prosím o kontrolu,nalezen troják..

[jaro3]

Ten Avenger jsi nedělal, viz výše?

[Reklama]

[cervenacek]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msqpdxserv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[jaro3]

Vlož sem ještě log z HJT a napiš jak se chová comp.

[cervenacek]

ComboFix 08-12-06.06 - Pavel 2008-12-08 16:08:18.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1187 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-08 do 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-08 11:29 . 2008-12-08 11:29 <DIR> d-------- c:\program files\ESET
2008-12-08 11:29 . 2008-12-08 11:29 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2008-12-08 10:18 . 2008-12-08 10:18 <DIR> d-------- c:\program files\Glary Registry Repair
2008-12-07 21:08 . 2008-12-07 21:08 626,688 --a------ c:\windows\system32\msvcr80.dll
2008-12-07 21:08 . 2008-12-07 21:08 548,864 --a------ c:\windows\system32\msvcp80.dll
2008-12-07 21:08 . 2008-12-07 21:08 28,672 --a------ c:\windows\system32\eEmpty.exe
2008-12-07 21:08 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2008-12-07 15:11 . 2008-12-07 15:11 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-05 14:44 . 2008-12-05 14:44 <DIR> d-------- C:\Intel
2008-12-05 14:44 . 2008-07-16 16:05 53,248 --a------ c:\windows\system32\CSVer.dll
2008-12-05 14:12 . 2008-12-08 10:33 <DIR> d-------- c:\program files\IObit
2008-12-03 16:07 . 2008-12-03 16:07 <DIR> d-------- c:\windows\Sun
2008-12-03 11:08 . 2008-12-08 11:17 <DIR> d-------- c:\documents and settings\Pavel\Data aplikací\AVG7
2008-12-03 11:08 . 2008-12-03 11:08 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\AVG7
2008-12-03 11:08 . 2008-12-03 11:08 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\AVG7
2008-12-03 11:08 . 2008-12-03 11:08 <DIR> d-------- c:\documents and settings\LocalService\Data aplikací\AVG7
2008-12-03 11:08 . 2008-12-08 11:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg7
2008-12-02 15:30 . 2008-12-02 15:46 <DIR> d-------- c:\program files\The Stalin Subway
2008-11-29 17:32 . 2008-11-29 17:33 <DIR> d-------- c:\documents and settings\Pavel\Data aplikací\NT Meter
2008-11-29 08:26 . 2008-12-08 11:03 <DIR> d-------- c:\program files\Launchy
2008-11-29 08:26 . 2008-11-29 08:27 <DIR> d-------- c:\documents and settings\Pavel\Data aplikací\Launchy
2008-11-28 10:56 . 2008-12-06 13:28 <DIR> d-------- c:\program files\Readon Technology
2008-11-25 11:16 . 2008-11-25 11:16 <DIR> d-------- c:\program files\EA GAMES
2008-11-22 20:27 . 2008-11-22 20:27 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-22 20:27 . 2008-11-22 20:27 <DIR> d-------- c:\program files\Jalbum
2008-11-22 20:26 . 2008-11-22 20:26 <DIR> d--h----- c:\documents and settings\Pavel\InstallAnywhere
2008-11-22 20:25 . 2008-11-22 20:24 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 20:25 . 2008-11-22 20:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-22 20:24 . 2008-11-22 20:24 <DIR> d-------- c:\program files\Java
2008-11-12 22:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 22:04 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 21:20 . 2008-11-10 21:20 <DIR> d-------- c:\program files\Desktop Lighter
2008-11-10 11:15 . 2008-12-08 13:00 <DIR> d-------- c:\program files\GoQ - NetRadio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 14:57 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-08 14:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-12-08 10:03 --------- d-----w c:\program files\Mafia
2008-12-08 10:03 --------- d-----w c:\program files\HD Tune
2008-12-08 10:03 --------- d-----w c:\program files\AdorageI-SAL
2008-12-08 09:37 --------- d-----w c:\program files\AdorageI-GfxDatas
2008-12-08 09:20 --------- d-----w c:\documents and settings\Pavel\Data aplikací\GlarySoft
2008-12-08 09:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-08 09:10 --------- d-----w c:\documents and settings\Pavel\Data aplikací\SUPERAntiSpyware.com
2008-12-05 17:19 --------- d-----w c:\documents and settings\Pavel\Data aplikací\OpenOffice.org2
2008-12-05 13:48 --------- d-----w c:\documents and settings\Pavel\Data aplikací\IObit
2008-12-02 11:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2008-11-25 12:05 --------- d-----w c:\program files\The KMPlayer
2008-11-25 11:52 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Skype
2008-11-25 11:51 --------- d-----w c:\documents and settings\Pavel\Data aplikací\skypePM
2008-11-25 10:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 10:58 --------- d-----w c:\documents and settings\Pavel\Data aplikací\XnView
2008-11-19 05:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 12:43 --------- d-----w c:\program files\EA SPORTS
2008-11-06 08:13 --------- d-----w c:\program files\Audacity
2008-11-05 16:50 --------- d-----w c:\program files\18 Wheels of Steel Haulin
2008-11-05 14:52 --------- d-----w c:\program files\RocketDock
2008-11-05 12:54 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Ahead
2008-11-05 12:53 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Acoustica
2008-11-05 12:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acoustica
2008-11-02 19:36 --------- d-----w c:\documents and settings\Pavel\Data aplikací\CyberLink
2008-11-02 18:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-02 11:36 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Hamachi
2008-11-02 11:28 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-10-31 18:27 325,632 ----a-w c:\windows\system32\EAREMOVE.EXE
2008-10-31 15:42 --------- d-----w c:\program files\Spyware Doctor
2008-10-31 15:42 --------- d-----w c:\program files\GTR2
2008-10-31 14:20 --------- d-----w c:\program files\AusLogics Disk Defrag
2008-10-30 17:15 98,304 ----a-w c:\windows\system32CmdLineExt.dll
2008-10-26 11:11 --------- d-----w c:\program files\XnView
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 06:56 --------- d-----w c:\documents and settings\Pavel\Data aplikací\dvdcss
2008-10-24 06:54 --------- d-----w c:\documents and settings\Pavel\Data aplikací\vlc
2008-10-22 16:01 1,430,808 ----a-w c:\windows\system32\AutoPartNt.exe
2008-10-22 12:01 --------- d-----w c:\documents and settings\Pavel\Data aplikací\PC Tools
2008-10-22 10:59 400,864 ----a-w c:\windows\system32\drivers\timntr.sys
2008-10-22 10:59 32,768 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-10-21 10:04 --------- d-----w c:\program files\Ashampoo
2008-10-21 06:15 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Acronis
2008-10-21 06:12 --------- d-----w c:\documents and settings\LocalService\Data aplikací\Acronis
2008-10-21 06:12 --------- d-----w c:\documents and settings\LocalService\Data aplikací\Acronis
2008-10-21 06:12 --------- d-----w c:\documents and settings\LocalService\Data aplikací\Acronis
2008-10-21 06:08 368,736 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-10-20 15:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acronis
2008-10-20 15:15 971,232 ----a-w c:\windows\system32\drivers\tdrpm147.sys
2008-10-20 15:15 134,272 ----a-w c:\windows\system32\drivers\snman380.sys
2008-10-20 13:15 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Genie-soft
2008-10-20 11:43 114,048 ----a-w c:\windows\system32\drivers\snapman.sys
2008-10-20 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\STOPzilla!
2008-10-16 20:02 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Sachy
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-14 18:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Trymedia
2008-10-14 09:41 7,273 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-14 09:41 65,011 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-14 09:41 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-10-14 07:15 --------- d-----w c:\program files\Opera
2008-10-13 08:12 --------- d-----w c:\program files\RegCleaner
2008-10-13 07:55 --------- d-----w c:\documents and settings\Pavel\Data aplikací\gtk-2.0
2008-10-09 20:13 --------- d-----w c:\documents and settings\Pavel\Data aplikací\Custom Skin Clock
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 10:29 47,360 ----a-w c:\documents and settings\Pavel\Data aplikací\pcouffin.sys
2008-09-16 19:12 222,488 ----a-w c:\windows\system32\snapapi.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-14 13:25 53,248 ----a-w c:\windows\unrar.dll
2008-09-14 09:25 21,840 ----a-w c:\windows\system32\SIntfNT.dll
2008-09-14 09:25 17,212 ----a-w c:\windows\system32\SIntf32.dll
2008-09-14 09:25 12,067 ----a-w c:\windows\system32\SIntf16.dll
2008-09-13 17:21 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-09-13 17:21 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_15.53.43,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 15:04:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Booster"=c:\program files\inKline Global\PC Booster\PCBooster.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\GTR2\\GTR2.exe"=
"c:\\Program Files\\The Stalin Subway\\metro2.exe"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2008-10-20 134272]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2007-08-02 69120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-22 356920]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-12-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\ep0nj2pq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 16:10:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-12-08 16:11:21
ComboFix-quarantined-files.txt 2008-12-08 15:11:18
ComboFix2.txt 2008-12-08 14:55:59
ComboFix3.txt 2008-12-08 09:55:34

