1:00]
Running from: C:\Documents and Settings\Aleš\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:45 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 14:24 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-11 14:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-11 14:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-11 14:24 3,440 --a------ C:\WINDOWS\undo.reg
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:11 86,528 --a------ C:\WINDOWS\bnetunin.exe
2007-10-31 23:11 61,440 --a------ C:\WINDOWS\diabunin.exe
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-31 15:14 <DIR> d-------- C:\Program Files\capcom
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 17:26 26,349,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 17:25 415,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 17:23 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 15:03 40,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-11 15:03 348,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 17:34 --------- d-----w C:\Program Files\Diablo II
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 14:28]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-11 14:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 10:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 Ms-java;Ms-java;C:\WINDOWS\Driver\i386\ms-java.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3499bbb8-7c2f-11dc-9eec-000461a266f7}]
\Shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ebbb670-8073-11dc-8292-806d6172696f}]
\Shell\AutoRun\command - G:\SETUP.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 18:25:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 18:26:56
.
--- E O F ---

BUBINO · Příspěvek od **BUBINO** » ned 11. lis 2007, 20:35

Odinstalujte Trojan Remover. Mate vela antispywarov . Pouzivajte Kaspersky ako antivirus a Spyware Terminator pouzivajte iba ako antispyware .

Start --> Spustit --> services.msc . Z ponuky vyhladajte tuto sluzby Ms-java
Poklikajte a ukoncite a zastavte na zakazanu . Potom restartuje pocitac.

Stianite si avenger Stiahnite si nastroj AVENGER na plocuhu tu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte ku tomu bielemu oknu a do neho skopirujte cely text v bielom okne tu dole:

Drivers to unload:
ms-java.exe

Files to delete:
C:\WINDOWS\Driver\i386\ms-java.exe
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
C:\WINDOWS\diabunin.exe
C:\WINDOWS\bnetunin.exe
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox2.idx
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\system32\drivers\fidbox.idx
C:\WINDOWS\Driver\i386\winlogon.exe
C:\WINDOWS\Driver\i386\mssvc.exe

DONE --> SEMAFOR --> OK . Po vstupu do win vam vybehne log ktory je aj ulozeny v c:\avenger.txt . Dajte ho sem .

V hijackThis fixnite :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Na plochu vlozte novy textovy dokument hladam.txt Do neho vlozte tento text :
citace:

cd\
dir "c:\Program Files" >> mam.txt
echo ------------------>> mam.txt
dir "C:\WINDOWS\Pix_temp" >> mam.txt
echo ------------------>> mam.txt
dir "C:\WINDOWS\C:\WINDOWS\solcache" >> mam.txt
echo ------------------>> mam.txt
notepad mam.txt

Dajtete ho ulozit ako , ounacte vsechny programy a ulozte ho pod nazvom hladam.bat Na subor poklikajte a log sem skopirujte .

Urobte nove logy z Combofixu a HijackThis.

Dex_Holland · Příspěvek od **Dex_Holland** » ned 11. lis 2007, 22:44

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fafkiapv

*******************

Script file located at: \??\C:\eprlegwq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key \Registry\Machine\System\CurrentControlSet\Services\ms-java.exe not found!
Unload of driver ms-java.exe failed!

Could not process line:
ms-java.exe
Status: 0xc0000034

File C:\WINDOWS\Driver\i386\ms-java.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\ms-java.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\ms-java.exe
Status: 0xc0000034

Error: C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP is a folder, not a file!
Deletion of file C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP failed!

Could not process line:
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
Status: 0xc00000ba

File C:\WINDOWS\diabunin.exe deleted successfully.
File C:\WINDOWS\bnetunin.exe deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.idx deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.idx deleted successfully.

File C:\WINDOWS\Driver\i386\winlogon.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\winlogon.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\winlogon.exe
Status: 0xc0000034

File C:\WINDOWS\Driver\i386\mssvc.exe not found!
Deletion of file C:\WINDOWS\Driver\i386\mssvc.exe failed!

Could not process line:
C:\WINDOWS\Driver\i386\mssvc.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Dex_Holland · Příspěvek od **Dex_Holland** » ned 11. lis 2007, 22:46

Logfile of HijackThis v1.99.1
Scan saved at 22:45, on 2007-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Aleš\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2567262000
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

ten cobo fix mě dělal nějaky problémy.dlouho to trvalo a nic se nedělo.kis se mě vypnul a předtim mě hlasil nějakyho trojana při tom když jsem pustil combo fix

BUBINO · Příspěvek od **BUBINO** » ned 11. lis 2007, 22:51

Log vypada ok . Chodte do nudzoveho rezimu a vypnete stity antispywarov. Log urobte v nudzaku a pockajte chvilu . Trosku to bude trvat.

Dex_Holland · Příspěvek od **Dex_Holland** » stř 14. lis 2007, 14:25

ahoj promin,chvilu to trvalo nebyl jsem u svého pc,tady je ten log nový

ComboFix 07-11-08.1 - Administrator 2007-11-14 14:19:18.3 - NTFSx86 MINIMAL
Running from: D:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 14:16 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-11 22:13 1,444,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 22:13 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-11 18:34 <DIR> d-------- C:\Program Files\Attack on Pearl Harbor
2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:10 <DIR> d-------- C:\Diablo
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-31 15:14 <DIR> d-------- C:\Program Files\capcom
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-24 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-24 22:13 <DIR> d-------- C:\Program Files\CyberLink
2007-10-24 22:09 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 16:22 147,968 --a------ C:\WINDOWS\R.COM
2007-10-24 16:22 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-10-24 08:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-24 08:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-24 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-10-24 08:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-24 08:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-24 08:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-24 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-10-24 07:47 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 22:44 <DIR> d-------- C:\UT2004
2007-10-23 17:07 <DIR> d-------- C:\Program Files\DreamCom
2007-10-23 12:02 <DIR> d-------- C:\Program Files\ATMA V
2007-10-18 19:25 <DIR> d-------- C:\Program Files\DIFX
2007-10-18 19:24 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-18 19:24 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-18 19:24 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-18 19:24 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-18 19:23 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2007-10-18 15:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-18 13:38 <DIR> d-------- C:\SIERRA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 13:17 22,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 13:17 2,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-12 10:39 --------- d-----w C:\Program Files\Diablo II
2007-11-11 21:26 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_22.27.26,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:50:59 8,457,728 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:59 8,457,728 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:53:19 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:08 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 14:21:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 14:21:44
C:\ComboFix2.txt ... 2007-11-11 18:26
.
--- E O F ---

HijackThis utilita + LOGY k posouzeni

Prosim o kontrolu HijackThis

Prosim o kontrolu logu

divny

rundll

vir-kontrola logu pls

Re: vir-kontrola logu pls