security problem

[kopec121]

pls o radu už tak tyden bojuji s virama a dalsi havětí porad mi viskakuje na lište security problem a kdyz na to kliknu najede mi to na nejake antivirove programi (takove ty online scany a tam mi vijede 10tky viru) to vyskakovani toho problemu se da vipnout kdyz ve spravci vypnu procesy : a.exe , b.exe atd. je jich tam vice ale nejde mi se jich zbavit projel jsem komp avangerem , station-remove , spyware terminator, a jeste par takovyma programkama ale nic. naslo mi to hodne viru ale tech zakladnich jsem se nezbavil .

log z hijeck this : Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\SuspenzorPC\stm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\DOCUME~1\MSI\LOCALS~1\Temp\b.exe
C:\DOCUME~1\MSI\LOCALS~1\Temp\n.exe
C:\DOCUME~1\MSI\LOCALS~1\Temp\a.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MSI\Plocha\antivyry\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nasi.ova.czf:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {341116E2-9CC4-4A6E-9303-4819C84846DE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SuspenzorPC\stm.exe" dm=http://suspenzorpc.com ad=http://suspenzorpc.com sd=http://pinams.suspenzorpc.com
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\MSI\LOCALS~1\Temp\E_S26.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\MSI\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\MSI\LOCALS~1\Temp\n.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FAC58-9D49-464E-A79F-4B23014309F6}: NameServer = 172.23.76.1,10.153.195.1
O20 - Winlogon Notify: winfpgpc - C:\WINDOWS\system32\winfpgpc.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

moc prosim o radu za kazdou radu predem diky

► přesunuto do správné sekce. eL.

[Reklama]

[jaro3]

Vítej na fóru PC-HELP!
Je tam toho kopec...
Najdi a smaž:
C:\Program Files\Common Files\SuspenzorPC\stm.exe
Nemáš antivir......
Log není celý ani nevím , co máš za op. systém....
Vypni rez .štít u SpywareTerminatoru.po stáhnutí Combofixu můžeš i Kerio.
Pokud máš 32bit. windows:
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.Odpoj se od netu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Edit: jestli si pomocí Avengeru smazal něco omylem ,tak potěš pánbůh...
EDIT: smaž nejprve celou složku:
C:\Program Files\Common Files\SuspenzorPC

[kopec121]

ty procesy a.exe .. atd. zmizli po udelani tohoto logu aspon mi to tak pripada :-)
s antivirem ... mel jsem noda ale skoncila licence tak jsem ho odinstaloval a pak jsem se na to vykasl "od te doby zbiram viry " jinak nevis o nejakem free ?

tady je ten log :


ComboFix 08-10-18.03 - MSI 2008-10-19 20:15:55.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.668 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\MSI\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MSI\Data aplikací\installer_cz[2].exe
C:\Documents and Settings\MSI\Nabídka Start\VIP Casino.url
C:\Documents and Settings\MSI\Oblíbené položky\VIP Casino.url
C:\Program Files\VirusRemover2008
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\k.txt
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\c.ico
C:\WINDOWS\system32\sysbase32.dll
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-19 do 2008-10-19 )))))))))))))))))))))))))))))))
.

