Antivirus XP 2008 Vyřešeno

[maremarekk]

Zdravím, nemám tušení jak ale nějak se mi dostal do PC Antivirus XP 2008. Od té doby mi jede počítač pouze v nouzovém režimu. V normálním režimu mi po startu naběhlne Antivirus XP 2008, že mám v PC 2418 virů a že je smaže pouze po zakoupení licence, pokud swe pokusím něco zpustit tak se mi zasekne PC (zajímavé je že Antivirus XP 2008 jede dál) . Avast mi nic nenašel, stejně tak ani Spywire Doctor. Už jsem se o tom dočetl něco na netu . Každý případ by měl být unikátní. Proto vás prosím o POMOC. Dávám se log z HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:44, on 30.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMrhccwjj0e53c] C:\Program Files\rhccwjj0e53c\rhccwjj0e53c.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [BM5b1116c6] Rundll32.exe "C:\WINDOWS\system32\trkgfkqc.dll",s
O4 - HKLM\..\Run: [5822255a] rundll32.exe "C:\WINDOWS\system32\eupxksva.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6529029730
O17 - HKLM\System\CCS\Services\Tcpip\..\{078B8E94-D637-4AEE-9B64-97B008E951E9}: NameServer = 69.50.168.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{078B8E94-D637-4AEE-9B64-97B008E951E9}: NameServer = 69.50.168.180
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9608 bytes



PROSÍM POMOC. Předem dík

[Reklama]

[fredik]

Vítej na fóru

Odinstaluj přes Přidat nebo odebrat programy:
SpyHunter

Když už jsi v tom nouzovém režimu, stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tím se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah

Pak sem dej log z CF:
Pokud máš zapnutou rezidentní ochranu u Avg - AS a u Spyware Doctora tak je vypni před spuštěním CF.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[maremarekk]

Zdravím, ještě než jste mi napsal odpověď tak jsem se pokusil to opravit sám. Použil jsem:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe779c69-0476-11dd-bb77-000b6a8f5874}]

Našel jsem to v jednom vyřešeném problému s těmi samími problémy jako mám já. Pravděpodobně to zabralo, protože mi počítač nabýhá i v normálním režimu i když mi pořád vyzkakoval Antivirus XP 2008 a jako bonus mi avast našel vir ve složce system 32. Pokusil jsem se ho smazat několikati způsoby. ale pokaždé se mi vrátil. Potom jsem použil SDFix v nouzovém režimu, po restartu mi vyskočil report. Netuším co se stalo, ale přestal mi vyzkakovat Antivirus XP 2008 i ten vir v systemu 32 se zrtratil. Pro jistotu posílám report z SDFix:

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\rhccwjj0e53c\database.dat - Deleted
C:\Program Files\rhccwjj0e53c\license.txt - Deleted
C:\Program Files\rhccwjj0e53c\MFC71.dll - Deleted
C:\Program Files\rhccwjj0e53c\MFC71ENU.DLL - Deleted
C:\Program Files\rhccwjj0e53c\msvcp71.dll - Deleted
C:\Program Files\rhccwjj0e53c\msvcr71.dll - Deleted
C:\Program Files\rhccwjj0e53c\rhccwjj0e53c.exe - Deleted
C:\Program Files\rhccwjj0e53c\rhccwjj0e53c.exe.local - Deleted
C:\Program Files\rhccwjj0e53c\Uninstall.exe - Deleted
C:\WINDOWS\system32\fcccYoLD.dll - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted



