suspenzorPC

[HyBLiK]

Njn já se v HJT´s tolik nevyznám. Ale ten firewall je docela důležitej, nechápu jaktože ho nemáš!!!

//EDIT: Baron mi hned vynadá jaktože to tu zas jen nesleduji...

[Reklama]

[Ghostwriter]

protože sem blbej a dobře mi tak! problém je že nemůžu nainstalovat SP2, teda aspoň posledně co jsem to dělal mi to nešlo :( pokud se nám to podaří odvirovat, prdnu tam zone alarm, snad tentokrát pošlape

[paul27]

to Ghostwriter: Hlavně nic nemaž, protože ty tři soubory co si označil za svinstvo jsou v pořádku. Už končím nebo mi Baron udělí Ban.

[HyBLiK]

Ghostwriter to musíme taky vyřešit. Bez SP2 je to k ničemu. Popiš co ti nešlo nebo jak?

[Ghostwriter]

paul27: proč by ti měl dávat banána? dyť se mi snažíš pomoct ne? i když fakt nevim, ty soubory se mi vůbec nelíbí, nepamatuju že by tam kdy něco takovýho bylo, ale jasný, nechám je tam dík

[Baron Prášil]

zdá se,že bude třeba sepsat speciální pravidla fóra pro antivirové sekce.

Ghostwriter měl jsi firewall instalovat jako první

teď tedy použijeme combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

[Ghostwriter]

Baron však jsem psal že mi nejde nainstalovat ani jeden z těch tří doporučovaných firewallů. Vždy nějaká chyba aplikace. Zde jsou logy:

ComboFix 08-03-20.5 - lofas 2008-03-21 11:45:06.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.1.1029.18.251 [GMT 1:00]
Running from: C:\Documents and Settings\lofas\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\lofas\Data aplikací\AVSystemCare
C:\Documents and Settings\lofas\Data aplikací\AVSystemCare\Logs\threats.log
C:\Documents and Settings\lofas\Data aplikací\AVSystemCare\Logs\update.log
C:\Documents and Settings\lofas\Data aplikací\macromedia\Flash Player\#SharedObjects\JM6HDKTF\www.broadcaster.com
C:\Documents and Settings\lofas\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\Helper
C:\Program Files\Helper\1205570803.dll
C:\WINDOWS\BM3709c86a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\msettings.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\awuagocc.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\gwamxdqd.dll
C:\WINDOWS\system32\gxpmocuk.ini
C:\WINDOWS\system32\hocuawes.dll
C:\WINDOWS\system32\iesearch.dll
C:\WINDOWS\system32\jkkjjhe.dll
C:\WINDOWS\system32\jloupyct.ini
C:\WINDOWS\system32\kucompxg.dll
C:\WINDOWS\system32\misoaiei.dll
C:\WINDOWS\System32\mljgg.dll
C:\WINDOWS\system32\nwptbbku.dll
C:\WINDOWS\system32\tcypuolj.dll
C:\WINDOWS\system32\vrpitexm.dll
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\update.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Schedule
-------\Schedule


