PC-HELP.CZ

Dobrý den,
mám větší - menší jak pro koho problém, VIRUS ALERT se mi nastěhoval do PC... všeobecně známo zmizeli nějaké ikony a nejsou vidět disky C,D. Mám i total comannder a tam disky vidím. Jělikož jsem na dizkusních fórech již viděl nějaké návody jsem z toho hin . PC jsem projel spybotem a něco jsem smazal, NOD mám a taky v pohodě.... ale problémy přetrvávají. Přikládám zde log vygenerovaný přes HijachThis v 1,99 ............ ale co potom, i když mi pomůžete opravit log..... co pak ? Dík za každou radu ........ s pozdravem Leo

Logfile of HijackThis v1.99.1
Scan saved at 09:54: VIRUS ALERT!, on 8.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O3 - Toolbar: fqbewlna - {FC907671-A480-49CF-8953-F5E5CA145228} - C:\WINDOWS\fqbewlna.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4993] command /c del "C:\WINDOWS\fqbewlna.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1974] cmd /c del "C:\WINDOWS\fqbewlna.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6550] command /c del "C:\WINDOWS\dtseqrxk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5234] cmd /c del "C:\WINDOWS\dtseqrxk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1932] command /c del "C:\WINDOWS\mgxfebsq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3653] cmd /c del "C:\WINDOWS\mgxfebsq.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "D:\program files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\program files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: mgxfebsq - {2CB8F58B-7711-4937-80F9-F0E756C2D204} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {ACC0A103-4F90-4EC3-98EF-E7D23F195BD7} - C:\WINDOWS\dtseqrxk.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

Vítej na fóru

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknotí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud používáš souborový manažer a dokázala by jsi zkopírovat na plochu jeden soubor tak udělej toto:
běž do adresáře kde máš rozbalený SDFix (C:\SDFix) a tam najdeš soubor XP_VirusAlert_Repair.inf. Zkus si ho přesunout na plochu.
- klikni pravým tlačítkem myši na soubor XP_VirusAlert_Repair a zvol možnost nainstalovat.
- po té restartuj Pc

jinak použij toto:
Stáhni si tento archiv a rozbal si jeho obsah na plochu
- klikni pravým tlačítkem myši na soubor VArestorepolicies.inf a zvol možnost nainstalovat.
- po té restartuj Pc

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Používáš starší verzi HijackThis, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž a dej sem z ní nový log.

for fredík : zatím dík za radu jdu na to, a tady new log.

Snad to nezmastím ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02: VIRUS ALERT!, on 8.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\pc\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O3 - Toolbar: fqbewlna - {FC907671-A480-49CF-8953-F5E5CA145228} - C:\WINDOWS\fqbewlna.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "D:\program files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\program files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: mgxfebsq - {2CB8F58B-7711-4937-80F9-F0E756C2D204} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {ACC0A103-4F90-4EC3-98EF-E7D23F195BD7} - C:\WINDOWS\dtseqrxk.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

--
End of file - 8406 bytes



A tady je report.txt z SDfixu


SDFix: Version 1.222
Run by Administrator on po 08.09.2008 at 14:30

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
routing

Path :
C:\WINDOWS\system32\routing.exe

routing - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows Product ID To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\EDFK.EXE - Deleted
C:\Documents and Settings\ondra\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\pc\Plocha\Privacy Protector.url - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\perfs.txt - Deleted



