PCTuning fórum

je mi v zásadě jedno čí je to systém,ale tady se někdo chová velmi riskantně na netu a to bez dostačujícího zabezpečení.

takže jako další,bych rás viděl log z hijackthis s nainstalovaným firewallem
a se spuštěným TeaTimerem ve Spybotu
Režim>Pro pokročilé>Nástroje>Rezidentní

a také tyto logy http://www.viry.cz/forum/viewtopic.php?t=14396
body 1) 2) a 5)

Avira AntiVir neustale hlasi napadeni C:\windows\system32\kernel32.dll
trojan TR/Patched.BQ
(nikde jsem ho nenasel)....predem diky

ComboFix 08-03-18.1 - Administrator 2008-03-19 22:16:14.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.1.1029.18.681 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-11 19:24 . 2001-12-19 15:47 49,152 --------- C:\WINDOWS\system32\TempDel.EXE
2008-03-11 19:24 . 2002-06-03 23:01 8,734 --a------ C:\WINDOWS\system32\WFSch.ICO
2008-03-11 19:21 . 2001-09-17 10:29 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-03-11 19:21 . 2001-09-17 10:29 50,176 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-11 19:21 . 2001-09-17 10:28 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-03-11 19:21 . 2001-09-17 10:28 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-03-11 19:19 . 2008-03-11 19:19 <DIR> d-------- C:\WINDOWS\system32\DX9
2008-03-11 19:19 . 2004-03-12 12:34 197,908 --a------ C:\WINDOWS\system32\drivers\wf88vcap.sys
2008-03-11 19:19 . 2004-03-12 12:34 34,422 --a------ C:\WINDOWS\system32\drivers\wf88tune.sys
2008-03-11 19:19 . 2004-03-12 12:34 10,405 --a------ C:\WINDOWS\system32\drivers\WF88XBAR.sys
2008-03-11 19:19 . 2002-06-03 22:52 2,238 --a------ C:\WINDOWS\system32\WFDRV.ico
2008-03-11 18:19 . 2004-12-23 17:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2008-03-11 18:14 . 2001-08-18 06:24 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-03-11 18:14 . 2001-08-17 22:01 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-10 23:28 . 2008-03-10 23:28 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-03-10 20:11 . 2001-08-17 21:52 33,664 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008-03-10 16:33 . 2007-01-19 12:49 393,088 --a------ C:\WINDOWS\system32\drivers\wfeaglxt.sys
2008-03-07 16:12 . 2008-03-07 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\HP
2008-03-07 16:11 . 2006-05-08 22:09 614,400 -ra------ C:\WINDOWS\system32\hpxp4370.dll
2008-03-07 16:11 . 2006-05-08 22:04 430,080 -ra------ C:\WINDOWS\system32\hp4370co.dll
2008-03-07 16:11 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-07 16:08 . 2008-03-07 16:08 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-07 16:08 . 2008-03-07 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sonic
2008-03-07 16:07 . 2008-03-07 16:07 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-07 16:05 . 2008-03-07 16:05 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-03-07 16:03 . 2008-03-07 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\HP
2008-03-07 16:01 . 2008-03-07 16:03 <DIR> d-------- C:\Program Files\HP
2008-03-07 15:59 . 2008-03-07 16:11 111,573 --a------ C:\WINDOWS\hpgins15.dat
2008-03-07 15:59 . 2006-05-18 19:09 282 --------- C:\WINDOWS\hpgmdl15.dat
2008-03-06 20:52 . 2008-03-06 20:52 <DIR> d-------- C:\Documents and Settings\LocalService\Dokumenty
2008-03-06 11:00 . 2008-03-19 12:52 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2008-03-05 21:57 . 2008-03-05 21:57 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-22 13:57 . 2008-02-22 13:57 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-19 16:58 . 2008-02-19 16:58 <DIR> d-------- C:\Program Files\Vimicro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 11:52 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-18 13:43 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-12 09:49 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2008-03-11 18:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 18:24 --------- d-----w C:\Program Files\WinFast
2008-03-07 15:03 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-05 14:54 --------- d-----w C:\Program Files\Java
2008-02-19 15:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-12 18:59 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Autodesk
2008-02-11 17:16 --------- d-----w C:\Program Files\Smart Projects
2008-02-11 17:12 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-02-11 17:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-11 17:09 89,984 ----a-w C:\WINDOWS\system32\drivers\sptd7165.sys
2008-02-11 17:09 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-10 21:29 --------- d-----w C:\Program Files\HD Tune
2008-02-08 21:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-20 17:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-20 17:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-12-19 18:06 50,000 ----a-w C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-20 13:00 13312]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 16:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 16:50 86016]
"CtxfiReg"="CTXFIREG.exe" [2006-08-11 14:53 42496 C:\WINDOWS\system32\CTXFIREG.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-07 17:05 196608]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-15 17:25 249896]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-05 21:57 2957824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"OODefragTray"="C:\WINDOWS\System32\oodtray.exe" [2007-05-11 02:08 2512392]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2004-05-07 15:33 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-20 13:00 13312]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-03-05 21:57]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2007-08-28 13:16]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\System32\drivers\wf88vcap.sys [2004-03-12 12:34]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\System32\drivers\WF88XBAR.sys [2004-03-12 12:34]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\System32\drivers\WF88TUNE.sys [2004-03-12 12:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2001-09-20 13:00]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 09:53]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2007-12-15 16:27]
S3 WFLR6654;WinFast DTV1800 H (Video);C:\WINDOWS\System32\drivers\wfeaglxt.sys [2007-01-19 12:49]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-04-05 14:14]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 22:20:13
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 22:21:40
ComboFix-quarantined-files.txt 2008-03-19 21:21:35