2008-10-19 18:03 . 2008-10-19 18:03 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\SuspenzorPC
2008-10-19 17:50 . 2008-10-19 20:09 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-10-19 17:50 . 2008-10-19 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-10-19 17:46 . 2008-10-19 17:46 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\VirusRemover2008
2008-10-19 17:05 . 2008-10-19 17:05 60,416 --a------ C:\WINDOWS\system32\drivers\xflrjgbf.sys
2008-10-19 17:00 . 2008-10-19 17:00 60,416 --a------ C:\WINDOWS\system32\drivers\dwrwn^on.sys
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\ICQ Toolbar
2008-10-01 20:46 . 2008-10-01 20:46 <DIR> d-------- C:\Temp\lgfwauto
2008-09-29 16:22 . 2008-09-29 16:22 <DIR> d-------- C:\Program Files\BSPlayer
2008-09-22 07:26 . 2008-10-19 13:27 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-20 10:53 . 2008-10-19 17:58 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-20 10:52 . 2008-09-20 11:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-20 10:52 . 2008-09-20 10:52 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\PC Tools
2008-09-20 10:52 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-20 10:52 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-20 10:52 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-20 10:52 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 18:24 --------- d-----w C:\Program Files\lg_fwupdate
2008-10-19 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 16:23 --------- d-----w C:\Program Files\CyberLink
2008-10-19 16:22 --------- d-----w C:\Program Files\Macromedia
2008-10-19 16:21 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-10-19 16:14 --------- d-----w C:\Program Files\Sony
2008-10-19 16:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-19 16:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-19 16:09 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-10-19 16:05 --------- d-----w C:\Program Files\AOL Security Toolbar
2008-10-19 15:04 71,022 ----a-w C:\Program Files\wplkgyjv.txt
2008-10-19 12:24 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-19 12:19 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-19 11:26 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Spyware Terminator
2008-10-18 17:23 --------- d-----w C:\Program Files\ICQToolbar
2008-10-17 13:14 --------- d-----w C:\Program Files\Winamp
2008-10-16 17:44 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\uTorrent
2008-09-29 14:19 --------- d-----w C:\Program Files\BSplayer Pro
2008-09-25 16:26 2,149 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-09-20 10:20 --------- d-----w C:\Program Files\QIP
2008-09-17 12:34 --------- d-----w C:\Program Files\Cool CENZURA
2008-09-13 11:05 --------- d-----w C:\Program Files\Java
2008-09-08 13:24 --------- d-----w C:\Program Files\The KMPlayer1431
2008-08-22 13:24 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2008-08-22 09:13 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-22 09:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-08-13 10:10 56,728 ----a-w C:\Documents and Settings\MSI\Data aplikací\GDIPFONTCACHEV1.DAT
2007-11-30 16:01 22,328 ----a-w C:\Documents and Settings\MSI\Data aplikací\PnkBstrK.sys
2006-11-19 15:18 5,239,468 ----a-w C:\Program Files\01-Eye Of The Tiger (Rocky III).zip
2005-12-13 14:50 16 ----a-w C:\Documents and Settings\MSI\Data aplikací\bplog.dat
2005-12-10 13:40 427,770 ----a-w C:\Program Files\ICQCZZakl.exe
2005-12-10 13:38 4,277,840 ----a-w C:\Program Files\icq5_04_setup.exe
2005-11-14 18:59 1,228 ----a-w C:\Program Files\GPRSpeed Plus Client setup.log
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2008-01-21 14:33 1502232 --a------ C:\Program Files\download-boosters\tbdow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2004-09-24 1916928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-02-09 249856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 185896]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-13 1783808]
"ftutil2"="ftutil2.dll" [2003-12-17 C:\WINDOWS\system32\ftutil2.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\game.dat"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20734:TCP"= 20734:TCP:BitComet 20734 TCP
"20734:UDP"= 20734:UDP:BitComet 20734 UDP

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-20 141312]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-02-27 120320]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
S0 dwsaagkv;dwsaagkv;C:\WINDOWS\system32\drivers\ckhbwymd.sys [ ]
S3 PCD65X10;PCD65X10;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X10.sys [ ]
S3 PCD65X2;PCD65X2;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X2.sys [ ]
S3 PCD65X3;PCD65X3;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X3.sys [ ]
S3 PCD65X4;PCD65X4;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X4.sys [ ]
S3 PCD65X5;PCD65X5;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X5.sys [ ]
S3 PCD65X6;PCD65X6;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X6.sys [ ]
S3 PCD65X7;PCD65X7;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X7.sys [ ]
S3 PCD65X8;PCD65X8;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X8.sys [ ]
S3 PCD65X9;PCD65X9;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X9.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-TotalSecure2009 - C:\Program Files\TS-2009\scan.exe
HKCU-Run-OEXPRESS - (no file)
Notify-winfpgpc - C:\WINDOWS\system32\winfpgpc.dll


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\MSI\Data aplikací\Mozilla\Firefox\Profiles\i96v4p0j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 20:23:50
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2008-10-19 20:30:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-19 18:30:08

Před spuštěním: 4 754 554 880
Po spuštění: 4,923,183,104

209

jinak zatim moc dik za rady

[jaro3]