Folder C:\Documents and Settings\pc\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 14:40:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:cc,0e,25,d3,7c,e6,f2,4a,6e,ce,ea,ae,e1,c0,e3,42,21,c6,39,79,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,22,90,76,ea,c9,c1,ec,a1,48,ce,05,5b,62,1b,52,f0,24,bd,1d,bc,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,09,96,4c,cf,ec,e1,3c,09,d8,3b,90,ff,a3,05,66,67,..
"khjeh"=hex:39,7f,22,97,bf,7d,5e,cc,15,1b,24,16,d0,0e,28,15,34,03,b6,a6,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7f,37,a8,25,61,b7,47,99,86,61,91,ab,94,99,36,9a,22,a5,8d,e4,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:cc,0e,25,d3,7c,e6,f2,4a,6e,ce,ea,ae,e1,c0,e3,42,21,c6,39,79,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,22,90,76,ea,c9,c1,ec,a1,48,ce,05,5b,62,1b,52,f0,24,bd,1d,bc,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,09,96,4c,cf,ec,e1,3c,09,d8,3b,90,ff,a3,05,66,67,..
"khjeh"=hex:39,7f,22,97,bf,7d,5e,cc,15,1b,24,16,d0,0e,28,15,34,03,b6,a6,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7f,37,a8,25,61,b7,47,99,86,61,91,ab,94,99,36,9a,22,a5,8d,e4,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:cc,0e,25,d3,7c,e6,f2,4a,6e,ce,ea,ae,e1,c0,e3,42,21,c6,39,79,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,22,90,76,ea,c9,c1,ec,a1,48,ce,05,5b,62,1b,52,f0,24,bd,1d,bc,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,09,96,4c,cf,ec,e1,3c,09,d8,3b,90,ff,a3,05,66,67,..
"khjeh"=hex:39,7f,22,97,bf,7d,5e,cc,15,1b,24,16,d0,0e,28,15,34,03,b6,a6,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7f,37,a8,25,61,b7,47,99,86,61,91,ab,94,99,36,9a,22,a5,8d,e4,68,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="20A9D964B100B80E1B66964E117637E9E79987EEAAB7CA47456C65E9251E5F5830AB9B9B06BF47EF565605E7CF895E93E348F393726EFE9915F294FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407C1F7268A396BE32F47FED5A9E20D670B9A6BE2CACA8AB157EA5925FC03CB96EE1068AF25FBBCAE716E2D066C1E658F9EDBF4568982D28E7E99D34B50334F18626704E79A7CEB98B110197779D054F20222FE893D3B0182091ECA85C5E2A43554CB5AC3AA1A7CB3580B46BFAD046493CEC62254FE46C221DCE70C0CD3CB3F3396678DFC4A96C8154761CB3A1AA1727990450B529DD61C03538DF85A280BE55B6F89D31021987C56D03B558504FA31ADC63EF8E21D84E2C2B8C507B11F22B47819A2F63E0DAA9815B9E12282E541A5BFE676C1A8B14EC101CD6F3F964F761C5CC04AD68C9DBAF173404685D76D0E294357534C0B4792B861C80BBE4FFED2DF5B89B8E3C4971B329712F9E570FBDBE9CCF46315B47C15980AD1BBB6E9A8E1964E88CC2574F304D3A85134BEF8260A6A7790D32D15A28089A885CCEC35FDB62E914887B36BDE8DA95796CEA0E3B6DB7FE3ECFAB860C260856B75AA3A46E047E3864790C0BFB9B658D36B4AADE72A78D232C1CE6E0C14A4DC86A7E48CF369EA4D9176308BC996E2D7D3D0499D0033EB640BBCEC1DD387A1303293B1655C63E1D11A3CD36DA740D7F511B712BA6835250318FC942337BE90F7A8A769D7DE4E4B2C8DF30F4D39B23FD249088F65A44D77D58716A97579108C7E2A44098F9EDCACED5D6997AB259E2962BD9C5111F9451BD60D11B31B21079862FABD31C80477F0797EDF469954E786EEB4458A44F321AA53DD68DE33F9619517E25D28D43DB96407688C1ABEF2A7AE14F744901BDF15A6ECB78EFA6B9292CD612CE0D41937F1B8A2171BB3D3F2AA5AC3D4505F434F8A7099D4E4FB09BEBE6E5E28F8458FA924832B0D28D92888F02A429B95168218A0D1A37C45F96495C2067B2A4AAA440A893DD54E47771EAEAE9F27243276ADD6A7F3A8F0FAB0E9712D0B7C88EE58D8158B4429637B18AB204CA0E0C739E8B1E6A4E71A80C5001A713E53F71FF2C9834B4BD902D7C1EED9606779B0E232F60CECD2A0BEF7DA6C877AEE9D57CE57198B711BA20F3D08D2C9B250D528D718D052CB1E742EA9E09C5D3169895B7B1209510E8229552AAE3B2BA18B49B30D59C82AB1A8A0D7ECF45ED4838A9B950B8B7EC26F3DDA2C340CC745F9CF4A8EEAD9544F0AC7C37D9DA61F409E66BAEC6A20816723BB08BDF86A3BF14C0CB4495FEF11910785E03418F9F482F543351B88213ED77FA0E58B1A08F9A0EEE0C3C85C663CD3A020DFE540E61795C09B3B"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"D:\\program files\\Lineage II\\system\\L2.exe"="D:\\program files\\Lineage II\\system\\L2.exe:*:Enabled:L2.exe"