Logfile of HijackThis v1.99.1
Scan saved at 22:25:51, on 19.3.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\oodtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\WinFast\WFTVFM\WFTV.exe
C:\WINDOWS\explorer.exe
D:\Miranda IM\miranda32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Documents and Settings\Administrator\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL0
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


EDIT: virustotal.com hlasi: Výsledek: 2/32 (6.25%)

Tady jsou vsechny ty logy, firewall (Ashampoo) nainstalovan a bezi.

HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:19, on 19.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\pripominac\pripominac.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\HotKey\HotKey.exe
C:\windows\System32\oodag.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cxgjc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Centrum.cz Turbo - {72FF0384-108C-48a5-A60C-6A92067419CF} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pripominac] C:\Program Files\pripominac\pripominac.exe
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\System32\oodag.exe

--
End of file - 7075 bytes

Ice sword kernel
Kernel Module:

\windows\system32\ntoskrnl.exe
\windows\system32\hal.dll
\windows\system32\KDCOM.DLL
\windows\system32\BOOTVID.dll
ACPI.sys
\windows\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\windows\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\windows\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\EL2K_XP.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\Pcouffin.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\st3bus28.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\st3mp28.sys
\SystemRoot\System32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati3d2ag.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\System32\drivers\aswRdr.sys
\??\C:\DOCUME~1\D\LOCALS~1\Temp\ASFWHide
\??\C:\windows\system32\Drivers\RKREVEAL150.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll

Ice sword process:
Process:

System Idle Process
System
C:\DOCUME~1\D\LOCALS~1\Temp\Rar$EX00.672\IceSword122en\IceSword.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\HotKey\HotKey.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\pripominac\pripominac.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe

Mám stejný problém, snažím se ho řešit na Viry.cz:
http://www.viry.cz/forum/viewtopic.php?t=57427

u mě ho vyresil totalni kolaps systemu(kernel asi kleknul), s naslednym neustalym cyklem BSOD-reset-BSOD, i v pripade nouzovyho rezimu (system nikdy nenajel), ani jsem si nemoh precist co BSOD vypsal, reset nasledoval automaticky tak po 0,5s

format a NOD to spravil....ale nakrkne to, kdyz clovek potrebuje komp

Logfile of HijackThis v1.99.1
Scan saved at 11:37:19, on 4.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Plocha\Programy\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RapidSpool] C:\Program Files\RapidSpool\rapidspool.exe -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

Cisto.

