Prosim pomoc-kontrola logu

[Rou]

Cau, jde mi pomalu PC některé programy vůbec nespustim .... Když chci aktualizovat AVG tak mi to ukáže zprávu o chybách.

Udělal jsem Log z HJC a combofix :

Combo fix :
ComboFix 08-05-01.3 - Kryštof 2008-05-07 15:07:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.659 [GMT 2:00]
Running from: C:\Documents and Settings\Kryštof\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 15:01 . 2008-05-07 15:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-05 15:06 . 2008-05-05 15:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-02 20:36 . 2008-05-02 20:36 <DIR> d-------- C:\Program Files\PLATINUM technology
2008-05-02 20:36 . 1997-12-19 17:26 93,184 --a------ C:\WINDOWS\system32\wvjava.dll
2008-04-30 18:28 . 2008-04-30 18:28 <DIR> d-------- C:\Program Files\PQDVD
2008-04-25 17:43 . 2008-04-25 17:43 <DIR> d-------- C:\Documents and Settings\Kryštof\Data aplikací\SecondLife
2008-04-23 15:01 . 2008-04-23 15:01 <DIR> d-------- C:\Program Files\Compedia
2008-04-23 15:01 . 1996-02-14 14:01 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-04-23 15:01 . 1998-09-02 12:43 81,920 --a------ C:\WINDOWS\system32\LZSCMPRS.DLL
2008-04-23 15:01 . 2008-04-23 15:01 252 --a------ C:\WINDOWS\compedia.ini
2008-04-20 12:38 . 2008-05-04 18:48 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-15 12:36 . 2008-04-15 12:36 <DIR> d-------- C:\Documents and Settings\Kryštof\kbpki
2008-04-15 12:36 . 2008-04-15 12:36 <DIR> d-------- C:\Documents and Settings\Kryštof\kbpki
2008-04-12 08:18 . 2008-04-12 08:18 125,616 --a------ C:\WINDOWS\~GLC0001.TMP
2008-04-12 08:18 . 2008-04-12 08:18 5,607 --a------ C:\WINDOWS\~GLH0001.TMP
2008-04-12 08:16 . 2008-04-12 08:16 125,616 --a------ C:\WINDOWS\~GLC0000.TMP
2008-04-12 08:16 . 2008-04-12 08:16 5,607 --a------ C:\WINDOWS\~GLH0000.TMP
2008-04-11 20:25 . 2008-05-04 18:47 <DIR> d-------- C:\SIERRA
2008-04-11 20:25 . 2008-04-11 20:26 336 --a------ C:\WINDOWS\SIERRA.INI
2008-04-11 20:20 . 2008-04-11 20:28 <DIR> d-------- C:\Documents and Settings\Kryštof\Data aplikací\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 12:13 --------- d-----w C:\Documents and Settings\Kryštof\Data aplikací\AVG7
2008-05-06 17:40 --------- d-----w C:\Program Files\FlashGet
2008-05-04 18:12 --------- d-----w C:\Program Files\ESET
2008-05-04 16:47 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-04 16:47 --------- d-----w C:\Program Files\Common Files\SMART Technologies Inc
2008-05-04 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 16:46 --------- d-----w C:\Program Files\Trillian
2008-05-04 16:46 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-04 16:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 14:25 --------- d-----w C:\Program Files\ICQ6
2008-05-04 07:36 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\AVG7
2008-04-27 07:39 --------- d-----w C:\Program Files\SpeedFan
2008-04-20 10:39 --------- d-----w C:\Program Files\ICQToolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 20:17 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-16 15:48 --------- d-----w C:\Program Files\AV DVD Player Morpher
2008-03-13 12:17 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\SMART Technologies Inc
2008-03-11 13:03 --------- d-----w C:\Program Files\Eurotran 2003
2008-03-11 12:46 --------- d-----w C:\Documents and Settings\Kryštof\Data aplikací\SMART Technologies Inc
2008-03-11 12:44 --------- d-----w C:\Program Files\SMART Technologies Inc
2008-02-27 16:04 292,864 ----a-w C:\WINDOWS\system32\FKG.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
1999-04-23 22:22 12 --sha-w C:\WINDOWS\system\WININETICMP32.drv
2007-01-10 15:11 56 --sha-r C:\WINDOWS\system32\7A800980E0.sys
2007-01-23 15:24 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-04_20.09.48.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 14:23:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 12:08:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 18:18:27 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-05 13:06:47 6,275,072 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-05-05 13:06:47 258,048 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-03 18:18:27 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-05 13:06:46 6,275,072 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-05-05 13:06:46 258,048 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"OEXPRESS"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 22:23 1204224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-19 11:56 7315456]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"nwiz"="nwiz.exe" [2005-12-19 11:56 1519616 C:\WINDOWS\system32\nwiz.exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-02-06 16:19 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-02-06 16:20 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-19 11:56 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:04 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-12-20 16:04 406528]
"ClockGen"="C:\Documents and Settings\Kryštof\Plocha\ClockGen.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"SystemKey"="C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" [2006-04-07 09:58 339968]
"WndMsg"="C:\Program Files\Auto Keylogger\klkernel.exe" [2003-12-09 15:53 202627]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-11 10:35 1998896]
"SDFix"="C:\DOCUME~1\KRYTOF~1\Plocha\SDFix\RunThis.bat /second" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WndMsg"="C:\Program Files\Auto Keylogger\klkernel.exe" [2003-12-09 15:53 202627]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 08:13 219136]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Programy\WinPrgm\MSOffice\Office\OSA9.EXE [2000-01-21 10:15:54 65588]
N stroje SMART Board.lnk - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-02 06:48:46 4519176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.div4"= DivXc32f.dll
"vidc.div3"= DivXc32.dll
"msacm.l3radius"= l3codecp.acm
"msacm.divxa"= divxa32.acm
"msacm.a3d"= a3d.dll
"msacm.ogg"= ogg.dll
"msacm.vorbisenc"= vorbisenc.dll
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Documents and Settings\\Kryštof\\Dokumenty\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Koch Media\\Carcassonne\\Carcassonne.exe"=
"C:\\Program Files\\Koch Media\\Carcassonne Add-On\\Carcassonne.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Tremulous\\tremulous.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13718:TCP"= 13718:TCP:BitComet 13718 TCP
"13718:UDP"= 13718:UDP:BitComet 13718 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 FileGhst;FileGhost File Protector;C:\WINDOWS\system32\Drivers\FileGhst.sys [2005-05-20 13:25]
R1 deqpm;deqpm;C:\WINDOWS\system32\drivers\deqpm.sys [2006-04-14 17:56]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-04-18 18:12]
R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys [2005-12-23 11:28]
R2 dvdmmg;dvdmmg;C:\WINDOWS\system32\drivers\dvdmmg.sys [2007-09-06 12:15]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 14:00]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 14:00]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\DOCUME~1\KRYTOF~1\LOCALS~1\Temp\CpuInfo.sys []
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2006-03-02 14:00]
S3 SMART Web Server;SMART Web Server;"C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe" [2007-11-02 06:48]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8ea3de-0819-11dc-8720-000c76cb7732}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51f0924-8046-11da-8189-000c76cb7732}]
\Shell\AutoRun\command - E:\CDCheck.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 14:59:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-07 12:11:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 15:11:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\TMP0000007291FD047CE8F16558 524288 bytes executable