Dej tady na fóru hledat a najdeš tady recenze na různé antiviry free.
Problém je v tom , že tam toho je pořád dost:
Stáhni si SDFix
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[kopec121]

mam nainstalovat nejaky ten antivir ted ? nebo mi pak řekneš ? radsi se ptam bo nechcu totiz neco pokazit .

dalsi log :

SDFix: Version 1.236
Run by MSI on ne 19.10.2008 at 21:18

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\MSI\Data aplikacˇ\bplog.dat - Deleted
C:\Documents and Settings\MSI\Data aplikacˇ\GDIPFONTCACHEV1.DAT - Deleted
C:\Documents and Settings\MSI\Data aplikacˇ\NMM-MetaData.db - Deleted
C:\Documents and Settings\MSI\Data aplikacˇ\PnkBstrK.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 21:24:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0012c8001d37]
"000fdecbbcff"=hex:8f,6d,22,61,7a,4f,23,51,78,e9,db,bf,07,b7,37,6c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0012c8001d37]
"001d9807c7ff"=hex:b0,92,ed,cc,19,fa,15,dc,4d,ef,b3,1a,08,32,b6,d0
"001d9809336f"=hex:d2,8f,77,c5,dd,ad,a7,33,99,b2,93,ab,19,37,15,ed
"001d9807c80e"=hex:80,e3,ad,df,0d,b2,6e,c8,af,26,9b,35,59,34,4e,16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a819475d
"s2"=dword:ba365526
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b1,52,d2,8c,66,72,3a,67,63,37,3b,79,58,2f,15,ca,a4,f1,03,27,fc,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:bc,49,2c,ed,ab,d8,4f,cc,ae,af,45,90,39,c4,bf,4f,cf,d0,c3,c9,d2,..
"a0"=hex:20,01,00,00,2c,50,3b,ce,dc,b0,f4,47,44,7d,46,43,f0,ee,c7,e5,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2c,9b,7d,84,49,a5,77,79,f7,96,c6,11,77,8a,93,db,80,4b,b1,cb,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,37,7a,e6,1d,89,fb,75,6e,fb,90,93,20,53,f9,79,41,00,..
"ljej40"=hex:43,e4,d5,ab,44,cc,85,54,12,a5,6e,35,93,e2,f6,07,81,6b,ec,d0,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0012c8001d37]
"001d9807c7ff"=hex:b0,92,ed,cc,19,fa,15,dc,4d,ef,b3,1a,08,32,b6,d0
"001d9809336f"=hex:d2,8f,77,c5,dd,ad,a7,33,99,b2,93,ab,19,37,15,ed
"001d9807c80e"=hex:80,e3,ad,df,0d,b2,6e,c8,af,26,9b,35,59,34,4e,16
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b1,52,d2,8c,66,72,3a,67,63,37,3b,79,58,2f,15,ca,a4,f1,03,27,fc,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:bc,49,2c,ed,ab,d8,4f,cc,ae,af,45,90,39,c4,bf,4f,cf,d0,c3,c9,d2,..
"a0"=hex:20,01,00,00,2c,50,3b,ce,dc,b0,f4,47,44,7d,46,43,f0,ee,c7,e5,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2c,9b,7d,84,49,a5,77,79,f7,96,c6,11,77,8a,93,db,80,4b,b1,cb,ae,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="9868E2CFF9E27AE2F6F337D7A42653B9EA63F4ACDEAB9CEDC758E956BF1250069CD68E6422BD6D90A65AB7E8225B63505CCDCD4CADB49BB1023E956B20588817506D0E09F30946ECAA2AD79080855197E4FE33A1C61CC6249E318676511036DA21857B8DA14C088D5F66AAB1B16B68C873C852467F845146FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B9808C038D530D6EB3452981B3B0EB7D000185D2967B426B7272D2C178B0767FA52B4AD168FC92CF59BEC1742729507F70A52B08C7EA0741A1A176C781