"C:\windows\system32" - okno exploreru po startu (

[Pontiac_CZ]

Okno s touto cestou se mi objeví po přihlášení (kterémukoliv uživateli). Začalo to poté, co jsem si nainstaloval Valid Chat. Už je pryč, ale problém zůstal. Něco jsem v HijackThis už fixnul a dávám sem aktuální log - prosím Vás o upozornění na případného šmejda.


Logfile of HijackThis v1.99.1
Scan saved at 20:59:02, on 30.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Cobian Backup 7\cbs.exe
E:\Program Files\NTWrapperLite\NTWrapper.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\ezSP_Px.exe
E:\Program Files\SSC Service Utility\ssc_serv.exe
E:\Program Files\Cobian Backup 7\cobui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
E:\Program Files\Nokia\PC Suite for Nokia 3650\ConnMngmntBox.exe
E:\Program Files\Nokia\PC Suite for Nokia 3650\ECTaskScheduler.exe
E:\INSTAL\Nokia 3650\pro PC\ComSyn - pro rychlé spojení sériového portu\r\ComSyn1.2.exe
E:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\Documents and Settings\Paja\Dokumenty\Miranda IM\miranda32.exe
E:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
E:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
E:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
E:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
E:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\mmc.exe
E:\totalcmd\TOTALCMD.EXE
e:\INSTAL\bezpečnost\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PathNvidiaTV] E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] E:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "E:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [GuruClock] "E:\Program Files\ABIT\ABIT uGuru\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "E:\Program Files\ABIT\ABIT uGuru\uGuru.exe"
O4 - HKLM\..\Run: [avast!] "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ServiceLayer] "E:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] "E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] E:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [Cobian Backup 7 Interface] "E:\Program Files\Cobian Backup 7\cobui.exe" -SERVICE
O4 - HKLM\..\Run: [Chat]
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ComSyn1.2.exe.lnk = ?
O4 - Startup: gnotify.exe.lnk = E:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: miranda32.lnk = E:\Documents and Settings\Paja\Dokumenty\Miranda IM\miranda32.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = E:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = E:\Program Files\Nokia\PC Suite for Nokia 3650\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = E:\Program Files\Nokia\PC Suite for Nokia 3650\ECTaskScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF7877B6-3837-47E9-8530-3A1CCBFB741B}: NameServer = 212.111.0.10,193.179.148.42
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CesarFTP FTP Server (CesarFTP) - Unknown owner - E:\Program Files\CesarFTP\server.exe
O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - E:\Program Files\Cobian Backup 7\cbs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jetico on NT Wrapper (Jetico) - DuoData(R) Software - E:\Program Files\NTWrapperLite\NTWrapper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

[Reklama]

[mijaja]

Fixni toto:

O4 - HKLM\..\Run: [Chat]

to by mělo být ono, protože jinak tam nemáš nic. Bude to chtít log z MWAVu.

[Pontiac_CZ]

Ano, to pomohlo.
Já tedy jsem tuto položku už předtím fixnul a restartnul počítač, ale HijackThis ji neodstranil - jak vidno byla tam znovu (podruhé jsem si jí v logu nevšimnul). Šel jsem na to ručně a regeditem ji smázl, a je klid. Děkuji.