Folder C:\Program Files\rhccwjj0e53c - Removed
Folder C:\Documents and Settings\Sklad\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
Folder C:\Program Files\altcmd - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 14:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:5d,8a,1c,54,18,9c,2a,c8,c7,97,1e,97,9b,a3,39,fd,a7,76,a2,33,91,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:68,b2,70,79,58,de,08,83,bd,4e,e3,18,22,c1,09,63,7b,e1,c2,d6,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,42,52,79,35,7a,d0,c1,73,5e,1a,23,ae,62,10,69,39,f4,..
"khjeh"=hex:5a,27,42,d0,b2,c4,81,aa,fc,6b,ec,0a,93,79,75,10,3e,5b,0e,06,17,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:08,0d,8a,31,d7,a9,d8,22,37,95,08,06,50,2c,89,c0,07,5d,82,80,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:5d,8a,1c,54,18,9c,2a,c8,c7,97,1e,97,9b,a3,39,fd,a7,76,a2,33,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:68,b2,70,79,58,de,08,83,bd,4e,e3,18,22,c1,09,63,7b,e1,c2,d6,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,42,52,79,35,7a,d0,c1,73,5e,1a,23,ae,62,10,69,39,f4,..
"khjeh"=hex:5a,27,42,d0,b2,c4,81,aa,fc,6b,ec,0a,93,79,75,10,3e,5b,0e,06,17,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:08,0d,8a,31,d7,a9,d8,22,37,95,08,06,50,2c,89,c0,07,5d,82,80,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:5d,8a,1c,54,18,9c,2a,c8,c7,97,1e,97,9b,a3,39,fd,a7,76,a2,33,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:68,b2,70,79,58,de,08,83,bd,4e,e3,18,22,c1,09,63,7b,e1,c2,d6,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,42,52,79,35,7a,d0,c1,73,5e,1a,23,ae,62,10,69,39,f4,..
"khjeh"=hex:5a,27,42,d0,b2,c4,81,aa,fc,6b,ec,0a,93,79,75,10,3e,5b,0e,06,17,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:08,0d,8a,31,d7,a9,d8,22,37,95,08,06,50,2c,89,c0,07,5d,82,80,35,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Documents and Settings\\Sklad\\Plocha\\Nov slo§ka (2)\\CoD2MP_s.exe"="C:\\Documents and Settings\\Sklad\\Plocha\\Nov slo§ka (2)\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Documents and Settings\\Sklad\\Plocha\\p n prsten…\\game.dat"="C:\\Documents and Settings\\Sklad\\Plocha\\p n prsten…\\game.dat:*:Enabled:Battle for Middle-earth"
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Codemasters\\ToCA Race Driver 2\\RD2.EXE"="C:\\Program Files\\Codemasters\\ToCA Race Driver 2\\RD2.EXE:*:Enabled:RaceDriver 2 Application"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"="C:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Documents and Settings\\Sklad\\Plocha\\jazz2secret\\Jazz2.exe"="C:\\Documents and Settings\\Sklad\\Plocha\\jazz2secret\\Jazz2.exe:*:Enabled:Jazz Jackrabbit 2"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"="C:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"="C:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Sklad\\Plocha\\jazz2!!!!!!!\\Jazz2.exe"="C:\\Documents and Settings\\Sklad\\Plocha\\jazz2!!!!!!!\\Jazz2.exe:*:Enabled:Jazz Jackrabbit 2"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"D:\\AOE2\\empires2.exe"="D:\\AOE2\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Documents and Settings\\Sklad\\Data aplikacˇ\\8221.exe"="C:\\Documents and Settings\\Sklad\\Data aplikacˇ\\8221.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Sklad\\Data aplikacˇ\\8221.exe"="C:\\Documents and Settings\\Sklad\\Data aplikacˇ\\8221.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 20 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITA.tmp"
Wed 20 Feb 2008 4,348 ...H. --- "C:\Documents and Settings\Sklad\Dokumenty\Hudba\Z lohov nˇ licence\drmv1key.bak"
Wed 20 Feb 2008 20 A..H. --- "C:\Documents and Settings\Sklad\Dokumenty\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Wed 20 Feb 2008 400 ...H. --- "C:\Documents and Settings\Sklad\Dokumenty\Hudba\Z lohov nˇ licence\drmv2key.bak"
Wed 20 Feb 2008 1,536 A..H. --- "C:\Documents and Settings\Sklad\Dokumenty\Hudba\Z lohov nˇ licence\drmv2lic.bak"

Finished!

Doufám že už mám pokoj. Pokud ano tak mockrát děkuji za radu.

[fredik]

Dej sem ještě ten log z ComboFix.