Dík moc

Prosím o kontrolu hijack logu... Dávám dohromady bratrův počítač, myslím, že se tu nějací červi najdou. Děkuji mnohokrát.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:03, on 25.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BEB5A2-9098-4588-A828-CA433C78CB99}: NameServer = 10.3.3.1,212.24.128.8
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6820 bytes

zdravím....bol by som rád, keby mi niekto prekontroloval log....Viem že je tam veľa vecí ktoré treba odstrániť, ale neviem ktoré....Takže prosím o pomoc-tu je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:04, on 27. 5. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Programy\AVGANT~1\avgwdsvc.exe
D:\Programy\AVGANT~1\avgrsx.exe
D:\Programy\AVG Antivirus\avgtray.exe
D:\Programy\AVG Antivirus\avgui.exe
D:\Programy\AVG Antivirus\avgscanx.exe
D:\Programy\Access Remote PC 4.7.2\rpcsetup.exe
D:\Programy\Access Remote PC 4.7.2\rpcsetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programy\AVG Antivirus\avgssie.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: BearShareMediaBar BHO - {E49CE891-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Programy\PCTRAN~1\webie.dll
O3 - Toolbar: BearShare Media Bar - {E49CE899-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] D:\Programy\AVGANT~1\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA2636] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8454] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5208] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7179] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8790] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Access Remote PC 4.7.2] "D:\Programy\Access Remote PC 4.7.2\rpcsetup.exe" /server /silent
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [SpybotDeletingB8750] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6633] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9080] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Programy\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG Antivirus\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll (file missing)
O23 - Service: Access Remote PC Service 4.7.2 - Access Remote PC (www.access-remote-pc.com) - D:\Programy\Access Remote PC 4.7.2\rpcsetup.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Programy\AVGANT~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9858 bytes

Dobrý den tady mám log z hijacku, procesor mi každé tak 2 až 3 sekundy bere 100 % , mám čerstvě už po 2. renistalovaný windows a nic nepomáhá, mám Firewall commodo PRo a NOd32 nic nenašli... kdyby jste se na to mohli prosím podívat a říct mi co mam fixnout, PC už jsem procel CCleanerem a nic... děkuji


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:59, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\QIP Infium\infium.exe
D:\Program složka\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Prográmky\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] "D:\Program složka\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{87E53D62-DCAE-48E4-89D0-B48CC188A331}: NameServer = 192.168.3.30
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 2605 bytes

Podla mna ok. Aky proces najviac zabera ?

Fixnite:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotDeletingA2636] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8454] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5208] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7179] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8790] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8750] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6633] command /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9080] cmd /c del "C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll (file missing)

Manualne zmazte:
C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe0.exe_old
C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe2.exe_old
C:\Documents and Settings\Ján Hadovský\Local Settings\Temp\zfe1.exe_old

Nasledne novy log

Fixnite:
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Ak mate zapnuty rezident u Terminatora, tak ho vypnite.

čus, mám problém v PC, stahoval jsem soubor a byl v něm vir..
naskočila mi poté červená obrazovka a uprostřed Your Privacy in danger neustále mi vyskakují nesmyslná okna o ochraně nějakými antispywary atd. které ani nepoužívám - nějaký Vista 2008 antivirus..virus remover 2008..
skoušel jsem to projet NODem něco to smázlo a AD AWARE našel velký kulový.. červená obrazovka zůstala .. nemůžu přes start ani do tento počítač
a jiné programy také chybí ... pokud něco chci spustit, tak jedině přes plochu. Mám sunbelt kerio firewall, ale zrovna jako napotvoru jsem ho vypnul když jsem ten soubor stahoval...
nemáte s tímto někdo zkušenost? mám v kompu spoustu dat a nechci přeinstalovávat.. díky za rady..

ted jsem na foru našel tohle:
Ahoj lidicky!

Potreboval by som nutne vzorku Desktop Hijackera. Je to virus, co modifikuje plochu na cerveny znak vira. Konkretne na fore sa uz niekolko krat riesil. Ma to byt sucast AccessCodec >> Downloader.Zlob., alebo Trojan.Puper Je to SmithFraud. Mam tu cez stovky takychto volovin, ale ani jeden neobsahuje prave tohoto Hijackera. Jeho test by mi velmi pomohol.