((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-20 16:51 . 2008-03-20 16:34 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
2008-03-20 16:33 . 2008-03-20 17:01 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-20 16:09 . 2008-03-20 16:09 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-20 15:33 . 2008-03-20 15:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-20 15:25 . 2008-03-20 15:57 <DIR> d-------- C:\SDFix
2008-03-20 15:17 . 2008-03-20 15:31 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-20 12:45 . 2008-03-20 12:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 13:39 . 2008-03-19 13:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-18 22:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-18 22:20 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-18 22:18 . 2008-03-18 22:18 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-03-18 22:15 . 2008-03-19 21:32 1,526,857 ---hs---- C:\WINDOWS\system32\sgcgrvsb.ini
2008-03-18 13:46 . 2008-03-18 06:56 266,240 --a------ C:\WINDOWS\altvxvm.dll
2008-03-18 13:46 . 2008-03-18 06:57 204,800 --a------ C:\WINDOWS\etlrlws.dll
2008-03-18 13:46 . 2008-03-18 06:57 94,208 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-18 13:14 . 2008-03-18 13:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-18 13:07 . 2008-03-18 13:07 69,799 --a------ C:\bbavpmp.exe
2008-03-18 13:07 . 2008-03-18 13:07 58,368 --a------ C:\gxtbmq.exe
2008-03-18 13:07 . 2008-03-18 13:07 28,022 --a------ C:\WINDOWS\system32\dllgh8jkd1q2.exe
2008-03-18 13:07 . 2008-03-18 13:07 13,886 --a------ C:\WINDOWS\system32\dllgh8jkd1q7.exe
2008-03-18 13:07 . 2008-03-18 13:07 13,682 --a------ C:\WINDOWS\system32\dllgh8jkd1q5.exe
2008-03-18 13:07 . 2008-03-18 13:07 13,450 --a------ C:\WINDOWS\system32\dllgh8jkd1q6.exe
2008-03-18 13:07 . 2008-03-18 13:07 12,234 --a------ C:\WINDOWS\system32\dllgh8jkd1q1.exe
2008-03-18 13:07 . 2008-03-18 13:07 11,776 --a------ C:\sexaiugw.exe
2008-03-18 13:06 . 2008-03-18 13:07 18,944 --a------ C:\WINDOWS\vpnvcr.exe
2008-03-18 08:55 . 2008-03-18 08:55 219,648 --a------ C:\WINDOWS\wmpdxm.dll
2008-03-17 08:27 . 2008-03-19 13:26 47 --a------ C:\xmp.bat
2008-03-15 10:42 . 2008-03-15 10:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 09:46 . 2008-03-15 09:46 58,368 --a------ C:\caxlkn.exe
2008-03-14 19:40 . 2008-03-14 19:40 745 --a------ C:\WINDOWS\COD.INI
2008-03-14 19:34 . 2008-03-20 22:38 <DIR> d-------- C:\Program Files\Call of Duty
2008-03-14 17:35 . 2008-03-18 13:07 70,144 --a------ C:\nethlpr.exe
2008-03-13 13:00 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-03-13 13:00 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-03-04 15:02 . 2008-03-04 15:02 181,760 --a------ C:\WINDOWS\system32\msram.dll
2008-02-21 16:48 . 2008-02-21 16:48 75,816 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-21 16:47 . 2008-03-20 16:15 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 21:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-20 19:30 --------- d-----w C:\Program Files\Soulseek
2008-03-19 12:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 21:24 --------- d-----w C:\Program Files\BearShare
2008-03-14 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 16:53 --------- d-----w C:\Program Files\ICQLite
2008-03-05 16:47 --------- d-----w C:\Program Files\HLSW
2008-02-22 16:26 --------- d-----w C:\Program Files\GamePark
2008-02-09 10:13 --------- d-----w C:\Program Files\Google
2008-02-07 19:59 --------- d-----w C:\Program Files\Yahoo!
2008-02-07 19:58 --------- d-----w C:\Program Files\Chromatika
2005-10-22 13:40 56 --sh--r C:\WINDOWS\system32\9A7F71F1A0.sys
2007-08-13 20:51 13,146 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2004-07-23 18:47 2314240]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 20:05 348160]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-22 23:35 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 11:22 200704]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 36864]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 73728]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 19:00 199680]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"LFAgent"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-25 13:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2002-04-03 00:40 122880 C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2005-04-12 16:27 45056 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 16:07]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2001-10-25 13:00]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudau.sys [2005-06-09 12:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RpcxSs

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 11:53:32
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s?????>?wH ?w???????w*??w4???U??w4???????D8?s4????????&7?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`??????C@?\???\??????s????\??????s\????&7?d??s?&7??C@?x??????sx????:?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A? ?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A? ?????B???@?????P?????@?? ???????E?w??????????@???????????????????B?????,????????????????????PC?????r?B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\lofas\LOCALS~1\Temp\ASFWHide"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
.
**************************************************************************
.
Completion time: 2008-03-21 11:57:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 10:57:47
.
2008-03-18 08:08:43 --- E O F ---











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:03, on 21.3.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 85.255.116.149,85.255.112.169
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7013 bytes

[Baron Prášil]

no teď nám tam nějak zmizel i ten Avast. takhle by sme to mohli mazat donekonečna.

stáhni si instalačku Eset smart security (ze stránek esetu)

vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\bbavpmp.exe
C:\gxtbmq.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\sexaiugw.exe
C:\WINDOWS\vpnvcr.exe
C:\caxlkn.exe
C:\nethlpr.exe
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\9A7F71F1A0.sys
C:\WINDOWS\system32\KGyGaAvL.sys

