Neplatná kopie Windows (vyřešeno) Vyřešeno

[pcer]

Prosím o kontrolu logu z Hijackthis, stále se mi objevuje hláška o neplatnosti kopie Windows (knihovna wowfx.dll). Použit C-cleaner, Spybot, nepomohlo to. Předem děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:43, on 10. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: winilr32 - C:\WINDOWS\SYSTEM32\winilr32.dll
O21 - SSODL: zip - {61954e6c-f4c3-474f-92ae-172b57ab7813} - C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll
O21 - SSODL: UnknownCD - {236532d0-3d07-41a1-b989-07a7cc3881f1} - C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
O21 - SSODL: WinUnknown - {55257735-82c6-4406-9360-e3200dd80fe6} - C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
O21 - SSODL: RomRom - {dbc91a3b-2051-4cd7-89c7-00942b4c34d4} - C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
O21 - SSODL: WinRam - {c7079257-0c0e-4aa0-a5bb-01c34559a30f} - C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
O21 - SSODL: ChkAlrt - {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

--
End of file - 4058 bytes

[Reklama]

[Baron Prášil]

tak tě vítám na fóru PC-HELP a jak tak koukám na ten tvůj log,tak jsi si nemohl vybrat lépe.
ten komp je zcela nezabezpečenej a několik různých ras a druhů infiltrací si tam momentálně dělá moc fajn piknik

takže já snad ani nevim co jako první,jestli instalace zabezpečení.to by se z toho stroje taky mohlo začít kouřit.

takže to vemem rovnou combofixem
předtím vypni obnovu systému(tam už jsou připravený další rekreanti )
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
až budem hotoví,tak si jí zase zapni opačným postupem

zkontroluj v ovládacích panelech jestli máš zapnutej firewall ve windows

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

[pcer]

Děkuji vám za včerejší rychlou odpověď, dnes jsem udělal vše podle návodu, níže jsou logy. Zapomněl jsem říci, že infikované PC není připojené k netu. Díky za odpověď.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:52, on 11. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gomyhit.com/MTc5NjM=/2/6190/ax=1 ... x=1/30029/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: zip - {61954e6c-f4c3-474f-92ae-172b57ab7813} - C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll
O21 - SSODL: UnknownCD - {236532d0-3d07-41a1-b989-07a7cc3881f1} - C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
O21 - SSODL: WinUnknown - {55257735-82c6-4406-9360-e3200dd80fe6} - C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
O21 - SSODL: RomRom - {dbc91a3b-2051-4cd7-89c7-00942b4c34d4} - C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
O21 - SSODL: WinRam - {c7079257-0c0e-4aa0-a5bb-01c34559a30f} - C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
O21 - SSODL: ChkAlrt - {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