CE5FCE54C708C27A80EE443CA275DB55BB8E446970974E74C86013CD39C8E2671FB5E911027EFC7C4B139082B8CE1B2E3D4DD3C4EEF3146D476B9F86332CA9649B0FA5633B6E0F9FB103A38FDFD9E689A58408CB48CF0A2C117CE5F39A5DE3285FC80C1B0506C35891738FEE333917B35491F9BB7BA446FE01F33B3AA958BD8AAEFE51466F6A4E44D4CCAB7E634BF83093FD20629293E12A05EA0EDF07714DCE32CE44297851FE747464A75EFDFAC0C13E6749ABB5A7761183513B8A9114103FE677A746A277510A1AF56FCD066E515F20064D809A58BAC7E984974567F6085ECEAE507E8DD46A62447CF49BA50F814EDDEC67A0D3419B43213C7345C324312C5972F0A817D3264C0625E0647F477EF6AEB00692787C4ACB3BFD8BE06EC3CCB415D1D4286AF5EF988666A95F003F884F3A33E421DEF35BFA6520510FEC6A5C7BE43BE2930EFF50AB14F240E967C19A2BC16EED997151789D58E20D859AD5B90BEE3636A1611A4AA19AC7CB77B37750E1768C435A1F0989CADCCBA7B8BDE3EA4686CA0E6B7B59FE73D21A99048DCB0FDF9D0B810ACD46F7C3EFCB08FECEEB3F40521513378571841BFE4254A07E9F020031E05D70C6051A23D1F9BE03DC6A267025611979EC24A27E8C1AFCA28326212F1AE28AF790D7B7B0347DBEE9B2079D67277C010521AF383A218C72BFD5A32EA2AF7656D90242DE98CA096EC8F8DA7910C8286CEA4CFD6B07C5B37B9415C93303381C51DD243A941FA67344381EFA2D828884AB6862F377DA99285F50C863E5F3967917BA2DFB8CB146DDE8B3E0162E344B2BBE04ED2DE2C00D88197DFF8EA678CD9DAFB49BEA5C5BE17099878CB645B83B8C819B7AB9C747ADCBD871D2BD9ADA09FF2C5F47CC0DF095FE46A4430A75DAA6928E1DF804281B9E390E20E67CC080E8D7032B286DCBEA4D16C3B1C6133FBA528D3EDC9672472FDC2137BDB488AC58F113050F99ED27DE490DA745C688EBEFE6A8727DB509C59B06625D597435DA306AB51E221DD7CA7C3D030B74721C59DEA394529E079093EDACDE6AC339C15D7F5F035DF66AEBCBD5DDB30D502B96A88BE36D2C30678"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001de
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BB2C432E-25C6-5560-75B2-AF75B597909C}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"D:\\hry\\game.dat"="D:\\hry\\game.dat:*:Enabled:Bitwa o —r˘dziemie (tm)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\ICQ6\\ICQ.exe"="D:\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Tue 17 Aug 2004 1,028,096 ...H. --- "C:\WINDOWS\system32\mfc42.dll"
Tue 17 Aug 2004 54,784 ...H. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 25 Oct 2001 565,760 ...H. --- "C:\WINDOWS\system32\msvcp50.dll"
Tue 17 Aug 2004 413,696 ...H. --- "C:\WINDOWS\system32\msvcp60.dll"
Tue 17 Aug 2004 343,040 ...H. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 25 Oct 2001 253,952 ...H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Tue 3 Aug 2004 61,440 ...H. --- "C:\WINDOWS\system32\msvcrt40.dll"
Sun 26 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sun 25 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sat 24 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 26 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\MSI\Dokumenty\Hudba\Z lohov nˇ licence\drmv1key.bak"
Thu 18 Jan 2007 20 A..H. --- "C:\Documents and Settings\MSI\Dokumenty\Hudba\Z lohov nˇ licence\drmv1lic.bak"
Tue 13 Sep 2005 312 A.SH. --- "C:\Documents and Settings\MSI\Dokumenty\Hudba\Z lohov nˇ licence\drmv2key.bak"