"D:\\program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="D:\\program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:Call of Duty(R) 2 Multiplayer"
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\\program files\\BitComet\\BitComet.exe"="D:\\program files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Documents and Settings\\ondra\\Plocha\\BitComet.exe"="C:\\Documents and Settings\\ondra\\Plocha\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\program files\\World in Conflict\\wic_online.exe"="D:\\program files\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"D:\\program files\\Valve\\hl.exe"="D:\\program files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\program files\\GOTCHA!\\Gotcha.exe"="D:\\program files\\GOTCHA!\\Gotcha.exe:*:Disabled:Gotcha!"
"D:\\program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\program files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\\program files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="D:\\program files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\ondra\\Local Settings\\Temp\\bulanci.tmp"="C:\\Documents and Settings\\ondra\\Local Settings\\Temp\\bulanci.tmp:*:Enabled:bulanci"
"D:\\program files\\Hamachi\\hamachi.exe"="D:\\program files\\Hamachi\\hamachi.exe:*:Disabled:Hamachi Client"
"D:\\program files\\eMule\\emule.exe"="D:\\program files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\program files\\Age of Empires II\\empires2.exe"="D:\\program files\\Age of Empires II\\empires2.exe:*:Disabled:Age of Empires II"
"D:\\program files\\Warcraft III\\Warcraft III.exe"="D:\\program files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\program files\\ICQ6\\ICQ.exe"="D:\\program files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"D:\\program files\\EA Sports\\FIFA 08\\FIFA08.exe"="D:\\program files\\EA Sports\\FIFA 08\\FIFA08.exe:*:Disabled:FIFA08"
"D:\\program files\\Sports Interactive\\Football Manager 2008\\fm.exe"="D:\\program files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"D:\\program files\\World in Conflict\\wic.exe"="D:\\program files\\World in Conflict\\wic.exe:*:Disabled:World in Conflict"
"D:\\program files\\World in Conflict\\wic_ds.exe"="D:\\program files\\World in Conflict\\wic_ds.exe:*:Disabled:World in Conflict - Dedicated Server"
"D:\\program files\\Valve\\cstrike.exe"="D:\\program files\\Valve\\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Disabled:Nero ControlCenter"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"D:\\program files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="D:\\program files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\\program files\\TmNationsForever\\TmForever.exe"="D:\\program files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"D:\\program files\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\program files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"D:\\program files\\QIP Infium\\infium.exe"="D:\\program files\\QIP Infium\\infium.exe:*:Enabled:QIP Infium"
"D:\\program files\\Racer\\tracked.exe"="D:\\program files\\Racer\\tracked.exe:*:Disabled:tracked"
"D:\\program files\\Racer\\racer.exe"="D:\\program files\\Racer\\racer.exe:*:Disabled:racer"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 27 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