--
End of file - 3571 bytes


ComboFix 08-02-11.2 - Pavel 2008-02-11 14:33:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.540 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wowfx.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 20:39 . 2008-02-10 20:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:08 . 2007-07-25 11:50 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-02-10 19:08 . 2008-02-10 20:39 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-02-10 19:08 . 2008-02-10 19:12 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-10 19:08 . 2008-02-10 20:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-02-10 18:03 . 2008-02-10 18:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-02-10 17:58 . 2008-08-25 08:34 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-02-10 16:20 . 2001-10-25 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-10 16:19 . 2001-10-25 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-10 16:18 . 2001-10-25 13:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-10 16:17 . 2004-08-17 14:49 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-10 15:49 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-02-10 15:24 . 2008-02-10 15:24 524 --a------ C:\WINDOWS\HPFCSS20.INI
2008-02-10 14:20 . 2008-02-10 14:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-09 17:59 . 2008-02-09 17:59 12,288 --a------ C:\Program Files\tmp7385203.exe
2008-02-09 17:59 . 2008-02-09 17:59 12,288 --a------ C:\Program Files\tmp7384078.exe
2008-02-09 17:59 . 2008-02-09 17:59 10,240 --a------ C:\Program Files\tmp7384406.exe
2008-02-09 17:59 . 2008-02-09 17:59 10,240 --a------ C:\Program Files\tmp7383953.exe
2008-02-08 15:59 . 2008-02-08 15:59 11,776 --a------ C:\Program Files\tmp166453.exe
2008-02-08 15:59 . 2008-02-08 15:59 10,240 --a------ C:\Program Files\tmp166531.exe
2008-02-08 15:59 . 2008-02-08 15:59 10,240 --a------ C:\Program Files\tmp166468.exe
2008-02-08 15:59 . 2008-02-08 15:59 10,240 --a------ C:\Program Files\tmp166421.exe
2008-02-08 15:59 . 2008-02-08 15:59 10,240 --a------ C:\Program Files\tmp166406.exe
2008-02-06 11:18 . 2008-02-06 11:18 11,776 --a------ C:\Program Files\tmp230328.exe
2008-02-06 11:18 . 2008-02-06 11:18 11,776 --a------ C:\Program Files\tmp229515.exe
2008-02-06 11:18 . 2008-02-06 11:18 11,776 --a------ C:\Program Files\tmp229484.exe
2008-02-06 11:18 . 2008-02-06 11:18 10,240 --a------ C:\Program Files\tmp229765.exe
2008-02-06 11:18 . 2008-02-06 11:18 10,240 --a------ C:\Program Files\tmp229593.exe
2008-02-06 11:18 . 2008-02-06 11:18 10,240 --a------ C:\Program Files\tmp229562.exe
2008-02-06 11:18 . 2008-02-06 11:18 10,240 --a------ C:\Program Files\tmp229531.exe
2008-02-06 11:18 . 2008-02-06 11:18 10,240 --a------ C:\Program Files\tmp229500.exe
2008-02-05 17:11 . 2008-02-05 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 17:06 . 2008-02-05 17:06 10,240 --a------ C:\Program Files\tmp21777953.exe
2008-02-05 16:54 . 2008-02-05 16:54 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 15:00 . 2008-02-04 15:00 10,240 --a------ C:\Program Files\5679984.exe
2008-02-03 14:42 . 2008-02-03 14:42 33,241 --a------ C:\Program Files\10289062.exe
2008-02-03 14:42 . 2008-02-03 14:42 28,861 --a------ C:\Program Files\10287859.exe
2008-02-03 14:42 . 2008-02-03 14:42 11,776 --a------ C:\Program Files\10282593.exe
2008-02-03 14:42 . 2008-02-03 14:42 11,776 --a------ C:\Program Files\10281921.exe
2008-02-03 14:42 . 2008-02-03 14:42 11,776 --a------ C:\Program Files\10281906.exe
2008-02-03 14:42 . 2008-02-03 14:42 10,240 --a------ C:\Program Files\10281343.exe
2008-02-03 14:42 . 2008-02-03 14:42 10,240 --a------ C:\Program Files\10280937.exe
2008-02-03 12:04 . 2008-02-04 15:10 160,560 --a------ C:\Program Files\udefender_setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 16:39 --------- d-----w C:\Program Files\ICQToolbar
2008-02-05 16:12 --------- d-----w C:\Program Files\Lavasoft
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-21 12:27 416256]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1999-03-03 10:39 36352]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-08-21 12:27 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {61954e6c-f4c3-474f-92ae-172b57ab7813} - C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll [2008-02-03 14:42 39462]
"UnknownCD"= {236532d0-3d07-41a1-b989-07a7cc3881f1} - C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll [2008-02-05 10:49 14374]
"WinUnknown"= {55257735-82c6-4406-9360-e3200dd80fe6} - C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll [2008-02-05 10:50 14374]
"RomRom"= {dbc91a3b-2051-4cd7-89c7-00942b4c34d4} - C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll [2008-02-05 10:50 14374]
"WinRam"= {c7079257-0c0e-4aa0-a5bb-01c34559a30f} - C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll [2008-02-05 10:50 14374]
"ChkAlrt"= {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll [2008-02-05 10:50 14374]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^.protected]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^.protected]
path=C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^findfast.exe]
path=C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 19:43 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 20:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"NMIndexingService"=3 (0x3)

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 14:39:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
-> C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
-> C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
-> C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
-> C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-02-11 14:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 13:40:20
ComboFix2.txt 2008-02-11 13:25:10