Folder::
C:\Program Files\Common Files\SuspenzorPC
C:\Program Files\BearShare
C:\WINDOWS\privacy_danger

Registry::
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source=-
FriendlyName=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis

celý tento návod si zkopíruj do notepadu nebo vytiskni-odpoj komp fyzicky od sítě,proveď combofix a ještě při odpojené síti nainstaluj ten eset,když to pude a teprve potom se připoj a pošli logy.

a upozorňuju že pokud se toto nepovede,doporučím reinstal s okamžitou instalací sp2 a všech bezpečnostních prvků

[Ghostwriter]

Ten avast jsem odinstaloval sám, omlouvám se měl sem ti to říct. Provedl jsem ComboFix a ihned poté (bez restartu) nainstaloval ESET (net odpojen). Při konečné fázi instalace (mazání zálohových souborů) se mi seknul celý komp (ani kurzorem nešlo hýbat), pomohl jen tvrdý reset. Vypadá to ale, že ESET Smart Security normálně funguje, akorát se mi nepodařilo aktualizovat virovou databázi (net byl samozřejmě už připojen). Dále jsem odinstaloval Zone Alarm, který se nainstaloval jen zčásti (druhý pokus o instalaci z dnešního rána) a po tom tvrdym resetu mi to hlásilo chybu zclient.exe. Nyní provádim scan pomocí ESET, ale už po resetu mi to hlásilo nějaký viry ve WINDOWS, pak sem hodim log a detaily, prozatím dávám logy z ComboFix a Hijack