Ahojky Fredíku,

super zatím móóóccc dík..... C i D (disky jsou na místě, ale ještě mi prosím poraď jak se zbavím nápisu virus alert u hodin ?

Zatím ahoj a ještě jednou moc dík.....

Spusť znovu HijackThis a zaškrtni v něm čtverečky před řádky pokud tam budou:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O3 - Toolbar: fqbewlna - {FC907671-A480-49CF-8953-F5E5CA145228} - C:\WINDOWS\fqbewlna.dll (file missing)
O21 - SSODL: mgxfebsq - {2CB8F58B-7711-4937-80F9-F0E756C2D204} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {ACC0A103-4F90-4EC3-98EF-E7D23F195BD7} - C:\WINDOWS\dtseqrxk.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... otevře se ti okno kde do volného řádku napiš/zkopíruj postupně příkazy označené tučně:
sc stop perfmons
klikni buď na tlačítko OK nebo dej Enter
pak tam zkopíruj tento příkaz
sc delete perfmons
a zase buď klikni na tlačítko OK nebo dej Enter

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený modře:
@echo off
set lvyp="%userprofile%\plocha\vyp.txt"
if exist %lvyp% del %lvyp%
dir "%AppData%\TmpRecentIcons" /a/s>> %lvyp%
start notepad %lvyp%
Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: vyptmp.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu

Spusť ho a za chvíli se ti zobrazí okno s logem, tak ho sem vlož + nový log z HJT

zdravím Tě Fredíku a pokračuji na tvé pokyny......

new log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54: VIRUS ALERT!, on 9.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\pc\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O3 - Toolbar: fqbewlna - {FC907671-A480-49CF-8953-F5E5CA145228} - C:\WINDOWS\fqbewlna.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [40e800a5] rundll32.exe "C:\WINDOWS\system32\ajqnmyrm.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "D:\program files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\program files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\program files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: mgxfebsq - {2CB8F58B-7711-4937-80F9-F0E756C2D204} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: dtseqrxk - {ACC0A103-4F90-4EC3-98EF-E7D23F195BD7} - C:\WINDOWS\dtseqrxk.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8228 bytes


a tady výsledek vyptmp.bat...

Svazek v jednotce C je Windows XP.
S‚riov‚ źˇslo svazku je 40E8-000A.

Věpis adres ýe C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons

07.09.2008 19:00 <DIR> .
07.09.2008 19:00 <DIR> ..
28.08.2007 21:38 847 Adobe Photoshop 7.0 CE.lnk
21.12.2007 13:35 598 BitComet.lnk
28.08.2007 18:40 682 CDex.lnk
21.08.2008 13:40 1˙694 CyberLink PowerDVD.lnk
24.08.2008 15:44 696 Digital Video Converter (2).lnk
28.08.2007 18:42 680 DVD Shrink 3.2.lnk
04.09.2008 18:23 687 EPSON Scan (2).lnk
01.01.2008 14:03 1˙339 foto zaloha.lnk
07.09.2008 17:03 1˙589 Magic Video Converter.lnk
01.09.2008 21:12 2˙517 Microsoft Office Excel 2003.lnk
30.05.2008 14:57 2˙481 Microsoft Office PowerPoint 2003.lnk
26.08.2008 08:01 2˙561 Microsoft Office Word 2003.lnk
12.12.2007 18:34 1˙214 mp3 (2).lnk
07.09.2007 14:53 1˙293 mp3.lnk
28.11.2007 15:24 907 Need for Speed Underground 2.lnk
27.08.2007 23:36 738 Outlook Express.lnk
07.02.2008 13:28 943 Spybot - Search & Destroy.lnk
28.08.2007 18:52 718 Total Commander.lnk
21.08.2008 19:04 787 Z stupce - moviemk.exe.lnk
28.08.2007 18:55 1˙832 éklid 1 kliknutˇm.lnk
20 soubor…, 24˙803 bajt…

Poźet soubor… v seznamu:
20 soubor…, 24˙803 bajt…
Adres ý…: 2, Volněch bajt…: 7˙172˙718˙592

