PC-HELP.CZ

Fri Oct 20 21:39:35 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Fri Oct 20 21:39:36 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:38 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Fri Oct 20 21:39:38 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:39 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Oct 20 21:39:39 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:39 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Oct 20 21:39:39 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:52 2006 => Offending value found in HKLM\Software\Licenses: {k7c0db872a3f777c0} !!!
Fri Oct 20 21:39:52 2006 => Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:42:13 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 CD Doctor Lite_is1". Action Taken: No Action Taken.
Fri Oct 20 21:42:14 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Poker". Action Taken: No Action Taken.
Fri Oct 20 21:27:44 2006 => File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 21:30:04 2006 => File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 21:50:29 2006 => File D:\WINDOWS\System32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.

/úprava logu + nadpisu
/mikel

Nevím, který log je dobře. tentoje zkopírovany z MWAVu (spodního okna). Absolutně v tom nejsem zběhlý...

File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2.1" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp.CddbDisc" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager.1" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit.1" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbDisc.1" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbFullName.1" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control.1" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.FullName" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI.1" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Actions" refers to invalid object "{FB53B9F5-7549-49EC-9741-67725D24A989}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.ActiveScript Host" refers to invalid object "{DB01A1E3-A42B-11CF-8F20-00805F2CD064}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Constants" refers to invalid object "{EE4D45D8-8C42-4721-ACF7-F8D0A3DC81B3}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.EditControl" refers to invalid object "{2FB80EA7-796F-4938-9D51-56E9B80C5AD7}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Help" refers to invalid object "{D7712D85-6B1D-4524-BB4C-F3FDCD8D3520}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Lines" refers to invalid object "{1BBF5ABF-76F5-4D88-BED4-B491C0EDDCB4}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Menu" refers to invalid object "{2F2F425D-570F-467A-841F-574C384692C0}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.SecretClass" refers to invalid object "{CDDAC1C7-07E5-4AE8-8EE6-AC31FDA6293B}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Variables" refers to invalid object "{6B9A7CE4-0517-430A-95F2-157FAB5B9555}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 CD Doctor Lite_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Poker". Action Taken: No Action Taken.
File D:\WINDOWS\System32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.

C:\WINDOWS\SYSTEM32\winjcr32.dll odstraň Killboxem: http://www.viry.cz/forum/viewtopic.php?t=2305 . spusť a do okénka zkopíruj cestu k souboru. zaškrtni Delete on reboot a unregister dll before deleting a stiskni křížek.
komp pude do restartu. potom pošli log z HijackThis a napiš co máš za potíže

Logfile of HijackThis v1.99.1
Scan saved at 0:35:41, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

jo,moje chyba. ty to máš v D:

fixni

O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll

O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe

potom použij killbox a do okýnka zkopíruj
D:\WINDOWS\SYSTEM32\winjcr32.dll
zaškrtni Delete on reboot a unregister dll before deleting a stiskni křížek.
komp pude do restartu.
a ještě jeden log na dočištění

zapoměl bych!

absence service packu 2 je velká bezpečnostní díra!
stejně tak dva rezidentní štíty antivirů(avast a nod).
jeden zastav.

Posledni log
Logfile of HijackThis v1.99.1
Scan saved at 9:22:22, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

1. Hijack - fixni tohle:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)

Jak ti radil náš pan baron, musíš zastavit jeden z antivirů! Jestli je jeden z nich plná verze, tak zastav ten druhý. Jestli je NOD trial, tak zastav NODa.
A ty by ses měl urychleně řídit druhou radou a nainstalovat nejdříve SP1 a pak SP2.

2. MWAV
- nejdříve v registrech najdi a smaž červeně označené klíče:
HOT_KEY_LOCAL_MACHINE\Software\microsoft\downloadmanager
HOT_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HOT_KEY_LOCAL_MACHINE\Software\Licenses: {k7c0db872a3f777c0} - pozor, to je pouze hodnota v pravé straně okna!
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com

PC-HELP.CZ

Log z MWAV - nález!

Log z MWAV - nález!