POMOC spyware v IE-vyřešeno Vyřešeno

[clikck]

moc prosím o kontrolu logu z Hijackthis IE 7 mi píše něco o spyware a ja nevim co stim. (IE 7 mi to nikdy nepsal jenom windows) Jinak ta věta je tahle: Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware... Ale když tam kliknu tak mi vyjedou nějaké stránky kde je ke stažení antivir.Avast to VŽDYCKY detekuje jako Vir.A když ne tak mi IE hodí chybu že jsem napadem dám OK hodí to ty stránky dám storno udělá to to samé

Děkuju za odpověd tady je log:

Logfile of HijackThis v1.99.1
Scan saved at 18:04:02, on 18.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\prášil.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slizone.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: XTN Monitor - {CB6BCBE2-79B4-4B72-BD1F-185FD5A651EB} - C:\WINDOWS\ddwlxtqlmr.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: bmlvqkn - {4CCE3A8B-19D3-4F08-8AF3-38E7FE9EBCBF} - (no file)
O21 - SSODL: agrlmvp - {D64AD26D-1BCA-4AA7-A7AA-2DF89F663AB4} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Reklama]

[fredik]

Odinstaluj přes Přidat nebo odebrat programy:
Ultimate Defender

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT

[clikck]

Nejde se do nouzového režimu dostat naskočí modré okno že mám restartovat pc

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[clikck]

Tady je ten log


ComboFix 08-01-18.5 - Admin 2008-01-18 20:27:10.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1525 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\ddwlxtqlmr.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\vx.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\m_hook


((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 20:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 18:10 . 2008-01-17 18:11 <DIR> d-------- C:\Program Files\AdwareRemover2007
2008-01-17 17:40 . 2008-01-17 17:46 <DIR> d-------- C:\Program Files\Deus Cleaner
2008-01-16 20:14 . 2008-01-16 16:53 217,088 --a------ C:\WINDOWS\agrlmvp.dll
2008-01-16 20:14 . 2008-01-16 16:53 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-16 17:25 . 2008-01-16 17:25 1 --a------ C:\WINDOWS\system32\SI.bin
2008-01-13 19:30 . 2008-01-13 19:30 <DIR> d-------- C:\Program Files\3DO
2008-01-12 21:20 . 2008-01-13 12:32 <DIR> d-------- C:\Program Files\Sanny Builder 3
2008-01-12 12:35 . 2008-01-12 13:05 <DIR> d-------- C:\Program Files\San Andreas Tools
2008-01-11 22:26 . 2008-01-11 22:26 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-01-11 22:26 . 2008-01-11 22:26 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-01-11 20:35 . 2008-01-11 20:35 <DIR> d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-01-11 19:04 . 2008-01-11 19:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-11 18:47 . 2008-01-11 18:47 2,321,152 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-01-11 18:20 . 2008-01-11 18:44 <DIR> d--h----- C:\WINDOWS\Icons
2008-01-11 17:37 . 2008-01-11 20:35 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-11 17:37 . 2008-01-11 17:37 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-11 17:37 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-11 17:33 . 2008-01-11 17:47 <DIR> d-------- C:\WINDOWS\NV35562312.TMP
2008-01-05 22:02 . 2007-03-20 10:51 3,131,328 --a------ C:\WINDOWS\system32\Gears of War (X360) Screensaver.scr
2008-01-05 22:02 . 2008-01-05 22:02 18,432 --a------ C:\WINDOWS\ss3unstl.exe
2008-01-04 16:56 . 2008-01-04 16:57 <DIR> d-------- C:\WINDOWS\NV36601612.TMP
2008-01-04 16:56 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-04 16:55 . 2008-01-04 16:55 <DIR> d-------- C:\NVIDIA
2007-12-30 15:26 . 2007-12-30 15:43 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 15:16 . 2008-01-02 11:31 <DIR> d-------- C:\Program Files\Winamp
2007-12-29 16:02 . 2007-12-29 16:02 <DIR> d-------- C:\Program Files\Toshiba
2007-12-26 16:50 . 2007-12-26 16:50 <DIR> d-------- C:\Program Files\MachrSoft
2007-12-26 16:50 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-23 19:47 . 2007-12-23 19:47 <DIR> d-------- C:\Program Files\Kecal
2007-12-23 15:59 . 2007-12-23 16:00 <DIR> d-------- C:\Program Files\GameHouse
2007-12-19 19:42 . 2007-12-19 19:43 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-19 19:42 . 2007-12-19 19:42 <DIR> d-------- C:\Program Files\AWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 19:33 --------- d-----w C:\Program Files\SpeedFan
2008-01-18 16:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-17 16:49 --------- d-----w C:\Program Files\WinClamAVShield
2008-01-16 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 16:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 16:07 --------- d-----w C:\Program Files\Java
2007-12-23 20:31 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-23 20:31 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-22 18:23 --------- d-----w C:\Program Files\BitLord
2007-12-10 19:52 --------- d-----w C:\Program Files\Azureus
2007-12-09 17:56 98,304 ----a-w C:\WINDOWS\W2BNEUnin.exe
2007-12-08 18:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-07 15:58 --------- d-----w C:\Program Files\Hamachi
2007-12-06 17:33 --------- d-----w C:\Program Files\Hrady
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 20:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-28 20:02 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2007-11-28 20:02 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2007-11-28 20:02 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2007-11-28 20:02 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2007-11-28 20:02 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2007-11-28 20:02 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2007-11-28 20:02 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2007-11-28 20:02 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2007-11-28 20:02 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2007-11-25 17:23 --------- d-----w C:\Program Files\RADVideo
2007-11-25 08:51 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-23 15:14 --------- d-----w C:\Program Files\DivX
2007-11-15 19:17 139,264 ----a-w C:\WINDOWS\War3Unin.exe
1997-02-21 21:00 105,312 ----a-w C:\WINDOWS\Fonts\SR181.TMP
1997-02-21 21:00 101,336 ----a-w C:\WINDOWS\Fonts\SR182.TMP
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-03-05 21:09 2573536]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 09:30 249856]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-09 18:48 2778112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 14:18 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {D64AD26D-1BCA-4AA7-A7AA-2DF89F663AB4} - C:\WINDOWS\agrlmvp.dll [2008-01-16 16:53 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-04-05 11:38 518144 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 21:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-09 18:49]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Instal\HWiNFO32\HWiNFO32.SYS []
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-02-05 20:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-02-05 20:34]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-02-05 20:34]
S3 HWACCESS;HWACCESS;C:\WINDOWS\SYSTEM32\HWACCESS.SYS [2007-02-04 06:19]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-11 17:37]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\DVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - L:\Directx\dxsetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 16:37:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-06-08 14:10:36 C:\WINDOWS\Tasks\cmcgmry.job"