[maremarekk]

Rád bych, ale nějak se vyskytl nový problém viewtopic.php?f=47&t=30751 . Navíc mě něco začalo blokovat všechny vyhledáváče a váš odkaz na cobofix nefunguje. Nemám jak ho dostat do PC. Zkoušel jsem reinstalovat mozillu, ale nepomohlo to. Posílám nový log z hijackthis, třeba k něčemu bude. Počítač už mě docela štve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:51, on 1.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bestyourmeds.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM5b1116c6] Rundll32.exe "C:\WINDOWS\system32\ychjxtwy.dll",s
O4 - HKLM\..\Run: [5822255a] rundll32.exe "C:\WINDOWS\system32\wqslioth.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/ALL.HTM
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - C:\Program Files\Britanik\britanik.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6529029730
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{078B8E94-D637-4AEE-9B64-97B008E951E9}: NameServer = 69.50.168.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{078B8E94-D637-4AEE-9B64-97B008E951E9}: NameServer = 69.50.168.180
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 12394 bytes

[milan168]

Ahoj, nevíte proč mi antivir hlásí u programu SDFIX že obsahuje vir Win32/PrcView ?

[Marinus]

maremarekk:

Fredik tu proteď není - pokud ti to nevadí, pokračovat s tebou budu já

Je pro nás důležité použít ComboFix, protože se specializuje právě na havěť, kterou máš v počítači a pomůže nám tvůj počítač odvirovat.
Stáhni si ho z tohoto odkazu: http://www.edisk.cz/stahni/06359/VirTer ... .71MB.html

milan168:

Součástí SDFixu je i process.exe - je to program, který slouží k zastavování procesů v paměti. Antivir ho detekuje proto, že může být potenciálně zneužit k působení škody. V případě SDFixu to ale neplatí - můžeš hlášení antiviru ignorovat, případně pokud ti ho nedovolí kvůli tomu použít, dočasně ho vypni.

[maremarekk]

Během toho procesu mi vyběhlo pár hlášek od antiviru, přesunul jsem je do truhly. Tady máte ten log:



ComboFix 08-09-05.02 - Sklad 2008-09-06 17:31:37.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.253 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Sklad\Plocha\VirTerminator.exe
* Vytvoren novy Bod Obnoveni

VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.

((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sklad\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Sklad\Data aplikací\rhccwjj0e53c
C:\Documents and Settings\Sklad\Data aplikací\temp.dll
C:\WINDOWS\BM5b1116c6.txt
C:\WINDOWS\BM5b1116c6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\avskxpue.ini
C:\WINDOWS\system32\dehtntux.ini
C:\WINDOWS\system32\enpsifvl.dll
C:\WINDOWS\system32\eupxksva.dll
C:\WINDOWS\system32\gbspwtsg.ini
C:\WINDOWS\system32\htoilsqw.ini
C:\WINDOWS\system32\ikkkjimx.dll
C:\WINDOWS\system32\jpyjbwgi.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfqbqqtk.dll
C:\WINDOWS\system32\mggvhmlh.ini
C:\WINDOWS\system32\qAIRYJjl.ini
C:\WINDOWS\system32\qAIRYJjl.ini2
C:\WINDOWS\system32\rqRHbbAQ.dll
C:\WINDOWS\system32\sgtqtbtv.dll
C:\WINDOWS\system32\srlibcco.dll
C:\WINDOWS\system32\stlrcuio.exe
C:\WINDOWS\system32\trkgfkqc.dll
C:\WINDOWS\system32\tuvVLeEu.dll
C:\WINDOWS\system32\twlncypw.exe
C:\WINDOWS\system32\utBbefii.ini
C:\WINDOWS\system32\utBbefii.ini2
C:\WINDOWS\system32\vtbtqtgs.ini
C:\WINDOWS\system32\winjvd32.dll
C:\WINDOWS\system32\wvUkKcBt.dll
C:\WINDOWS\system32\ychjxtwy.dll