ComboFix 08-03-20.5 - lofas 2008-03-21 17:48:36.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.0.1250.1.1029.18.290 [GMT 1:00]
Running from: C:\Documents and Settings\lofas\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\lofas\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\bbavpmp.exe
C:\caxlkn.exe
C:\gxtbmq.exe
C:\nethlpr.exe
C:\sexaiugw.exe
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\9A7F71F1A0.sys
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\vpnvcr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bbavpmp.exe
C:\caxlkn.exe
C:\Documents and Settings\lofas\Data aplikací\tmp12.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp17.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp18.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp19.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp2.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp353.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp53.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp59.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp5A.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp5B.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp6F.tmp.exe
C:\Documents and Settings\lofas\Data aplikací\tmp9.tmp.exe
C:\gxtbmq.exe
C:\nethlpr.exe
C:\Program Files\BearShare
C:\Program Files\BearShare\BearShare.dat
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BSidle.dll
C:\Program Files\BearShare\BSZ.exe
C:\Program Files\BearShare\db\config.bin
C:\Program Files\BearShare\db\connect.txt
C:\Program Files\BearShare\db\gwebcache.dat
C:\Program Files\BearShare\db\Hostiles-Chat.txt
C:\Program Files\BearShare\db\Hostiles.txt
C:\Program Files\BearShare\db\library.2.db-journal.bak
C:\Program Files\BearShare\db\library.2.db
C:\Program Files\BearShare\db\library.2.db.lastgoodload.bak
C:\Program Files\BearShare\db\library.db-journal.bak
C:\Program Files\BearShare\db\library.db
C:\Program Files\BearShare\db\library.db.lastgoodload.bak
C:\Program Files\BearShare\db\library.db.sync
C:\Program Files\BearShare\db\searches.ini
C:\Program Files\BearShare\db\TMP55.tmp
C:\Program Files\BearShare\FreePeers.ini
C:\Program Files\BearShare\History.txt
C:\Program Files\BearShare\INSTALL.LOG
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\Program Files\BearShare\Logs\hosts-state.txt
C:\Program Files\BearShare\Logs\memory.txt
C:\Program Files\BearShare\Logs\ordinal.txt
C:\Program Files\BearShare\Logs\streams.txt
C:\Program Files\BearShare\proinstall2.ini
C:\Program Files\BearShare\sounds\notify.wav
C:\Program Files\BearShare\Temp\0001275.tmp
C:\Program Files\BearShare\Temp\008125B.tmp
C:\Program Files\BearShare\Temp\0161288.tmp
C:\Program Files\BearShare\Temp\056128F.tmp
C:\Program Files\BearShare\Temp\0581258.tmp
C:\Program Files\BearShare\Temp\0601298.tmp
C:\Program Files\BearShare\Temp\0721254.tmp
C:\Program Files\BearShare\Temp\1271257.tmp
C:\Program Files\BearShare\Temp\1441263.tmp
C:\Program Files\BearShare\Temp\156125A.tmp
C:\Program Files\BearShare\Temp\157127B.tmp
C:\Program Files\BearShare\Temp\175126A.tmp
C:\Program Files\BearShare\Temp\1971283.tmp
C:\Program Files\BearShare\Temp\204CAF.tmp
C:\Program Files\BearShare\Temp\204E97.tmp
C:\Program Files\BearShare\Temp\224126C.tmp
C:\Program Files\BearShare\Temp\2371293.tmp
C:\Program Files\BearShare\Temp\256125E.tmp
C:\Program Files\BearShare\Temp\3031297.tmp
C:\Program Files\BearShare\Temp\3361284.tmp
C:\Program Files\BearShare\Temp\341126D.tmp
C:\Program Files\BearShare\Temp\3571264.tmp
C:\Program Files\BearShare\Temp\3641287.tmp
C:\Program Files\BearShare\Temp\4051279.tmp
C:\Program Files\BearShare\Temp\4051296.tmp
C:\Program Files\BearShare\Temp\4181255.tmp
C:\Program Files\BearShare\Temp\43512A0.tmp
C:\Program Files\BearShare\Temp\4353CE.tmp
C:\Program Files\BearShare\Temp\440128B.tmp
C:\Program Files\BearShare\Temp\4401290.tmp
C:\Program Files\BearShare\Temp\457128C.tmp
C:\Program Files\BearShare\Temp\464129E.tmp
C:\Program Files\BearShare\Temp\4761251.tmp
C:\Program Files\BearShare\Temp\481128A.tmp
C:\Program Files\BearShare\Temp\4961267.tmp
C:\Program Files\BearShare\Temp\4961272.tmp
C:\Program Files\BearShare\Temp\5121276.tmp
C:\Program Files\BearShare\Temp\5451271.tmp
C:\Program Files\BearShare\Temp\5521252.tmp
C:\Program Files\BearShare\Temp\5843F.tmp
C:\Program Files\BearShare\Temp\607CE.tmp
C:\Program Files\BearShare\Temp\622125D.tmp
C:\Program Files\BearShare\Temp\627127E.tmp
C:\Program Files\BearShare\Temp\646129B.tmp
C:\Program Files\BearShare\Temp\6641268.tmp
C:\Program Files\BearShare\Temp\664126E.tmp
C:\Program Files\BearShare\Temp\700129D.tmp
C:\Program Files\BearShare\Temp\705127D.tmp
C:\Program Files\BearShare\Temp\7101253.tmp
C:\Program Files\BearShare\Temp\7201291.tmp
C:\Program Files\BearShare\Temp\7461281.tmp
C:\Program Files\BearShare\Temp\7541280.tmp
C:\Program Files\BearShare\Temp\7571295.tmp
C:\Program Files\BearShare\Temp\7751292.tmp
C:\Program Files\BearShare\Temp\7801273.tmp
C:\Program Files\BearShare\Temp\781158D.tmp
C:\Program Files\BearShare\Temp\7838682.tmp
C:\Program Files\BearShare\Temp\808395.tmp
C:\Program Files\BearShare\Temp\816128D.tmp
C:\Program Files\BearShare\Temp\8561262.tmp
C:\Program Files\BearShare\Temp\858126F.tmp
C:\Program Files\BearShare\Temp\873129A.tmp
C:\Program Files\BearShare\Temp\909126B.tmp
C:\Program Files\BearShare\Temp\9321259.tmp
C:\Program Files\BearShare\Temp\9441265.tmp
C:\Program Files\BearShare\Temp\945129F.tmp
C:\Program Files\BearShare\Temp\984C9E.tmp
C:\Program Files\BearShare\Temp\984CFE.tmp
C:\Program Files\BearShare\Temp\984D03.tmp
C:\Program Files\BearShare\Temp\984D08.tmp
C:\Program Files\BearShare\Temp\984D0D.tmp
C:\Program Files\BearShare\Temp\984D12.tmp
C:\Program Files\BearShare\Temp\984D17.tmp
C:\Program Files\BearShare\Temp\984D1C.tmp
C:\Program Files\BearShare\Temp\984D23.tmp
C:\Program Files\BearShare\Temp\984D2A.tmp
C:\Program Files\BearShare\Temp\984D30.tmp