Zdravím Fredíka,
po restartu PC zmizel napis VIRUS ALERT na liště u hodin, moc dík poslal jsem Ti, oč jsi žádal nevím co z toho vše vyčteš, ale jsi kabrňák a ještě jednou dík....
Ale i tak mi ten pacholek udělal v PC paseku a tak to projíždím jak se dá a mám tu ještě malý bombónek.... centrum zabezpečení mi svítí červeně, nejde nastavit ani přes ovládací panely. Když na něj kliknu vpravo dole a to pravou myší , mám tam i nabídku 1. spustit centrum zabezpečení (což nejde) a 2. přejít na web Microsoft security (což nejsem blázen, abych 2 x vstoupil do téže řeky )

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený modře:
@echo off
for %%g in (
"%AppData%\TmpRecentIcons\Adobe Photoshop 7.0 CE.lnk"
"%AppData%\TmpRecentIcons\BitComet.lnk"
"%AppData%\TmpRecentIcons\CDex.lnk"
"%AppData%\TmpRecentIcons\CyberLink PowerDVD.lnk"
"%AppData%\TmpRecentIcons\Digital Video Converter (2).lnk"
"%AppData%\TmpRecentIcons\DVD Shrink 3.2.lnk"
"%AppData%\TmpRecentIcons\EPSON Scan (2).lnk"
"%AppData%\TmpRecentIcons\foto zaloha.lnk"
"%AppData%\TmpRecentIcons\Magic Video Converter.lnk"
"%AppData%\TmpRecentIcons\Microsoft Office Excel 2003.lnk"
"%AppData%\TmpRecentIcons\Microsoft Office PowerPoint 2003.lnk"
"%AppData%\TmpRecentIcons\Microsoft Office Word 2003.lnk"
"%AppData%\TmpRecentIcons\mp3 (2).lnk"
"%AppData%\TmpRecentIcons\mp3.lnk"
"%AppData%\TmpRecentIcons\Need for Speed Underground 2.lnk"
"%AppData%\TmpRecentIcons\Outlook Express.lnk"
"%AppData%\TmpRecentIcons\Spybot - Search & Destroy.lnk"
"%AppData%\TmpRecentIcons\Total Commander.lnk"
"%AppData%\TmpRecentIcons\Z stupce - moviemk.exe.lnk"
"%AppData%\TmpRecentIcons\éklid 1 kliknutˇm.lnk"
) do (
if exist %%g (
move /y %%g "%userprofile%\plocha"
if exist %%g (
echo Soubor %%g nebyl presunut.>>"%userprofile%\plocha\ikony.txt") else (
echo Soubor %%g byl uspesne presunut.>>"%userprofile%\plocha\ikony.txt")))
notepad "%userprofile%\plocha\ikony.txt"
del /a /f /q "%userprofile%\plocha\ikony.txt"
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: prestmp.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.

Spusť ho a za chvíli se ti zobrazí okno s logem, tak ho sem vlož.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ikony úspěšně navráceny na plochu !!!

Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Adobe Photoshop 7.0 CE.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\BitComet.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\CDex.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\CyberLink PowerDVD.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Digital Video Converter (2).lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\DVD Shrink 3.2.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\EPSON Scan (2).lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\foto zaloha.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Magic Video Converter.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Microsoft Office Excel 2003.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Microsoft Office PowerPoint 2003.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Microsoft Office Word 2003.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\mp3 (2).lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\mp3.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Need for Speed Underground 2.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Outlook Express.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Spybot - Search & Destroy.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\Total Commander.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\pc\Data aplikacˇ\TmpRecentIcons\éklid 1 kliknutˇm.lnk" byl uspesne presunut.

A tady je log z Gombofixu

ComboFix 08-09-05.12 - pc 2008-09-09 17:41:31.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.640 [GMT 2:00]
Spusteny z: C:\Documents and Settings\pc\Plocha\ComboFix.exe
* Vytvoren novy Bod Obnoveni
* Resident AV is active


VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.