Finished!

[jaro3]

Když nikam nechodíš na netu, kromě PC-help, tak vyčkej na konec odvirování a dostaneš tip.
Použij znovu ComboFix a vlož sem nový log, raději doporučuji rozjet ho v nouzovém režimu, můžeš zkontrolovat comp a podle toho zvolit variantu.

[kopec121]

tak jsem udelal ten log v nouzovem rezimu tu je :

ComboFix 08-10-18.03 - MSI 2008-10-19 21:49:30.2 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.815 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\MSI\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-19 do 2008-10-19 )))))))))))))))))))))))))))))))
.

2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-19 21:08 . 2008-10-19 21:25 <DIR> d-------- C:\SDFix
2008-10-19 18:03 . 2008-10-19 18:03 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\SuspenzorPC
2008-10-19 17:50 . 2008-10-19 20:09 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-10-19 17:50 . 2008-10-19 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-10-19 17:46 . 2008-10-19 17:46 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\VirusRemover2008
2008-10-19 17:05 . 2008-10-19 17:05 60,416 --a------ C:\WINDOWS\system32\drivers\xflrjgbf.sys
2008-10-19 17:00 . 2008-10-19 17:00 60,416 --a------ C:\WINDOWS\system32\drivers\dwrwn^on.sys
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\ICQ Toolbar
2008-10-01 20:46 . 2008-10-01 20:46 <DIR> d-------- C:\Temp\lgfwauto
2008-09-29 16:22 . 2008-09-29 16:22 <DIR> d-------- C:\Program Files\BSPlayer
2008-09-22 07:26 . 2008-10-19 13:27 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-20 10:53 . 2008-10-19 17:58 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-20 10:52 . 2008-09-20 11:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-20 10:52 . 2008-09-20 10:52 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\PC Tools
2008-09-20 10:52 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-20 10:52 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-20 10:52 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-20 10:52 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 19:53 --------- d-----w C:\Program Files\lg_fwupdate
2008-10-19 19:47 2,483 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-10-19 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 16:23 --------- d-----w C:\Program Files\CyberLink
2008-10-19 16:22 --------- d-----w C:\Program Files\Macromedia
2008-10-19 16:21 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-10-19 16:14 --------- d-----w C:\Program Files\Sony
2008-10-19 16:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-19 16:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-19 16:09 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-10-19 16:05 --------- d-----w C:\Program Files\AOL Security Toolbar
2008-10-19 15:04 71,022 ----a-w C:\Program Files\wplkgyjv.txt
2008-10-19 12:24 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-19 12:19 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-19 11:26 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Spyware Terminator
2008-10-18 17:23 --------- d-----w C:\Program Files\ICQToolbar
2008-10-17 13:14 --------- d-----w C:\Program Files\Winamp
2008-10-16 17:44 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\uTorrent
2008-09-29 14:19 --------- d-----w C:\Program Files\BSplayer Pro
2008-09-20 10:20 --------- d-----w C:\Program Files\QIP
2008-09-17 12:34 --------- d-----w C:\Program Files\Cool CENZURA
2008-09-13 11:05 --------- d-----w C:\Program Files\Java
2008-09-08 13:24 --------- d-----w C:\Program Files\The KMPlayer1431
2008-08-22 13:24 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2008-08-22 09:13 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-22 09:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2006-11-19 15:18 5,239,468 ----a-w C:\Program Files\01-Eye Of The Tiger (Rocky III).zip
2005-12-10 13:40 427,770 ----a-w C:\Program Files\ICQCZZakl.exe
2005-12-10 13:38 4,277,840 ----a-w C:\Program Files\icq5_04_setup.exe
2005-11-14 18:59 1,228 ----a-w C:\Program Files\GPRSpeed Plus Client setup.log
.

((((((((((((((((((((((((((((( snapshot@2008-10-19_20.28.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-19 19:16:20 9,469,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-19 19:16:20 327,680 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-19 19:16:18 9,469,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-19 19:16:18 327,680 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2008-01-21 14:33 1502232 --a------ C:\Program Files\download-boosters\tbdow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2004-09-24 1916928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-02-09 249856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 185896]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-13 1783808]
"ftutil2"="ftutil2.dll" [2003-12-17 C:\WINDOWS\system32\ftutil2.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\game.dat"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20734:TCP"= 20734:TCP:BitComet 20734 TCP
"20734:UDP"= 20734:UDP:BitComet 20734 UDP

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-20 141312]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-02-27 120320]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
S0 dwsaagkv;dwsaagkv;C:\WINDOWS\system32\drivers\ckhbwymd.sys [ ]
S3 PCD65X10;PCD65X10;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X10.sys [ ]
S3 PCD65X2;PCD65X2;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X2.sys [ ]
S3 PCD65X3;PCD65X3;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X3.sys [ ]
S3 PCD65X4;PCD65X4;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X4.sys [ ]
S3 PCD65X5;PCD65X5;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X5.sys [ ]
S3 PCD65X6;PCD65X6;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X6.sys [ ]
S3 PCD65X7;PCD65X7;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X7.sys [ ]
S3 PCD65X8;PCD65X8;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X8.sys [ ]
S3 PCD65X9;PCD65X9;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X9.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\MSI\Data aplikací\Mozilla\Firefox\Profiles\i96v4p0j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 21:53:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2008-10-19 22:00:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-19 20:00:14
ComboFix2.txt 2008-10-19 18:30:20

Před spuštěním: 5 905 494 016
Po spuštění: 4,813,778,944

200

[jaro3]

Nejprve najdi smaž toto:
C:\SDFix

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\xflrjgbf.sys
C:\WINDOWS\system32\drivers\dwrwn^on.sys
C:\Program Files\wplkgyjv.txt
C:\Program Files\ICQCZZakl.exe
C:\Program Files\icq5_04_setup.exe

Folder::
C:\Documents and Settings\MSI\Data aplikací\SuspenzorPC
C:\Program Files\Common Files\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Documents and Settings\MSI\Data aplikací\VirusRemover2008


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Pokračování zítra..

[kopec121]

udelal jsem jak si rikal tu je novy log :-) :

ComboFix 08-10-18.03 - MSI 2008-10-20 18:22:44.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.702 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\MSI\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\MSI\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\Program Files\icq5_04_setup.exe
C:\Program Files\ICQCZZakl.exe
C:\Program Files\wplkgyjv.txt
C:\WINDOWS\system32\drivers\dwrwn^on.sys
C:\WINDOWS\system32\drivers\xflrjgbf.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\Abbr
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\prod_code
C:\Documents and Settings\MSI\Data aplikací\SuspenzorPC
C:\Documents and Settings\MSI\Data aplikací\SuspenzorPC\Logs\update.log
C:\Documents and Settings\MSI\Data aplikací\VirusRemover2008
C:\Documents and Settings\MSI\Data aplikací\VirusRemover2008\Logs\scns.log
C:\Program Files\Common Files\SuspenzorPC
C:\Program Files\icq5_04_setup.exe
C:\Program Files\ICQCZZakl.exe
C:\Program Files\wplkgyjv.txt
C:\WINDOWS\system32\drivers\dwrwn^on.sys
C:\WINDOWS\system32\drivers\xflrjgbf.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-20 do 2008-10-20 )))))))))))))))))))))))))))))))
.

2008-10-20 18:07 . 2008-10-20 18:07 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-20 18:07 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-19 21:08 . 2008-10-19 21:25 <DIR> d-------- C:\SDFix
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-10-15 16:01 . 2008-10-15 16:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\ICQ Toolbar
2008-10-01 20:46 . 2008-10-01 20:46 <DIR> d-------- C:\Temp\lgfwauto
2008-09-29 16:22 . 2008-09-29 16:22 <DIR> d-------- C:\Program Files\BSPlayer
2008-09-22 07:26 . 2008-10-19 13:27 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-20 10:53 . 2008-10-19 17:58 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-20 10:52 . 2008-09-20 11:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-20 10:52 . 2008-09-20 10:52 <DIR> d-------- C:\Documents and Settings\MSI\Data aplikací\PC Tools
2008-09-20 10:52 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-20 10:52 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-20 10:52 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-20 10:52 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 16:30 --------- d-----w C:\Program Files\lg_fwupdate
2008-10-19 19:47 2,483 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-10-19 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 16:23 --------- d-----w C:\Program Files\CyberLink
2008-10-19 16:22 --------- d-----w C:\Program Files\Macromedia
2008-10-19 16:21 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-10-19 16:14 --------- d-----w C:\Program Files\Sony
2008-10-19 16:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-19 16:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-19 16:09 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-10-19 16:05 --------- d-----w C:\Program Files\AOL Security Toolbar
2008-10-19 12:24 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-19 12:19 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-19 11:26 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Spyware Terminator
2008-10-18 17:23 --------- d-----w C:\Program Files\ICQToolbar
2008-10-17 13:14 --------- d-----w C:\Program Files\Winamp
2008-10-16 17:44 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\uTorrent
2008-09-29 14:19 --------- d-----w C:\Program Files\BSplayer Pro
2008-09-20 10:20 --------- d-----w C:\Program Files\QIP
2008-09-17 12:34 --------- d-----w C:\Program Files\Cool CENZURA
2008-09-13 11:05 --------- d-----w C:\Program Files\Java
2008-09-08 13:24 --------- d-----w C:\Program Files\The KMPlayer1431
2008-08-22 13:24 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2008-08-22 09:13 --------- d-----w C:\Documents and Settings\MSI\Data aplikací\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Nokia
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-22 09:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-22 09:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2006-11-19 15:18 5,239,468 ----a-w C:\Program Files\01-Eye Of The Tiger (Rocky III).zip
2005-11-14 18:59 1,228 ----a-w C:\Program Files\GPRSpeed Plus Client setup.log
.

((((((((((((((((((((((((((((( snapshot@2008-10-19_20.28.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-19 19:16:20 9,469,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-19 19:16:20 327,680 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-19 19:16:18 9,469,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-19 19:16:18 327,680 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-10-20 16:07:56 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe
- 2008-08-22 09:04:43 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe
+ 2008-10-20 16:08:23 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe
+ 2007-09-17 13:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-05-20 08:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll
+ 2008-05-20 08:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2008-01-21 14:33 1502232 --a------ C:\Program Files\download-boosters\tbdow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdow1.dll" [2008-01-21 1502232]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2004-09-24 1916928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-02-09 249856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-19 185896]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-13 1783808]
"ftutil2"="ftutil2.dll" [2003-12-17 C:\WINDOWS\system32\ftutil2.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\game.dat"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20734:TCP"= 20734:TCP:BitComet 20734 TCP
"20734:UDP"= 20734:UDP:BitComet 20734 UDP

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-20 141312]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-02-27 120320]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
S0 dwsaagkv;dwsaagkv;C:\WINDOWS\system32\drivers\ckhbwymd.sys [ ]
S3 PCD65X10;PCD65X10;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X10.sys [ ]
S3 PCD65X2;PCD65X2;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X2.sys [ ]
S3 PCD65X3;PCD65X3;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X3.sys [ ]
S3 PCD65X4;PCD65X4;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X4.sys [ ]
S3 PCD65X5;PCD65X5;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X5.sys [ ]
S3 PCD65X6;PCD65X6;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X6.sys [ ]
S3 PCD65X7;PCD65X7;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X7.sys [ ]
S3 PCD65X8;PCD65X8;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X8.sys [ ]
S3 PCD65X9;PCD65X9;C:\DOCUME~1\MSI\LOCALS~1\Temp\PCD65X9.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

*Newly Created Service* - SERVICELAYER
.
Obsah adresáře 'Naplánované úlohy'

2008-10-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 18:30:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Celkový čas: 2008-10-20 18:37:06 - počítač byl restartován [MSI]
ComboFix-quarantined-files.txt 2008-10-20 16:36:57
ComboFix2.txt 2008-10-19 20:00:27
ComboFix3.txt 2008-10-19 18:30:20

Před spuštěním: 5 174 091 776
Po spuštění: 5,167,566,848

223

[jaro3]

Najdi a smaž:C:\SDFix
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Vlož sem ještě nový log z HJT.

[kopec121]

smazano , odinstalovano. tady je log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:24, on 20.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\MSI\Plocha\antivyry\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nasi.ova.czf:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FAC58-9D49-464E-A79F-4B23014309F6}: NameServer = 172.23.76.1,10.153.195.1
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8818 bytes

[jaro3]

Logy čisté.
Pročisti registry a oprav problémy pomocí CCleaneru:
viewtopic.php?t=5130
a použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.exe
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u10
https://cds.sun.com/is-bin/INTERSHOP.en ... _Developer

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Doinstaluj nějaký antivir , aspoň free, pohledej zde na fóru, nebo zadej téma, kolegové Ti něco doporučí.
Jinak je to vše.