.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-06 do 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-08-31 13:55 . 2008-08-31 13:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-31 13:50 . 2008-08-31 14:14 <DIR> d-------- C:\SDFix
2008-08-30 15:50 . 2008-08-30 15:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-30 13:55 . 2008-08-30 14:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-30 13:55 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-30 13:55 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-30 13:55 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-30 13:55 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-30 12:39 . 2008-08-30 12:39 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-30 11:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-30 11:15 . 2008-08-30 11:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-30 11:15 . 2008-08-30 11:15 <DIR> d-------- C:\Program Files\Crawler
2008-08-30 11:15 . 2008-08-30 11:15 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-23 21:01 . 2008-08-23 21:01 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll
2008-08-23 21:01 . 2008-08-23 21:01 <DIR> d-------- C:\WINDOWS\system32\append.dll
2008-08-23 20:13 . 1997-01-18 10:53 45,312 --a------ C:\Documents and Settings\Sklad\SETUP.EXE
2008-08-23 20:13 . 1995-09-07 19:22 8,192 --a------ C:\Documents and Settings\Sklad\_ISDEL.EXE
2008-08-23 20:13 . 1996-12-19 15:03 6,128 --a------ C:\Documents and Settings\Sklad\_SETUP.DLL
2008-08-23 20:05 . 2008-08-23 20:05 <DIR> d-------- C:\Local Publish
2008-08-21 08:37 . 2008-08-21 08:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-08-21 08:36 . 2008-08-23 20:05 <DIR> d-------- C:\Program Files\WYSIWYG Web Builder 5
2008-08-21 08:35 . 2008-08-21 08:36 3,500,710 --a------ C:\webbuilder5.zip
2008-08-21 08:00 . 2008-08-21 08:00 926 --a------ C:\Trellian InternetStudio.lnk
2008-08-21 08:00 . 2008-08-21 08:00 911 --a------ C:\Trellian SEO Toolkit.lnk
2008-08-21 08:00 . 2008-08-21 08:00 816 --a------ C:\eComm STORE v2.0.lnk
2008-08-21 07:59 . 2008-08-21 08:00 <DIR> d-------- C:\Program Files\trellian
2008-08-21 07:45 . 2008-08-23 20:10 <DIR> d-------- C:\Projekt MoneyMethod
2008-08-21 07:43 . 2008-08-21 07:48 <DIR> d-------- C:\Program Files\MoneyMethod
2008-08-21 07:24 . 2008-08-23 20:17 <DIR> d-------- C:\Program Files\GEN-E-SHOP
2008-08-21 07:24 . 2008-08-21 07:24 <DIR> d-------- C:\Program Files\Borland
2008-08-21 07:24 . 2008-08-23 20:18 13,030 --a------ C:\PDOXUSRS.NET
2008-08-19 13:13 . 2008-08-19 13:13 167 --a------ C:\WINDOWS\connect.dat
2008-08-19 11:39 . 2008-08-19 11:39 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-08-19 11:33 . 2008-08-19 11:33 <DIR> d-------- C:\WINDOWS\system32\temp
2008-08-19 10:59 . 2008-08-19 10:59 <DIR> d-------- C:\Program Files\Strategy First
2008-08-19 10:47 . 2008-08-19 10:47 <DIR> d-------- C:\Program Files\UltraISO
2008-08-19 10:47 . 2008-08-19 10:47 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-15 17:10 . 2008-08-15 17:12 <DIR> d-------- C:\Program Files\Svetlograd
2008-08-08 18:44 . 2008-08-08 18:45 <DIR> d-------- C:\Downloads
2008-08-07 12:59 . 2008-08-07 13:00 <DIR> d-------- C:\Program Files\Armada Tanks
2008-08-07 08:47 . 2008-08-07 08:47 <DIR> d-------- C:\Program Files\Emerald Tale

.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 03:34 --------- d-----w C:\Program Files\ICQToolbar
2008-08-31 09:05 --------- d-----w C:\Program Files\World of Warcraft
2008-08-30 10:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 06:38 --------- d-----w C:\Program Files\ICQ6
2008-08-19 09:22 --------- d-----w C:\Program Files\Burn4Free
2008-08-09 11:47 --------- d-----w C:\Program Files\Dofus
2008-08-03 14:27 --------- d-----w C:\Program Files\Google
2008-07-31 11:58 --------- d-----w C:\Program Files\VisualConnection
2008-07-26 18:22 --------- d-----w C:\Program Files\NanoTerra
2008-07-20 12:15 --------- d-----w C:\Program Files\Ventrilo
2008-07-02 18:32 2,193,408 ----a-w C:\WINDOWS\system32\kernel1.exe
.