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\fxtqdrl.exe
C:\WINDOWS\Fonts\SR181.TMP
C:\WINDOWS\Fonts\SR182.TMP

Folder::
C:\Program Files\AdwareRemover2007
C:\Program Files\Deus Cleaner
C:\Program Files\Ultimate Defender

DirLook::
C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
C:\WINDOWS\NV35562312.TMP

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Na opravu nouzového režimu použij SafeBootKeyRepair (by sUBs)

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem pak log z ComboFix a nový log z HJT (Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž.)

PS: Log z ComboFix nebyl celý tak sem dej pak celý.

[clikck]

COMBOFIX (Doufám že celý)

ComboFix 08-01-18.5 - Admin 2008-01-18 21:19:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1521 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\Fonts\SR181.TMP
C:\WINDOWS\Fonts\SR182.TMP
C:\WINDOWS\fxtqdrl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\AdwareRemover2007
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.lic
C:\Program Files\AdwareRemover2007\AdwareRemover20070.ar
C:\Program Files\AdwareRemover2007\AdwareRemover20071.ar
C:\Program Files\AdwareRemover2007\Uninstall.exe
C:\Program Files\Deus Cleaner
C:\Program Files\Deus Cleaner\SDmodul.dll
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\Fonts\SR181.TMP
C:\WINDOWS\Fonts\SR182.TMP
C:\WINDOWS\fxtqdrl.exe
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\ddwlxtqlmr.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\vx.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\m_hook




