prosim o kontrolu logu (vyřešeno) Vyřešeno

[frantisekpanek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:33, on 3.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Software602\Print2PDF\PrnPack.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9B4868E3-767E-4A1C-A792-3CC451BA8CAC} - C:\WINDOWS\system32\wvuuurr.dll
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
O2 - BHO: (no name) - {B13A0655-47F0-4680-BC0B-BDF28B7A9ECF} - C:\WINDOWS\system32\mljgf.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Software602\Print2PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6219747765
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hovuyvbp - hovuyvbp.dll (file missing)
O20 - Winlogon Notify: wvuuurr - C:\WINDOWS\SYSTEM32\wvuuurr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

--
End of file - 7495 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[frantisekpanek]

ComboFix 07-12-02.6 - Tomáš 2007-12-03 18:53:20.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.137 [GMT 1:00]
Running from: C:\combo\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Guest\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Guest\Plocha\Online Security Guide.lnk
C:\Documents and Settings\Pavel\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Tomáš\Data aplikací\inst.exe
C:\Documents and Settings\Tomáš\Oblíbené položky\Online Security Guide.lnk
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\hovuyvbp.dllbox
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\ogzmrfkz.dllbox
C:\WINDOWS\system32\qntiobxy.dll
C:\WINDOWS\system32\qomklih.dll
C:\WINDOWS\system32\ulujrxwm.dll
C:\WINDOWS\system32\wvuuurr.dll
C:\WINDOWS\system32\xpcgferv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\nm


((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 18:25 . 2007-12-03 18:25 <DIR> d-------- C:\hi
2007-12-03 18:14 . 2007-12-03 18:20 <DIR> d-------- C:\hijack_soubory
2007-12-03 18:14 . 2007-12-03 18:14 41,283 --a------ C:\hijack.htm
2007-12-03 17:03 . 2007-12-03 17:03 <DIR> d-------- C:\Program Files\Trisnap Technologies
2007-12-03 17:03 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2007-12-03 16:27 . 2007-12-03 16:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-03 15:28 . 2007-12-03 15:20 2,724,328 --a------ C:\ccsetup203.exe
2007-12-02 15:44 . 2007-12-02 15:44 <DIR> d-------- C:\WINDOWS\SDFIX
2007-12-02 15:33 . 2007-12-02 15:33 211,456 --a------ C:\Spyware nebo Virus.doc
2007-12-02 09:46 . 2007-12-03 16:34 2,190 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 09:42 . 2007-12-02 09:35 1,045,699 --a------ C:\SmitfraudFix.exe
2007-12-02 09:38 . 2007-01-28 11:14 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-12-02 09:38 . 2007-12-03 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-12-02 09:38 . 2007-12-03 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-02 09:38 . 2007-12-02 15:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-12-01 20:15 . 2004-08-17 14:49 23,040 --a------ C:\WINDOWS\system32\AAP.DLL
2007-12-01 20:13 . 2007-04-16 16:54 983,040 --a------ C:\WINDOWS\system32\AAK.dll
2007-12-01 20:13 . 2004-08-17 14:49 683,520 --a------ C:\WINDOWS\system32\AAD.DLL
2007-12-01 20:13 . 2007-12-01 20:13 255 --a------ C:\WINDOWS\system32\ad_away.lic
2007-12-01 19:21 . 2007-12-01 19:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-01 19:19 . 2007-12-01 19:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 17:41 . 2007-11-29 17:41 294 --ahs---- C:\WINDOWS\system32\jshjlkpi.ini
2007-11-21 20:20 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2007-11-21 20:18 . 2007-10-11 11:04 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2007-11-21 20:18 . 2007-11-21 20:18 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-21 20:18 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-11-19 20:55 . 2007-11-19 20:55 <DIR> d-------- C:\Program Files\OEZ
2007-11-19 18:11 . 2007-11-19 18:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-19 17:25 . 2007-09-19 06:38 <DIR> d-------- C:\Program Files\Bentley
2007-11-15 23:25 . 2007-11-15 23:25 <DIR> d-------- C:\Program Files\ffdshow
2007-11-15 23:25 . 2007-01-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-11-15 23:25 . 2007-11-11 22:12 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 23:25 . 2007-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-15 18:38 . 2007-11-15 18:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-12 23:01 . 2007-11-12 23:01 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-12 22:45 . 2007-11-13 16:55 2,232 --a------ C:\drmHeader.bin
2007-11-12 22:31 . 2007-11-12 22:34 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-12 22:30 . 2007-11-12 22:30 <DIR> d-------- C:\WINDOWS\nview
2007-11-12 22:30 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 22:30 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-12 22:30 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-12 22:16 . 2007-11-12 22:49 <DIR> d-------- C:\NVIDIA
2007-11-12 20:17 . 2007-11-12 20:17 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2007-11-11 21:03 . 2007-11-11 21:03 <DIR> d-------- C:\Program Files\Software602
2007-11-11 21:03 . 2007-11-11 21:04 <DIR> d-------- C:\Program Files\Common Files\soft602
2007-11-11 21:03 . 2007-11-11 21:03 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2007-11-11 21:03 . 2007-05-04 11:29 1,621,184 --a------ C:\WINDOWS\system32\Print602.dll
2007-11-11 21:03 . 2001-05-22 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-11-11 21:03 . 2001-11-14 11:57 17,744 --a------ C:\WINDOWS\system32\MON602.DLL
2007-11-07 20:51 . 2007-12-01 18:03 <DIR> d-------- C:\dj930