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
Completion time: 2008-05-07 15:15:04
ComboFix-quarantined-files.txt 2008-05-07 13:14:01
ComboFix2.txt 2008-05-04 18:10:25

Adresářů: 41, Volných bajtů: 21,129,207,808
Adresářů: 45, Volných bajtů: 21,131,616,256

195 --- E O F --- 2008-05-02 13:29:25

Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:05, on 7. 5. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\Kryštof\Plocha\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl
O4 - HKLM\..\Run: [WndMsg] C:\Program Files\Auto Keylogger\klkernel.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\KRYTOF~1\Plocha\SDFix\RunThis.bat /second
O4 - HKLM\..\RunServices: [WndMsg] C:\Program Files\Auto Keylogger\klkernel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\WinPrgm\MSOffice\Office\OSA9.EXE
O4 - Global Startup: Nástroje SMART Board.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2131085484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftup ... 2111617828
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5FC9765-94C0-441F-ABE1-4D6E3B4505E4}: NameServer = 62.240.185.5,62.240.185.10
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Kryštof/Plocha/Krystof/Blbosti/šablona%20Gladiators/Gladiators/images/header.jpg

--
End of file - 11433 bytes

-Upraven předmět příspěvku *Marfy*

[Reklama]

[zlobyl]

Ahoj, vítám tě tu na PC-Help.

Na log z ComboFixu se zatím necítím, ale zhodnotím ti log z HJT:

Máš tam tyto zbytečnosti...

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

....tento spyware....

Kód: Vybrat vše

Fixni v HJT:O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl
+ smaž Killboxem:C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll
+ po restartu smaž i složku:C:\Documents and Settings\All Users\Data aplikací\SystemKey\

....a tohle nevím-znáš to?

Kód: Vybrat vše

O4 - HKLM\..\Run: [WndMsg] C:\Program Files\Auto Keylogger\klkernel.exe

Jinak nevidím žádný firewall a také by to chtělo něco lepšího jako antispyware místo Windows Defenderu.

[Rou]

diky, ten keylloger o tom vím kontroloval jsem si s tím PC ale ted se me neak vyvaznul kontrole

[Rou]

ted jsem po restartu chtel smazat C:\Documents and Settings\All Users\Data aplikací\SystemKey\ a zjisti jsem ze ta slozka tam vubec neni , je tam jenom aplication data a tam je jenom slozka microsoft

[Nodon]

To musis fixnout ne smazat.

[Rou]

ja vim ze to mam fixnout v HJT ale tu složku musim smazat

[paul27]

Máš tam aktivní viry - log z CF....

Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:

Kód: Vybrat vše

Driver::
oreans32
deqpm

File::
C:\WINDOWS\system32\7A800980E0.sys
C:\WINDOWS\system32\KGyGaAvL.sys

Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte...



...spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)

Toho keyloggera jsem ti tam nechal...máš ho úmyslně?

[zlobyl]

ted jsem po restartu chtel smazat C:\Documents and Settings\All Users\Data aplikací\SystemKey\ a zjisti jsem ze ta slozka tam vubec neni , je tam jenom aplication data a tam je jenom slozka microsoft

Je možné, že ta složka je skrytá-otevři si Ovládací panely-Možnosti složky a tam si na kartě Zobrazení zapni zobrazování skrytých souborů a složek.

Pokud tam ta složka už není, tak je o problém méně.