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll
C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
C:\WINDOWS\system32\wowfx.dll
C:\Program Files\tmp7385203.exe
C:\Program Files\tmp7384078.exe
C:\Program Files\tmp7384406.exe
C:\Program Files\tmp7383953.exe
C:\Program Files\tmp166453.exe
C:\Program Files\tmp166531.exe
C:\Program Files\tmp166468.exe
C:\Program Files\tmp166421.exe
C:\Program Files\tmp166406.exe
C:\Program Files\tmp230328.exe
C:\Program Files\tmp229515.exe
C:\Program Files\tmp229484.exe
C:\Program Files\tmp229765.exe
C:\Program Files\tmp229593.exe
C:\Program Files\tmp229562.exe
C:\Program Files\tmp229531.exe
C:\Program Files\5679984.exe
C:\Program Files\10287859.exe
C:\Program Files\10282593.exe
C:\Program Files\10281921.exe
C:\Program Files\10281906.exe
C:\Program Files\10280937.exe
C:\Program Files\tmp229500.exe
C:\Program Files\10281343.exe
C:\Program Files\udefender_setup.exe

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"=-
"UnknownCD"=-
"WinUnknown"=-
"RomRom"=-
"WinRam"=-
"ChkAlrt"= 

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis

[pcer]

Tady jsou aktuální logy, trochu déle mi to trvá, páč se, pro spouštění HijackThis
, musím přihlašovat v nouzovém režimu (Admin). Díky za rady.


ComboFix 08-02-11.2 - Pavel 2008-02-11 15:58:26.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.538 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pavel\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\10280937.exe
C:\Program Files\10281343.exe
C:\Program Files\10281906.exe
C:\Program Files\10281921.exe
C:\Program Files\10282593.exe
C:\Program Files\10287859.exe
C:\Program Files\5679984.exe
C:\Program Files\tmp166406.exe
C:\Program Files\tmp166421.exe
C:\Program Files\tmp166453.exe
C:\Program Files\tmp166468.exe
C:\Program Files\tmp166531.exe
C:\Program Files\tmp229484.exe
C:\Program Files\tmp229500.exe
C:\Program Files\tmp229515.exe
C:\Program Files\tmp229531.exe
C:\Program Files\tmp229562.exe
C:\Program Files\tmp229593.exe
C:\Program Files\tmp229765.exe
C:\Program Files\tmp230328.exe
C:\Program Files\tmp7383953.exe
C:\Program Files\tmp7384078.exe
C:\Program Files\tmp7384406.exe
C:\Program Files\tmp7385203.exe
C:\Program Files\udefender_setup.exe
C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll
C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
C:\WINDOWS\system32\wowfx.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\10280937.exe
C:\Program Files\10281343.exe
C:\Program Files\10281906.exe
C:\Program Files\10281921.exe
C:\Program Files\10282593.exe
C:\Program Files\10287859.exe
C:\Program Files\5679984.exe
C:\Program Files\tmp166406.exe
C:\Program Files\tmp166421.exe
C:\Program Files\tmp166453.exe
C:\Program Files\tmp166468.exe
C:\Program Files\tmp166531.exe
C:\Program Files\tmp229484.exe
C:\Program Files\tmp229500.exe
C:\Program Files\tmp229515.exe
C:\Program Files\tmp229531.exe
C:\Program Files\tmp229562.exe
C:\Program Files\tmp229593.exe
C:\Program Files\tmp229765.exe
C:\Program Files\tmp230328.exe
C:\Program Files\tmp7383953.exe
C:\Program Files\tmp7384078.exe
C:\Program Files\tmp7384406.exe
C:\Program Files\tmp7385203.exe
C:\Program Files\udefender_setup.exe
C:\WINDOWS\Installer\{236532d0-3d07-41a1-b989-07a7cc3881f1}\UnknownCD.dll
C:\WINDOWS\Installer\{55257735-82c6-4406-9360-e3200dd80fe6}\WinUnknown.dll
C:\WINDOWS\Installer\{61954e6c-f4c3-474f-92ae-172b57ab7813}\zip.dll
C:\WINDOWS\Installer\{c7079257-0c0e-4aa0-a5bb-01c34559a30f}\WinRam.dll
C:\WINDOWS\Installer\{dbc91a3b-2051-4cd7-89c7-00942b4c34d4}\RomRom.dll
C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll
C:\WINDOWS\system32\wowfx.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 20:39 . 2008-02-10 20:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:08 . 2008-02-10 20:39 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-02-10 19:08 . 2008-02-10 19:12 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-02-10 19:08 . 2007-07-25 11:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-02-10 19:08 . 2007-05-23 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-02-10 19:08 . 2008-02-10 20:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-02-10 18:03 . 2008-02-10 18:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-02-10 16:34 . 2008-02-10 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-10 16:20 . 2001-10-25 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-10 16:19 . 2001-10-25 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-10 16:18 . 2001-10-25 13:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-10 16:17 . 2004-08-17 14:49 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-10 16:15 . 2008-02-10 16:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-10 15:49 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-02-10 15:24 . 2008-02-10 15:24 524 --a------ C:\WINDOWS\HPFCSS20.INI
2008-02-10 14:20 . 2008-02-10 14:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-09 16:27 . 2005-06-08 00:36 161,344 --a------ C:\Documents and Settings\Pavel\Data aplikací\avsyscare.exe
2008-02-05 17:11 . 2008-02-05 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 17:11 . 2008-02-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-02-05 17:06 . 2008-02-05 17:06 10,240 --a------ C:\Program Files\tmp21777953.exe
2008-02-05 16:54 . 2008-02-05 16:54 <DIR> d-------- C:\Program Files\CCleaner
2008-02-03 14:42 . 2008-02-03 14:42 33,241 --a------ C:\Program Files\10289062.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 12:34 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-02-05 16:39 --------- d-----w C:\Program Files\ICQToolbar
2008-02-05 16:12 --------- d-----w C:\Program Files\Lavasoft
2008-02-05 16:12 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\Lavasoft
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-09-21 11:26 16,760 ----a-w C:\Documents and Settings\Pavel\Data aplikací\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-21 12:27 416256]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1999-03-03 10:39 36352]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-08-21 12:27 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ChkAlrt"= {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^.protected]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^.protected]
path=C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^findfast.exe]
path=C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 19:43 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 20:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"NMIndexingService"=3 (0x3)