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 17:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-03 15:48 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-21 19:18 --------- d-----w C:\Program Files\Realtek
2007-11-15 20:48 --------- d-----w C:\Program Files\ToSearch
2007-11-14 16:14 4,625,408 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-11-13 16:31 --------- d-----w C:\Program Files\BSplayer Pro
2007-11-11 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-11-06 09:50 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-10-30 18:40 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-29 18:21 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-29 15:58 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:06 --------- d-----w C:\Program Files\WinASO
2007-10-17 19:16 --------- d-----w C:\Program Files\Easy Editor 2005
2007-10-17 18:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-15 16:03 --------- d-----w C:\Program Files\DivX
2007-10-14 19:09 --------- d-----w C:\Program Files\Common Files\Elecard
2007-10-08 19:45 --------- d-----w C:\Program Files\QuickTime
2007-10-08 19:39 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"PrintPack dispatcher"="C:\Program Files\Software602\Print2PDF\PrnPack.exe" [2007-05-03 09:43]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-12 23:01]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hovuyvbp]
hovuyvbp.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 20:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-02 16:01:58 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 19:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 19:10:59 - machine was rebooted
.
--- E O F ---

[fredik]

Pro tuto akci je potřeba aby jsi měl ComboFix uložený na ploše!, což momentálně nemáš.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\jshjlkpi.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hovuyvbp]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[frantisekpanek]

ComboFix 07-12-02.6 - Tomáš 2007-12-03 21:36:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.176 [GMT 1:00]
Running from: C:\Documents and Settings\Tomáš\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tomáš\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\jshjlkpi.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jshjlkpi.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 20:39 . 2007-12-03 20:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 18:25 . 2007-12-03 21:33 <DIR> d-------- C:\hi
2007-12-03 17:03 . 2007-12-03 17:03 <DIR> d-------- C:\Program Files\Trisnap Technologies
2007-12-03 17:03 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2007-12-03 16:27 . 2007-12-03 16:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-03 15:28 . 2007-12-03 15:20 2,724,328 --a------ C:\ccsetup203.exe
2007-12-02 16:07 . 2007-12-03 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-12-02 15:44 . 2007-12-02 15:44 <DIR> d-------- C:\WINDOWS\SDFIX
2007-12-02 15:33 . 2007-12-02 15:33 211,456 --a------ C:\Spyware nebo Virus.doc
2007-12-02 09:46 . 2007-12-03 16:34 2,190 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 09:39 . 2007-12-02 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Happy Foto
2007-12-02 09:38 . 2007-12-03 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-12-02 09:38 . 2007-01-28 11:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-12-02 09:38 . 2007-01-28 12:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-12-02 09:38 . 2007-12-03 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-02 09:38 . 2007-12-02 15:43 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-12-01 20:15 . 2004-08-17 14:49 23,040 --a------ C:\WINDOWS\system32\AAP.DLL
2007-12-01 20:13 . 2007-04-16 16:54 983,040 --a------ C:\WINDOWS\system32\AAK.dll
2007-12-01 20:13 . 2004-08-17 14:49 683,520 --a------ C:\WINDOWS\system32\AAD.DLL
2007-12-01 20:13 . 2007-12-01 20:13 255 --a------ C:\WINDOWS\system32\ad_away.lic
2007-12-01 19:21 . 2007-12-01 19:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-21 20:20 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2007-11-21 20:18 . 2007-10-11 11:04 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2007-11-21 20:18 . 2007-11-21 20:18 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-21 20:18 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-11-19 20:55 . 2007-11-19 20:55 <DIR> d-------- C:\Program Files\OEZ
2007-11-19 18:11 . 2007-11-19 18:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-19 17:25 . 2007-09-19 06:38 <DIR> d-------- C:\Program Files\Bentley
2007-11-15 23:25 . 2007-11-15 23:25 <DIR> d-------- C:\Program Files\ffdshow
2007-11-15 23:25 . 2007-01-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-11-15 23:25 . 2007-11-11 22:12 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-15 23:25 . 2007-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-15 19:04 . 2007-11-15 19:04 <DIR> d-------- C:\Documents and Settings\Tomáš\Data aplikací\Bentley
2007-11-15 18:44 . 2007-11-15 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Bentley
2007-11-15 18:38 . 2007-11-15 18:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-13 21:41 . 2007-11-13 21:41 <DIR> d-------- C:\Documents and Settings\Pavel\Data aplikací\Ahead
2007-11-12 23:01 . 2007-11-12 23:01 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-12 23:00 . 2007-12-02 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-12 22:45 . 2007-11-13 16:55 2,232 --a------ C:\drmHeader.bin
2007-11-12 22:31 . 2007-11-12 22:34 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-12 22:30 . 2007-11-12 22:30 <DIR> d-------- C:\WINDOWS\nview
2007-11-12 22:30 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 22:30 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-12 22:30 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-12 22:20 . 2007-11-12 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-11-12 22:16 . 2007-11-12 22:49 <DIR> d-------- C:\NVIDIA
2007-11-12 20:18 . 2007-11-12 20:18 <DIR> d-------- C:\Documents and Settings\Tomáš\Data aplikací\OTVREG
2007-11-12 20:17 . 2007-11-12 20:17 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2007-11-11 21:03 . 2007-11-11 21:03 <DIR> d-------- C:\Program Files\Software602
2007-11-11 21:03 . 2007-11-11 21:04 <DIR> d-------- C:\Program Files\Common Files\soft602
2007-11-11 21:03 . 2007-11-11 21:03 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2007-11-11 21:03 . 2007-11-11 21:03 <DIR> d-------- C:\Documents and Settings\Tomáš\Data aplikací\InstallShield
2007-11-11 21:03 . 2007-05-04 11:29 1,621,184 --a------ C:\WINDOWS\system32\Print602.dll
2007-11-11 21:03 . 2001-05-22 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-11-11 21:03 . 2001-11-14 11:57 17,744 --a------ C:\WINDOWS\system32\MON602.DLL
2007-11-07 20:51 . 2007-12-01 18:03 <DIR> d-------- C:\dj930

