Prosím o pomoc při vyčištění trojan-spy.win32

[Xi]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\HPLiteSaver.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Marcus\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: complacential - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9172 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
+
dej sem pak nový log z HijackThis

[Baron Prášil]

toto fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O22 - SharedTaskScheduler: complacential - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll

tučně označenej najdi a smaž
(líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)

potom použij smitfraudfix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Restartuj do nouzového režimu:
Spustíš stažený soubor SmitFraudFix.exe - objeví se modrá obrazovka kterou odklikneš libovolnou klávesou. Po té se ti objeví menu, kde stiskneš volbu 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

po restartu pošli log ze smitfraudfix (C:\rapport.txt) a nový log z hijackthis

[Xi]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2007 at 08:52 PM

Application Version : 3.9.1008

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 00:33:56

Memory items scanned : 576
Memory threats detected : 5
Registry items scanned : 6764
Registry threats detected : 30
File items scanned : 34948
File threats detected : 33

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\YNEID.DLL
C:\WINDOWS\SYSTEM32\YNEID.DLL
HKLM\Software\Classes\CLSID\{41591d7f-9e25-4bd0-af53-9908fcf3a738}
HKCR\CLSID\{41591D7F-9E25-4BD0-AF53-9908FCF3A738}
HKCR\CLSID\{41591D7F-9E25-4BD0-AF53-9908FCF3A738}\InProcServer32
HKCR\CLSID\{41591D7F-9E25-4BD0-AF53-9908FCF3A738}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{41591d7f-9e25-4bd0-af53-9908fcf3a738}

Trojan.Media-Codec/V4
C:\PROGRAM FILES\VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ICTHIS.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMNTR.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMNTR.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ICMNTR.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMM.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMM.EXE
[some] C:\PROGRAM FILES\VIDEO ADD-ON\ICTHIS.EXE
[start] C:\PROGRAM FILES\VIDEO ADD-ON\ISFMNTR.EXE
HKLM\Software\Classes\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON\ICTMDL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}
HKCR\CLSID\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}
HKCR\CLSID\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}\InprocServer32
HKCR\CLSID\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\Video Add-on\icthis.exe ]
C:\Program Files\Video Add-on\ictun.exe
C:\Program Files\Video Add-on\icun.exe
C:\Program Files\Video Add-on\isfun.exe
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\Program Files\Video Add-on
HKU\S-1-5-21-515967899-789336058-725345543-1003\Software\Online Add-on
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString
C:\WINDOWS\Prefetch\ICTHIS.EXE-22FBFBD8.pf
C:\WINDOWS\Prefetch\ISFMNTR.EXE-385778EF.pf

Adware.Tracking Cookie
C:\Documents and Settings\Marcus\Cookies\marcus@www.malwareburn[1].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.url
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\MARCUS\DATA APLIKACí\INSTALL_EN[1].EXE
C:\DOCUMENTS AND SETTINGS\MARCUS\DATA APLIKACí\INSTALL_EN[2].EXE
C:\DOCUMENTS AND SETTINGS\MARCUS\DATA APLIKACí\SETUP_EN[1].EXE
C:\DOCUMENTS AND SETTINGS\MARCUS\LOCAL SETTINGS\TEMP\58GY8AQV.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP356\A0041155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP357\A0041242.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP357\A0041250.EXE
C:\WINDOWS\Prefetch\INSTALL_EN[1].EXE-1EDCC237.pf
C:\WINDOWS\Prefetch\INSTALL_EN[1].EXE-28251167.pf

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\MARCUS\OBLíBENé POLOžKY\ONLINE SECURITY TEST.URL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP355\A0041105.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP356\A0041159.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP357\A0041261.EXE

Malware.Downloader-Gen/BestSellerAntiVirus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C3DDA54A-DFBB-48EE-849D-61C8BE5C81F6}\RP357\A0041255.EXE








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\HPLiteSaver.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Marcus\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8777 bytes

[Baron Prášil]

log je v pořádku.

ještě fixni zbytečnosti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

momentálně ti běžej dva antispy štíty najednou (superantispy a spyterminator)
rozhodni se a u jednoho vypni štít

a velmi bych se přimlouval za instalaci firewallu
vyber si tady,doporučuju ZoneAlarm nebo Comodo

[Xi]

Ogaři díky moc.

Docela obdivuji rychlosti vašich odpovědí.

Xi

[Baron Prášil]

takže,hlavně za ogara fredika:nemáš za co

a dík za pochvalu.když zkontroluješ tisíc logů,dostaneš to do voka