C:\Program Files\BearShare\Temp\984D36.tmp
C:\Program Files\BearShare\Temp\984D3E.tmp
C:\Program Files\BearShare\Temp\984D43.tmp
C:\Program Files\BearShare\Temp\984D4B.tmp
C:\Program Files\BearShare\Temp\984D50.tmp
C:\Program Files\BearShare\Temp\984D57.tmp
C:\Program Files\BearShare\Temp\984D5D.tmp
C:\Program Files\BearShare\Temp\984D63.tmp
C:\Program Files\BearShare\Temp\984D68.tmp
C:\Program Files\BearShare\Temp\984D6D.tmp
C:\Program Files\BearShare\Temp\984D72.tmp
C:\Program Files\BearShare\Temp\984D78.tmp
C:\Program Files\BearShare\Temp\984D7E.tmp
C:\Program Files\BearShare\Temp\984D85.tmp
C:\Program Files\BearShare\Temp\984D8B.tmp
C:\Program Files\BearShare\Temp\984D91.tmp
C:\Program Files\BearShare\Temp\984D99.tmp
C:\Program Files\BearShare\Temp\984D9F.tmp
C:\Program Files\BearShare\Temp\984DA5.tmp
C:\Program Files\BearShare\Temp\984DAA.tmp
C:\Program Files\BearShare\Temp\984DAF.tmp
C:\Program Files\BearShare\Temp\984DB6.tmp
C:\Program Files\BearShare\Temp\984DBB.tmp
C:\Program Files\BearShare\Temp\984DC0.tmp
C:\Program Files\BearShare\Temp\984DC6.tmp
C:\Program Files\BearShare\Temp\984DCC.tmp
C:\Program Files\BearShare\Temp\984DD2.tmp
C:\Program Files\BearShare\Temp\984DD8.tmp
C:\Program Files\BearShare\Temp\984DDC.tmp
C:\Program Files\BearShare\Temp\984DE2.tmp
C:\Program Files\BearShare\Temp\984DE7.tmp
C:\Program Files\BearShare\Temp\984DED.tmp
C:\Program Files\BearShare\Temp\984DF2.tmp
C:\Program Files\BearShare\Temp\984DF7.tmp
C:\Program Files\BearShare\Temp\984DFC.tmp
C:\Program Files\BearShare\Temp\984E01.tmp
C:\Program Files\BearShare\Temp\984E07.tmp
C:\Program Files\BearShare\Temp\984E0C.tmp
C:\Program Files\BearShare\Temp\984E11.tmp
C:\Program Files\BearShare\Temp\984E8B.tmp
C:\Program Files\BearShare\Temp\TMPArchitecture In Helsinki - Wishbone.mp3
C:\Program Files\BearShare\Temp\TMPDj EmBee - brev frĺn kabinetten.dat.bak
C:\Program Files\BearShare\Temp\TMPDj EmBee - brev frĺn kabinetten.mp3
C:\Program Files\BearShare\Temp\TMPDj EmBee - brev frĺn kabinetten.tiger
C:\Program Files\BearShare\Temp\TMPForest of Shadows - 2004 - Departure - 02 - November Dream.dat.bak
C:\Program Files\BearShare\Temp\TMPForest of Shadows - 2004 - Departure - 02 - November Dream.mp3
C:\Program Files\BearShare\Temp\TMPrim job Mfx-100-1 Furious Facesitting.dat
C:\Program Files\BearShare\Temp\TMPrim job Mfx-100-1 Furious Facesitting.dat.bak
C:\Program Files\BearShare\Temp\TMPrim job Mfx-100-1 Furious Facesitting.mpg
C:\Program Files\BearShare\Temp\TMPSkeewiff - One People.dat.bak
C:\Program Files\BearShare\Temp\TMPSkeewiff - One People.mp3
C:\Program Files\BearShare\Temp\TMPTeens for Cash - Allison Wyte.dat
C:\Program Files\BearShare\Temp\TMPTeens for Cash - Allison Wyte.dat.bak
C:\Program Files\BearShare\Temp\TMPTeens for Cash - Allison Wyte.tiger
C:\Program Files\BearShare\Temp\TMPTeens for Cash - Allison Wyte.WMV
C:\Program Files\BearShare\UNWISE.EXE
C:\Program Files\BearShare\Webstats.bat
C:\Program Files\BearShare\Webstats.exe
C:\Program Files\BearShare\Webstats.ini
C:\Program Files\Common Files\SuspenzorPC
C:\Program Files\Common Files\SuspenzorPC\stm.exe
C:\sexaiugw.exe
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2802NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UGDCCZ_0001_N122M1712NetInstaller.exe
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\9A7F71F1A0.sys
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\vpnvcr.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 12:50 . 2008-03-21 12:50 <DIR> d-------- C:\Program Files\LimeWire
2008-03-21 11:59 . 2008-03-21 11:59 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-20 16:51 . 2008-03-21 12:00 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
2008-03-20 16:33 . 2008-03-21 11:59 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-20 16:33 . 2008-03-20 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-03-20 16:09 . 2008-03-20 16:09 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-20 15:33 . 2008-03-20 15:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-20 15:25 . 2008-03-20 15:57 <DIR> d-------- C:\SDFix
2008-03-20 12:45 . 2008-03-20 12:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 13:39 . 2008-03-19 13:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-18 22:23 . 2008-03-18 22:23 <DIR> d-------- C:\Documents and Settings\lofas\Data aplikací\SuspenzorPC
2008-03-18 22:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-18 22:20 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-18 22:18 . 2008-03-18 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-03-18 22:15 . 2008-03-19 21:32 1,526,857 ---hs---- C:\WINDOWS\system32\sgcgrvsb.ini
2008-03-18 13:14 . 2008-03-18 13:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-18 08:55 . 2008-03-18 08:55 219,648 --a------ C:\WINDOWS\wmpdxm.dll
2008-03-17 08:27 . 2008-03-19 13:26 47 --a------ C:\xmp.bat
2008-03-15 10:42 . 2008-03-15 10:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-14 19:40 . 2008-03-14 19:40 745 --a------ C:\WINDOWS\COD.INI
2008-03-14 19:34 . 2008-03-21 15:25 <DIR> d-------- C:\Program Files\Call of Duty
2008-03-13 13:00 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-03-13 13:00 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-03-07 21:26 . 2008-03-07 21:26 <DIR> d-------- C:\Documents and Settings\lofas\Data aplikací\Allstar
2008-02-21 16:47 . 2008-03-20 16:15 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 14:55 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\uTorrent
2008-03-21 14:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-21 14:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-21 13:57 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\Free Download Manager
2008-03-21 12:18 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\LimeWire
2008-03-20 19:30 --------- d-----w C:\Program Files\Soulseek
2008-03-19 12:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 16:53 --------- d-----w C:\Program Files\ICQLite