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 20:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-03 15:48 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-26 19:52 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Skype
2007-11-25 19:47 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\Skype
2007-11-25 10:51 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Ahead
2007-11-21 19:39 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\MOBILedit
2007-11-21 19:18 --------- d-----w C:\Program Files\Realtek
2007-11-15 20:48 --------- d-----w C:\Program Files\ToSearch
2007-11-14 16:14 4,625,408 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-11-13 16:31 --------- d-----w C:\Program Files\BSplayer Pro
2007-11-11 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 17:48 47,360 ----a-w C:\Documents and Settings\Tomáš\Data aplikací\pcouffin.sys
2007-11-10 17:48 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Vso
2007-11-10 14:53 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Miranda
2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-11-06 09:50 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-10-30 18:40 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-30 18:40 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-29 18:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ahead
2007-10-29 18:21 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-29 16:56 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\vsosdk
2007-10-29 15:58 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-28 08:58 39,856 -c--a-w C:\Documents and Settings\Tomáš\Data aplikací\GDIPFONTCACHEV1.DAT
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-25 16:06 --------- d-----w C:\Program Files\WinASO
2007-10-17 19:16 --------- d-----w C:\Program Files\Easy Editor 2005
2007-10-17 18:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-15 16:03 --------- d-----w C:\Program Files\DivX
2007-10-14 19:09 --------- d-----w C:\Program Files\Common Files\Elecard
2007-10-10 17:24 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Happy Foto
2007-10-08 19:45 --------- d-----w C:\Program Files\QuickTime
2007-10-08 19:39 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-10-08 19:34 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Moyea
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-06 16:55 16,368 -c--a-w C:\Documents and Settings\Guest\Data aplikací\GDIPFONTCACHEV1.DAT
2007-03-19 17:38 16,368 -c--a-w C:\Documents and Settings\Pavel\Data aplikací\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-03_19.10.19.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-03 19:38:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"PrintPack dispatcher"="C:\Program Files\Software602\Print2PDF\PrnPack.exe" [2007-05-03 09:43]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-12 23:01]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hovuyvbp]
hovuyvbp.dll

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 20:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-02 16:01:58 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 21:45:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 21:45:52
.
--- E O F ---

__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:21, on 3.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Software602\Print2PDF\PrnPack.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\hi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Software602\Print2PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (PhotoUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6219747765
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

--
End of file - 6287 bytes

[fredik]

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hovuyvbp]

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Máš tam starou verzi Javy tak proveď její update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.

Máš ještě problémy?

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Jestli by jsi mohl pro mě něco udělat, tak toto dík:
Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna které se ti zobrazí zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\system32\AAP.DLL
C:\WINDOWS\system32\AAK.dll
C:\WINDOWS\system32\AAD.DLL

pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty)
Ten pak zkus vložit ke svému příspěvku jako přílohu.

Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv.

Pokud se ti daný soubor vytvoří zabal ho např. do zipu a vlož ho ke svému příspěvku jako přílohu.

[frantisekpanek]

tak myslím, že je vše už OK
velice děkuji za pomoc

PS: přikládám ten archiv

[fredik]

Díky za nahrání souborů, archiv můžeš odstranit.

Nemáš za co