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 15:59:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 16:00:18
ComboFix-quarantined-files.txt 2008-02-11 15:00:04
ComboFix2.txt 2008-02-11 13:40:30
ComboFix3.txt 2008-02-11 13:25:10


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:23, on 11. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: ChkAlrt - {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

--
End of file - 2983 bytes

[Baron Prášil]

nainstaluj firewall,hned-taháš si to furt do kompu
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

a antispyware taky
Spyware Terminator nebo Spybot S&D
návod na ST http://www.viry.cz/forum/viewtopic.php?t=44730
návod na Spybot http://www.jaknato.com/index.php?clanek ... tne-slouzi

je to nutný!

potom znovu spust hjt a fixni(pokud tam budou)
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://goyhit.com/MTc5NjM=/2/.....x=1
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O21 - SSODL: ChkAlrt - {f4419e05-ddfc-4178-8045-5e181e16a3df} - C:\WINDOWS\Installer\{f4419e05-ddfc-4178-8045-5e181e16a3df}\ChkAlrt.dll (file missing)

poté
stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\hpfsched.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu
po restartu pošli nový log z hjt a info-jak se chová komp?

[pcer]

OK, vše udělám a pošlu log. Zatím díky.

[Baron Prášil]

[pcer]

Omlouvám se za zdržení, výše uvedené jsem provedl; PC jsem zkontroloval SpywareTerminatorem a CCleanerem, vše OK. PC se taky po zapnutí chová OK. Posílám akt. log z hjt. Díky za odpověď.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:57, on 13. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

--
End of file - 2417 bytes

[Baron Prášil]

log je bez šmejdů.proč v něm nevidím výsledky bezpečnostních doporučení co jsem ti napsal?
firewall a antispyware?

[pcer]

Komp běhá bez problémů, Terminátor je nainstalován, Firewall prostuduju a bude taky hlídat.
Moc díky za vyřešení problémů, jsi mág. Zdravím tě!

[Baron Prášil]

supr.nemáš zač a dík za mága.měj se