((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 20:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 17:25 . 2008-01-16 17:25 1 --a------ C:\WINDOWS\system32\SI.bin
2008-01-13 19:30 . 2008-01-13 19:30 <DIR> d-------- C:\Program Files\3DO
2008-01-12 21:20 . 2008-01-13 12:32 <DIR> d-------- C:\Program Files\Sanny Builder 3
2008-01-12 12:35 . 2008-01-12 13:05 <DIR> d-------- C:\Program Files\San Andreas Tools
2008-01-11 22:26 . 2008-01-11 22:26 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-01-11 22:26 . 2008-01-11 22:26 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-01-11 20:35 . 2008-01-11 20:35 <DIR> d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-01-11 19:04 . 2008-01-11 19:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-11 18:47 . 2008-01-11 18:47 2,321,152 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-01-11 18:20 . 2008-01-11 18:44 <DIR> d--h----- C:\WINDOWS\Icons
2008-01-11 17:37 . 2008-01-11 20:35 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-11 17:37 . 2008-01-11 17:37 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-11 17:37 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-11 17:33 . 2008-01-11 17:47 <DIR> d-------- C:\WINDOWS\NV35562312.TMP
2008-01-05 22:02 . 2007-03-20 10:51 3,131,328 --a------ C:\WINDOWS\system32\Gears of War (X360) Screensaver.scr
2008-01-05 22:02 . 2008-01-05 22:02 18,432 --a------ C:\WINDOWS\ss3unstl.exe
2008-01-04 16:56 . 2008-01-04 16:57 <DIR> d-------- C:\WINDOWS\NV36601612.TMP
2008-01-04 16:56 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-04 16:55 . 2008-01-04 16:55 <DIR> d-------- C:\NVIDIA
2007-12-30 15:26 . 2007-12-30 15:43 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 15:16 . 2008-01-02 11:31 <DIR> d-------- C:\Program Files\Winamp
2007-12-29 16:02 . 2007-12-29 16:02 <DIR> d-------- C:\Program Files\Toshiba
2007-12-26 16:50 . 2007-12-26 16:50 <DIR> d-------- C:\Program Files\MachrSoft
2007-12-26 16:50 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-23 19:47 . 2007-12-23 19:47 <DIR> d-------- C:\Program Files\Kecal
2007-12-23 15:59 . 2007-12-23 16:00 <DIR> d-------- C:\Program Files\GameHouse
2007-12-19 19:42 . 2007-12-19 19:43 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-19 19:42 . 2007-12-19 19:42 <DIR> d-------- C:\Program Files\AWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 19:33 --------- d-----w C:\Program Files\SpeedFan
2008-01-18 16:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-17 16:49 --------- d-----w C:\Program Files\WinClamAVShield
2008-01-16 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 16:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 16:07 --------- d-----w C:\Program Files\Java
2007-12-23 20:31 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-23 20:31 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-22 18:23 --------- d-----w C:\Program Files\BitLord
2007-12-10 19:52 --------- d-----w C:\Program Files\Azureus
2007-12-09 17:56 98,304 ----a-w C:\WINDOWS\W2BNEUnin.exe
2007-12-08 18:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-07 15:58 --------- d-----w C:\Program Files\Hamachi
2007-12-06 17:33 --------- d-----w C:\Program Files\Hrady
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 20:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-28 20:02 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2007-11-28 20:02 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2007-11-28 20:02 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2007-11-28 20:02 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2007-11-28 20:02 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2007-11-28 20:02 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2007-11-28 20:02 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2007-11-28 20:02 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2007-11-28 20:02 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2007-11-25 17:23 --------- d-----w C:\Program Files\RADVideo
2007-11-25 08:51 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-23 15:14 --------- d-----w C:\Program Files\DivX
2007-11-15 19:17 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP ----

2008-01-11 20:35 561152 --a------ C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP\WiseCustomCalla1.dll

---- Directory of C:\WINDOWS\NV35562312.TMP ----

2007-12-05 01:41 91094 --a------ C:\WINDOWS\NV35562312.TMP\nv3d.chm
2007-12-05 01:41 54988 --a------ C:\WINDOWS\NV35562312.TMP\nvmob.chm
2007-12-05 01:41 175045 --a------ C:\WINDOWS\NV35562312.TMP\nvdsp.chm
2007-12-05 01:41 121431 --a------ C:\WINDOWS\NV35562312.TMP\nvcpl.chm


((((((((((((((((((((((((((((( snapshot@2008-01-18_20.35.13.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 19:26:59 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 20:19:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 19:26:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 20:19:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 19:26:59 9,699,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 20:19:24 9,699,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 19:27:00 335,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 20:19:24 335,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 19:27:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 20:19:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 19:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 20:19:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 20:22:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-03-05 21:09 2573536]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 09:30 249856]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-09 18:48 2778112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 14:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-04-05 11:38 518144 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 21:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-09 18:49]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Instal\HWiNFO32\HWiNFO32.SYS []
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-02-05 20:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-02-05 20:34]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-02-05 20:34]
S3 HWACCESS;HWACCESS;C:\WINDOWS\SYSTEM32\HWACCESS.SYS [2007-02-04 06:19]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-11 17:37]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\DVD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - L:\Directx\dxsetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 16:37:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-06-08 14:10:36 C:\WINDOWS\Tasks\cmcgmry.job"


HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Admin\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slizone.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O21 - SSODL: bmlvqkn - {4CCE3A8B-19D3-4F08-8AF3-38E7FE9EBCBF} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8445 bytes

[fredik]

Nic jsi neměl v logu za tímto?

Contents of the 'Scheduled Tasks' folder
"2008-01-11 16:37:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-06-08 14:10:36 C:\WINDOWS\Tasks\cmcgmry.job"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud nějak nutně nepotřebuješ tak odinstaluj přes Přidat nebo odebrat program:
Torrent-Search_Toolbar

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O21 - SSODL: bmlvqkn - {4CCE3A8B-19D3-4F08-8AF3-38E7FE9EBCBF} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud máš zapnutou integraci ClamAntiviru, tak ji vypni v nastavení Spyware Terminatora a zastav jeho službu, měla by se jmenovat: Spyware Terminator Clam Service

Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš services.msc a dej OK. Otevře se ti okno Služby.
V ní ji najdi a ve vlastnostech ji zastav (klikni na tlačítko Zastavit) a nastav Typ spouštění: na Zakázáno.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš ještě problémy?

[clikck]

Ne díky