2008-03-05 16:47 --------- d-----w C:\Program Files\HLSW
2008-02-22 16:27 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\teamspeak2
2008-02-22 16:26 --------- d-----w C:\Program Files\GamePark
2008-02-21 15:54 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\Azureus
2008-02-16 18:07 --------- d-----w C:\Documents and Settings\lofas\Data aplikací\ICQLite
2008-02-09 10:13 --------- d-----w C:\Program Files\Google
2008-02-07 19:59 --------- d-----w C:\Program Files\Yahoo!
2008-02-07 19:58 --------- d-----w C:\Program Files\Chromatika
2007-07-23 16:04 87,608 ----a-w C:\Documents and Settings\lofas\Data aplikací\ezpinst.exe
2007-07-23 16:04 47,360 ----a-w C:\Documents and Settings\lofas\Data aplikací\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-21_11.57.30.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-14 15:04:46 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2007-11-14 15:04:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-11-14 15:05:16 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-11-14 15:04:52 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-11-14 15:04:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-11-14 15:04:52 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-11-14 15:04:52 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-11-14 15:04:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-11-14 15:04:54 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-11-14 15:04:54 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-11-14 15:04:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-11-14 15:04:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2008-03-20 15:33:46 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-03-21 11:00:03 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-14 15:04:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 14:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 14:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-30 23:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-09-11 20:09:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2007-07-19 14:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\klif_32.sys
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-09-11 20:09:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-11-14 15:04:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-11-14 15:04:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-11-14 15:04:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-11-14 15:04:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-11-14 15:05:18 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-11-14 15:05:18 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-11-14 15:05:18 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-11-14 15:05:18 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-11-14 15:05:20 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-11-14 15:06:34 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-11-14 15:06:36 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-10-18 19:18:38 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-10-18 19:18:38 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-11-14 15:04:48 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-10-18 19:18:40 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-18 19:18:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-11-14 15:04:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-11-14 15:06:36 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-11-14 15:06:36 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 15:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-11-14 15:05:06 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-11-14 15:04:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-11-14 15:04:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-11-14 15:05:06 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-11-14 15:04:52 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-11-14 15:04:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-11-14 15:04:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-11-14 15:04:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-11-14 15:04:56 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-11-14 15:04:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-11-14 15:04:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-11-14 15:05:00 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2007-11-14 15:05:06 75,248 ----a-w C:\WINDOWS\zllsputility.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2004-07-23 18:47 2314240]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 20:05 348160]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-22 23:35 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-08 11:22 200704]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 36864]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"CmUsbSound"="cmcnfgu.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 73728]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 19:00 199680]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"LFAgent"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-25 13:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 17:16:10 113664]
Hlavnˇ panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-03-22 23:35:12 32768]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-28 20:33:31 118784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-01 14:59:27 155715]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2002-04-03 00:40 122880 C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2005-04-12 16:27 45056 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [2004-11-19 16:07]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2001-10-25 13:00]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\System32\drivers\cmudau.sys [2005-06-09 12:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RpcxSs