Ak tu niekto ma tohoto Hijackera, tak ho prosim uploadnite, alebo napiste na SS. Predom dakujem !

vůbec nepobírám o co se tedy jjedná, .. nevíte jak se toho zbavit thx

výpis z hijacku
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49: VIRUS ALERT!, on 20.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Prográmky\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Prográmky\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Prográmky\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Prográmky\Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\SorXo\Plocha\VRM_Free.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: QXK Olive - {066A8A42-9DE6-41F7-951C-E2C4B8C5E3CB} - C:\WINDOWS\kgxmotapqtm.dll
O2 - BHO: (no name) - {3AA6678D-1CE0-499E-B9F6-8444DEE39D88} - C:\WINDOWS\system32\ljJYRjHy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D596CE06-00A7-450C-83E8-488E53124CDE} - C:\WINDOWS\system32\geBstqrq.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: qndsfmao - {D8FFA8AE-BBE8-4D3F-A249-64B2D03EEB25} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [488925ee] rundll32.exe "C:\WINDOWS\system32\hvfjqpnw.dll",b
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Prográmky\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Prográmky\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ljJYRjHy - C:\WINDOWS\SYSTEM32\ljJYRjHy.dll
O21 - SSODL: evgratsm - {C78786EB-75A8-4738-88FC-FFC6911F7BDA} - C:\WINDOWS\evgratsm.dll
O21 - SSODL: kvxqmtre - {305CAB1E-83F3-4943-9BA7-AEF3156D06F4} - C:\WINDOWS\kvxqmtre.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Prográmky\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6636 bytes

Zdravím.

Stáhni si ComboFix a ulož ho na plochu a poté ho spusť.
Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

Poznámka: Pro spuštění ComboFixe je nutné mít práva administrátora.

ahoj, díky za snahu, po pár hodinách projíždění antivirem,( v době obnovování fora) jsem zjistil, že virus napadl jen disk C, tak jsem ho jednoduše smazal a nainstaloval čistá Wokna znova, disk D a E zůstal nepoškozený a data zachráněna... dík moc, hodně zdarů, s viry i bez nich..

prosim o kontrolu logu...njaks emi zblaznil pocitac...vedle hodin am VIRUS ALERT!....a v tent počítač ne C ani D

Logfile of HijackThis v1.99.1
Scan saved at 12:04: VIRUS ALERT!, on 28.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Plocha\Programy\Ochrana PC\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: qalkfxor - {8BE3A45C-46D2-407E-8A70-878D0828634D} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RapidSpool] D:\Program Files\RapidSpool\RapidSpool.exe -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [902d4d86] rundll32.exe "C:\WINDOWS\system32\xdlflhsd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\Owner\Plocha\USDownloader135\USDownloader.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rqbmvpso - {164BED38-A948-4E0E-9991-48D2648B5683} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {F1D0C7C3-BEB0-4050-9A70-4D223C152823} - C:\WINDOWS\pdoskegl.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Nevim jestli se neco na tom logu zmenilo ale pridavam sem dalsi ktery jsme udelala ted...musela jsme ho udeat v nouzovym rezimu protoze kdyz spustim normalne pocitac mam jen cernou obrazovku....to predtim nebylo....takze proto si myslim ze ten log je jinej

Logfile of HijackThis v1.99.1
Scan saved at 17:23: VIRUS ALERT!, on 28.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\ESET\ESET Smart Security\ecls.exe
C:\Documents and Settings\Owner\Plocha\Programy\Ochrana PC\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: qalkfxor - {8BE3A45C-46D2-407E-8A70-878D0828634D} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [902d4d86] rundll32.exe "C:\WINDOWS\system32\qtdqlfji.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\Owner\Plocha\USDownloader135\USDownloader.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rqbmvpso - {164BED38-A948-4E0E-9991-48D2648B5683} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {F1D0C7C3-BEB0-4050-9A70-4D223C152823} - C:\WINDOWS\pdoskegl.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe