Prosím o kontrolu logu.

[Blaža]

Prosím Vás koukněte mi na log z HJT. Dík moc. Je tam toho asi dost.

Logfile of HijackThis v1.99.1
Scan saved at 18:11:37, on 2.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ConMet\ConMet.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SystemDoctor 2006 Free\dcmon.exe
C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe
C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Martina\LOCALS~1\Temp\winlogon.exe
C:\Documents and Settings\Martina\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Martina\LOCALS~1\Temp\winlogon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ćL: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[Reklama]

[fredik]

Odinstaluj přes Přidat nebo odebrat programy:
WinAntiVirusPro2006
SystemDoctor

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.
+
nový log z HJT

[Blaža]

Tady jsou ty nový logy :

Z SDfix :

SDFix: Version 1.107

Run by Martina on Łt 02.10.2007 at 18:58

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
SysLibrary

ImagePath:
\??\C:\WINDOWS\System32\DefLib.sys

SysLibrary - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\2.TMP - Deleted
C:\3.TMP - Deleted
C:\DOCUME~1\Martina\LOCALS~1\Temp\winlogon.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe - Deleted
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\DefLib.sys - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 27 Jul 2004 0 ...H. --- "C:\Documents and Settings\Martina\Data aplikacˇ\Microsoft\Word\~WRL0004.tmp"

Finished!


Z HJT :
Logfile of HijackThis v1.99.1
Scan saved at 19:08:30, on 2.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Martina\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ćL: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[fredik]

Fixni v HJT toto:
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://es6-scripts.dlv4.com/bi....._em_XP.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/bi....._em_XP.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftwar.....nstall.cab

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vytvoř si na disku novou složku a nějak si ji pojmenuj (např: C:\Bfu)
- Stáhni si Brute Force Uninstaller
- Rozbal si stažený soubor do již vytvořeného adresáře
- Pravým tlačítkem myši klikni zde a vyber možnost Uložit odkaz jako a ulož si ho opět do již vytvořeného adresáře
* Restartuj počítač do nouzového režimu
* Běž do adresáře kde kde máš stažený program
* Spusť program Brute Force Uninstaller (BFU.exe)
* Po zobrazeni okna programu klikni vpravo na ikonu adresáře (žlutá a Open script file...)
* Vyber tam soubor EGDACCESS.bfu a klikni na tlačítko Otevřít
* Dostaneš se zpět na úvodní obrazovku a tam klikni dole na tlačítko Execute a nech program pracovat
* Počkej až vyskočí okno Complete script execution a stiskni OK
* Pak zmáčkni tlačítko Exit kterým ukončíš program

Pak restartuj zpět do normálního režimu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

+ nový log z HJT.

Poznámka:
Používáš starší verzi HijackThis, pokud by jsi někdy v budoucnu ho potřeboval, stáhni si aktuální verzi zde a tu starou před použitím vymaž.

[Blaža]

Tady je log z SuperantiSpyware :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2007 at 08:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3317
Trace Rules Database Version: 1318

Scan type : Complete Scan
Total Scan Time : 00:29:40

Memory items scanned : 373
Memory threats detected : 0
Registry items scanned : 5006
Registry threats detected : 164
File items scanned : 24946
File threats detected : 55

Adware.Tracking Cookie
C:\Documents and Settings\Martina\Cookies\martina@amaena[1].txt
C:\Documents and Settings\Martina\Cookies\martina@toplist[1].txt
C:\Documents and Settings\Martina\Cookies\martina@please[2].txt
C:\Documents and Settings\Martina\Cookies\martina@mediaplex[1].txt
C:\Documents and Settings\Martina\Cookies\martina@winantivirus[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\AVExplorer.ShellExtension
HKCR\AVExplorer.ShellExtension\CLSID
HKCR\AVExplorer.ShellExtension\CurVer
HKCR\AVExplorer.ShellExtension.2
HKCR\AVExplorer.ShellExtension.2\CLSID
HKCR\WAP6.PCheck
HKCR\WAP6.PCheck\CLSID
HKCR\WAP6.PCheck\CurVer
HKCR\WAP6.PCheck.1
HKCR\WAP6.PCheck.1\CLSID
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0\win32
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\FLAGS
HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\HELPDIR
HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid
HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid32
HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib
HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib#Version
HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
HKU\S-1-5-21-1993962763-706699826-839522115-1003\Software\WinAntiVirus Pro 2006
HKLM\SYSTEM\CurrentControlSet\Services\FOPN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME1\WA6P
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\COOKIES\MARTINA@HIT.GEMIUS[1].TXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\MARTINA\LOCALS~1\TEMP\IS-D8LJK.TMP\_ISETUP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\MARTINA\LOCALS~1\TEMP\IS-8NPN4.TMP\_ISETUP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\REGCLEANER\LANGUAGES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\REGCLEANER\BACKUPS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\REPORT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\LOG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SYSTEMDOCTOR 2006 FREE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\MARTINA\LOCALS~1\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\CONMET
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\DATA APLIKACÍ\CONMET\KONTA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\HPCORETECH\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\HPCORETECH
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\DATA APLIKACÍ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\DATA APLIKACÍ\SUNBELT SOFTWARE\COUNTERSPY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U1XQFA14
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\COOKIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QHKBQDA5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AVAST4_
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Z2GRNXKH
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W5WRGB8Z
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\CONFIG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\DATA APLIKACÍ\SYSTEMDOCTOR 2006 FREE\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AV_PROI.TM~A01396
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\MARTINA\LOCAL SETTINGS\DATA APLIKACÍ\SUNBELT SOFTWARE\COUNTERSPY\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\CHEST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AV_PROI.TM~A02136
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AV_PROI.TM~A00392
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AV_PROI.TM~A03940
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRA~1\BILLPS~1\WINPAT~1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AV_PROI.TM~A00184
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#INITSTARTFAILED
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#INITSTARTFAILED
HKCR\IEFWBHO.IEFW
HKCR\IEFWBHO.IEFW\CLSID
HKCR\IEFWBHO.IEFW\CurVer
HKCR\IEFWBHO.IEFW.2
HKCR\IEFWBHO.IEFW.2\CLSID
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\0
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\0\win32
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\FLAGS
HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\HELPDIR
HKCR\WAV6COM.AVOfficeProtect
HKCR\WAV6COM.AVOfficeProtect\CLSID
HKCR\WAV6COM.AVOfficeProtect\CurVer
HKCR\WAV6COM.AVOfficeProtect.1
HKCR\WAV6COM.AVOfficeProtect.1\CLSID
C:\Program Files\Common Files\WinAntiVirus Pro 2006\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll
C:\Program Files\WinAntiVirus Pro 2006
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006\Logs
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\Martina\Data aplikací\WinAntiVirus Pro 2006
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065407.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065408.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065414.EXE

Malware.SystemDoctor
HKCR\SystemDoctor.Free
HKCR\SystemDoctor.Free\CLSID
C:\Program Files\SystemDoctor 2006 Free\mfc71.dll
C:\Program Files\SystemDoctor 2006 Free\msvcp71.dll
C:\Program Files\SystemDoctor 2006 Free\msvcr71.dll
C:\Program Files\SystemDoctor 2006 Free
C:\Documents and Settings\Martina\Data aplikací\SystemDoctor 2006 Free\Logs\update.log
C:\Documents and Settings\Martina\Data aplikací\SystemDoctor 2006 Free\Logs
C:\Documents and Settings\Martina\Data aplikací\SystemDoctor 2006 Free
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065349.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\MARTINA\PLOCHA\BACKUPS\BACKUP-20071002-193430-610.INF
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065404.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065405.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065425.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0066466.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.10\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.11\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.5\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.6\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.7\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.8\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.9\UWA6P_0001_N91M1807NETINSTALLER.EXE
C:\WINDOWS\Prefetch\UWA6P_0001_N91M1807NETINSTALL-00AAA00F.pf
C:\WINDOWS\Prefetch\UWA6P_0001_N91M1807NETINSTALL-38F1A938.pf

Rootkit.DefLib
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP166\A0065227.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065255.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0066450.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0066461.SYS

Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065340.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065341.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0066465.EXE

Trojan.WinSoftware/WinFixer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065406.EXE

Trojan.Downloader-Stera/WinSoftware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065422.EXE

Malware.WinAntiVirus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BCF43D7A-891F-45AE-8C41-DF6A7E255406}\RP167\A0065427.EXE


Tady je log z HJT :

Logfile of HijackThis v1.99.1
Scan saved at 20:46:24, on 2.10.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Martina\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ćL: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[fredik]

Log vypadá dobře, máš ještě nějaké problémy?

Pokud ne tak si stáhni a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.

Jak už jsem zmínil pokud bys někdy v budoucnu potřeboval kontrolu logu tak si stáhni novou verzi HJT.

Také by bylo dobré si doinstalovat Service Pack 2 pro WinXp pokud problémy nepřetrvávají.

[Blaža]

Díky moc. Je to v pohodě.