Před spuštěním: Volných bajtů: 41 459 781 632
Po spuštění: Volných bajtů: 41,447,411,712

204 --- E O F --- 2008-11-12 21:15:14

[cervenacek]

ty všechny programy jsem tam dával postupně a zkoušel jsem kterej z nich mě toho svinstva zbaví.Jinak mám ccleaner,spybot a superantispyware.Včera synovec vlezl na nějaké ruské stránky,prý..

[jaro3]

Ještě nový log z HJT.

[cervenacek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:17, on 8.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pavel\Dokumenty\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4119 bytes

[jaro3]

Vymaž složky po AVG:
c:\documents and settings\Pavel\Data aplikací\AVG7
c:\documents and settings\LocalService\Data aplikací\AVG7
c:\documents and settings\All Users\Data aplikací\avg7

Toto těžko říct-zda fix:

Kód: Vybrat vše

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
(je jen na 30 dní , pak jsou problémy s odinstalací...- můžeš kdykoliv znovu stáhnout)

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

[cervenacek]

moc dík,přeji pohodu.

[jaro3]

Není zač..

[cervenacek]

zdravím,po včerejší likvidaci jsem to dnes projel ještě Spybotem a ten mi našel Win 32.Agent.bzs trojan,smazal jem ho ale po opětovném scanu se znovu objeví,posílám scan ,občas se spustí hdd aniž by se něco na pc.dělalo.dík..

[cervenacek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:55, on 9.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\Pavel\Dokumenty\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4071 bytes