((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\ajqnmyrm.dll
C:\WINDOWS\system32\DdehQqru.ini
C:\WINDOWS\system32\DdehQqru.ini2
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrymnqja.ini
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\tmp0_438536542930.bk
C:\WINDOWS\system32\tmp2_376107460467.bk
C:\WINDOWS\system32\tmp5_794221288469.bk
C:\WINDOWS\system32\urqQhedD.dll

.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-09 do 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-08 15:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-08 15:25 . 2008-09-08 15:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-08 14:30 . 2008-09-08 14:30 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-08 14:28 . 2008-09-08 14:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-08 14:22 . 2008-09-08 14:46 <DIR> d-------- C:\SDFix
2008-09-07 21:46 . 2007-08-27 23:20 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-09-07 21:46 . 2008-09-09 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-09-07 21:46 . 2007-08-28 01:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-09-07 21:46 . 2007-08-28 01:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-09-07 21:46 . 2007-08-28 01:12 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-09-07 21:46 . 2007-08-28 01:12 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-09-07 21:46 . 2007-08-28 01:12 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-09-07 21:46 . 2008-09-07 21:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-09-07 21:46 . 2008-09-07 21:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-07 18:46 . 2008-09-07 16:12 344,064 --a------ C:\WINDOWS\vmgspntberf.dll
2008-09-07 18:46 . 2008-09-07 16:12 147,456 --a------ C:\WINDOWS\mqgldfvo.exe
2008-09-07 18:36 . 2008-09-05 01:52 0 --a------ C:\WINDOWS\system32\msupdater354.dat
2008-09-07 17:03 . 2008-09-07 17:04 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-09-07 17:03 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-08-28 19:39 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-26 10:42 . 2008-08-26 10:42 <DIR> d-------- C:\WINDOWS\system32\cs
2008-08-26 10:42 . 2008-08-26 10:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 10:42 . 2008-08-26 10:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 10:36 . 2008-08-26 10:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 18:21 . 2008-08-21 18:21 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-08-21 18:18 . 2008-08-21 18:18 <DIR> d-------- C:\Program Files\Gabest
2008-08-21 18:17 . 2008-08-21 18:21 <DIR> d-------- C:\Program Files\AutoGK
2008-08-21 17:57 . 2008-08-27 16:58 <DIR> d-------- C:\digitalvideoconverter
2008-08-21 17:56 . 2008-08-21 17:56 <DIR> d-------- C:\Program Files\Digital Video Converter
2008-08-19 10:53 . 2008-04-14 05:21 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-19 10:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-19 10:51 . 2008-04-14 05:21 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-08-17 13:23 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-08-17 13:23 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-08-17 13:04 . 2008-09-07 16:45 <DIR> d-------- C:\mp3
2008-08-13 08:27 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 20:04 . 2008-09-06 13:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-11 20:04 . 2008-08-11 20:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-10 14:49 . 2008-08-10 14:53 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-08-10 14:49 . 2008-08-10 14:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-08-10 14:49 . 2008-08-10 14:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 13:26 --------- d-----w C:\Program Files\Java
2008-08-29 21:04 --------- d-----w C:\Program Files\Pool Sharks
2008-08-29 15:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 11:07 --------- d-----w C:\Program Files\Nero
2008-08-29 11:07 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-29 10:52 --------- d-----w C:\Program Files\Neroport
2008-08-29 10:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-21 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 11:40 --------- d-----w C:\Program Files\CyberLink
2008-08-07 15:38 --------- d-----w C:\Program Files\Electronic Arts
2008-08-05 07:17 159,835 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-08-05 07:17 --------- d-----w C:\Program Files\Marsu-Fix
2008-08-05 07:15 --------- d-----w C:\Program Files\PDF
2008-08-05 07:15 --------- d-----w C:\Program Files\Common Files\soft602
2008-08-03 18:56 --------- d-----w C:\Program Files\Image-Line
2008-07-28 10:24 --------- d-----w C:\Program Files\ICQToolbar
2008-07-22 17:54 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"BitComet"="D:\program files\BitComet\BitComet.exe" [2007-09-10 6338360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-06-09 358874]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-28 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitComet"="D:\program files\BitComet\BitComet.exe" /tray
"Outlook Express"=C:\Program Files\Outlook Express\msimn.exe
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"WireLessMouse"=C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\program files\\Lineage II\\system\\L2.exe"=
"D:\\program files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files\\BitComet\\BitComet.exe"=
"D:\\program files\\Valve\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\program files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\program files\\Hamachi\\hamachi.exe"=
"D:\\program files\\Age of Empires II\\empires2.exe"=
"D:\\program files\\Warcraft III\\Warcraft III.exe"=
"D:\\program files\\ICQ6\\ICQ.exe"=
"D:\\program files\\Valve\\cstrike.exe"=
"D:\\program files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"D:\\program files\\TmNationsForever\\TmForever.exe"=
"D:\\program files\\QIP Infium\\infium.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11383:TCP"= 11383:TCP:BitComet 11383 TCP
"11383:UDP"= 11383:UDP:BitComet 11383 UDP
"17089:TCP"= 17089:TCP:BitComet 17089 TCP
"17089:UDP"= 17089:UDP:BitComet 17089 UDP
"24432:TCP"= 24432:TCP:BitComet 24432 TCP
"24432:UDP"= 24432:UDP:BitComet 24432 UDP
"27602:TCP"= 27602:TCP:BitComet 27602 TCP
"27602:UDP"= 27602:UDP:BitComet 27602 UDP
"7570:TCP"= 7570:TCP:BitComet 7570 TCP
"7570:UDP"= 7570:UDP:BitComet 7570 UDP
"26427:TCP"= 26427:TCP:BitComet 26427 TCP
"26427:UDP"= 26427:UDP:BitComet 26427 UDP
"11589:TCP"= 11589:TCP:BitComet 11589 TCP
"11589:UDP"= 11589:UDP:BitComet 11589 UDP
"9853:TCP"= 9853:TCP:BitComet 9853 TCP
"9853:UDP"= 9853:UDP:BitComet 9853 UDP
"7866:TCP"= 7866:TCP:BitComet 7866 TCP
"7866:UDP"= 7866:UDP:BitComet 7866 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-01-14 33824]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-09-20 3584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -