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - SRESCAN
*Newly Created Service* - VSMON
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 17:52:28
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s?????>?wH ?w???????w*??w4???U??w4???????D8?s4????????&7?????\???\????????H?s????-A?w?????_?wc_?w\???\???????Py`??????C@?\???\??????s????\??????s\????&7?d??s?&7??C@?x??????sx????:?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?0?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?0?????B???@?????P?????@?? ???????E?w??????????@???????????????????B?????<????????????????????PC?????r?B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\lofas\LOCALS~1\Temp\ASFWHide"
.
Completion time: 2008-03-21 17:54:12
ComboFix-quarantined-files.txt 2008-03-21 16:54:09
ComboFix2.txt 2008-03-21 10:57:51
.
2008-03-18 08:08:43 --- E O F ---




















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:18, on 21.3.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 85.255.116.149,85.255.112.169
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7548 bytes

[Ghostwriter]

Tady je pár zajímavostí ze scanu ESET Smart Security:
C:\Program Files\Creative\ShareDLL\CtNotify.exe - Win32/Pecutex.A virus - interní chyba
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE - Win32/Pecutex.A virus - interní chyba
C:\Program Files\USB Disk Win98 Driver\Res.EXE - Win32/Pecutex.A virus - interní chyba
C:\QooBox\Quarantine\C\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe.vir » WISE » BearShareZangoInstaller.exe - Win32/Adware.180Solutions aplikace
C:\WINDOWS\Config\lsass.exe - pravděpodobně neznámý NewHeur_PE virus

[Baron Prášil]

musíme to prostě postupně likvidovat. a já bych řekl,že by bylo dobré použít fixwareout,protože tim se to tam bude furt tahat.

ještě překontroluj že běží všechny štíty ESS
a potom
použij Fixwareout dle návodu http://www.viry.cz/forum/viewtopic.php?t=18759
-přečti pozorně o možnostech ztráty dns a jeho řešení-případně okopíruj a ulož na plochu

pošli log z fixwareout a nový log z hijackthis

na ten nouzový režim opět odpoj internet

[Ghostwriter]

Dobrá, pustím se do toho. Ještě jedna drobnost - dnes když jsem pouštěl PC tak se to v přihlašovací stránce seklo, pomohlo jen reset, po kterém už windows naběhly. Naběhla však hláška "Windows byl obnoven po závažné chybě" a v detailech jsem našel problémové soubory:
C:\WINDOWS\Minidump\Mini032108-01.dmp
C:\DOCUME~1\lofas\LOCALS~1\Temp\WER1.tmp.dir00\sysdata.xml