(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-01-27 13:44 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-01-27 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-01-27 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 13:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-01-30 477696]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 962560]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 86016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2007-04-19 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11334:TCP"= 11334:TCP:BitComet 11334 TCP
"11334:UDP"= 11334:UDP:BitComet 11334 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58609:TCP"= 58609:TCP:Pando P2P TCP Listening Port
"58609:UDP"= 58609:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R2 r_server;Remote Administrator Service;C:\WINDOWS\system32\r_server.exe [2005-06-21 724992]
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 69120]
S3 MovGDrv32;MovGDrv32;C:\WINDOWS\system32\drivers\MovGDrv32.sys [2007-05-15 513152]
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -

BHO-{815D7E01-2CC0-40BD-B003-1BD5DAC29463} - C:\WINDOWS\system32\iifebBtu.dll
HKLM-Run-5822255a - C:\WINDOWS\system32\sgtqtbtv.dll
HKLM-Run-BM5b1116c6 - C:\WINDOWS\system32\mfqbqqtk.dll


.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Sklad\Data aplikací\Mozilla\Firefox\Profiles\ir813ox2.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 17:46:28
Windows 5.1.2600 Service Pack 2 NTFS

skenovani skrytych procesu ...

skenovani skrytych polozek 'Po spusteni' ...

skenovani skrytych souboru ...

sken byl uspesne dokoncen
skryte soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navazane na bezici procesy ---------------------

PROCES: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1250.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
------------------------ Jine spustene procesy ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Celkovy cas: 2008-09-06 17:58:10 - pocitac byl restartovan
ComboFix-quarantined-files.txt 2008-09-06 15:57:48

Pre-Run: 520,552,448
Post-Run: 762,212,352

259 --- E O F --- 2008-01-12 20:04:01

[Marinus]

1) Smaž manuálně tyto dvě složky:

C:\WINDOWS\system32\append.dll
C:\WINDOWS\system32\xlib254.dll

2) Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Documents and Settings\\Sklad\\Data aplikací\\8221.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Documents and Settings\\Sklad\\Data aplikací\\8221.exe"=-

Zvol možnost Uložit soubor jako, pojmenuj soubor fix.reg a zvol Uložit jako typ Všechny soubory. Ulož soubor na plochu a poté na něj poklepej. Odsouhlas naimportování klíče do registru.

3) Jdi přes Start - Spustit a do volného řádku zkopíruj tento příkaz a potvrď: "%userprofile%\Plocha\VirTerminator.exe" /u - tohle odinstaluje ComboFix a smaže zálohu SDFixu.

4) Stáhni si, vybal a spusť program JavaRa - http://mesh.dl.sourceforge.net/sourcefo ... JavaRa.zip
Klikni na tlačítko Remove Older Versions k odstranění starých verzí Javy.
Poté stáhni a nainstaluj nejnovější verzi - Java Runtime Environment (JRE) 6 Update 7 - http://java.sun.com/javase/downloads/index.jsp

Log je v pořádku, pro lepší zabezpečení počítače bych doporučil nainstalovat firewall.
Přetrvávají problémy?

[maremarekk]

Když chci nahrát fix do registru tak mi to napíše:
..../fix.reg nelze inportovat: Do registru se nepodařilo úspěšně zadat všechna data. Některé klíče jsou otevřeny systémem nebo jinými procesy.

Raději počkám na vyjádření...

[Marinus]

V tomhle případě budu citovat fredika:

Spusť Avast a až se ti objeví okno aplikace tak vlevo nahoře klikni na ikonu šipky směřující nahoru (Menu) tam zvol Nastavení...
- v nově otevřeném okně zvol poslední možnost dole Řešení problémů tam zatrhni možnost: Vypnout sebeobranné mechanismy programu Avast! a potvrď přes Ok
- ukáže se ti hláška Avastu tak zvol Ano
- zavři Avast
Pak použij znovu ten soubor fix.reg a mělo by to proběhnout všechno v pořádku. Restartuj Pc a po najetí zpět do Win. si opačným postupem zapni sebeobranu v Avastu.

[maremarekk]

Super, vypadá to že je všechno v pořádku, děkuji za pomoc. Myslel jsem že ten počítač Vážně dík