BHO-{77B13BB8-2147-4360-8F1E-AD41C357CCD9} - C:\WINDOWS\system32\urqQhedD.dll
BHO-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\geBrpmnK.dll
HKLM-Run-40e800a5 - C:\WINDOWS\system32\ajqnmyrm.dll
ShellExecuteHooks-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\geBrpmnK.dll


.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\3fkrazrn.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 17:48:03
Windows 5.1.2600 Service Pack 3 NTFS

skenovani skrytych procesu ...

skenovani skrytych polozek 'Po spusteni' ...

skenovani skrytych souboru ...

sken byl uspesne dokoncen
skryte soubory: 0

**************************************************************************
.
------------------------ Jine spustene procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkovy cas: 2008-09-09 17:53:44 - pocitac byl restartovan
ComboFix-quarantined-files.txt 2008-09-09 15:53:37

Pre-Run: 7,113,650,176
Post-Run: 8,040,521,728

225 --- E O F --- 2008-09-02 10:18:08

Hmm.... vypadá to jako,že by to mělo být v pořádku..... centrum zabezpečení taky OK.....
Zatím dík a kdyby jsi něco přečetl z těch logů dej vědět určitě se tu objevím.....


M ÓÓÓCCC díky !!!

S pozdravem Leo

Smaž ručně tyto dva soubory označené tučně:
C:\WINDOWS\vmgspntberf.dll
C:\WINDOWS\mqgldfvo.exe
kdyby byl nějaký problém tak dej vědět.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině (nepoužít jeho malware scaner, nebo přes něj odstranit co najde)

Můžeš případně ještě poslat nový log z HJT.