HiJackThis

[Baron Prášil]

tak ZA jsem míval a tam,koneckonců jako v každým firewallu rozklikneš menu najdeš část o kontrole aplikací,
tam najdeš ten firefox a pokud tam bude přeškrtnutej tak na něj polikáš a nastavíš na povolit.

takže tak to asi bude i tady,ale samozřejmě není problém,změnit firewall třeba na comodo.

a použij tedy ten combofix
třeba nám něco ukáže a umáže
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

[Reklama]

[Karel1943]

ComboFix 08-03-01.3 - KAREL 2008-03-02 14:22:04.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.92 [GMT 1:00]
Running from: C:\Documents and Settings\KAREL\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\100.exe
C:\WINDOWS\455.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-02 13:03 . 2008-03-02 13:03 0 --a------ C:\rollback.ini
2008-03-02 12:34 . 2008-03-02 12:34 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-01 20:20 . 2008-03-01 20:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-03-01 18:38 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-03-01 18:38 . 2008-03-02 12:35 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-03-01 18:37 . 2008-03-02 14:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2008-03-01 18:36 . 2008-03-02 14:14 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-01 08:52 . 2008-03-02 11:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 08:31 . 2008-03-01 10:38 133 --a------ C:\23990098.$$$
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\SYSTEM32\vcmgcd32.dll
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\SYSTEM32\iifgfgf.dll
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-03-01 08:00 . 2008-03-01 08:00 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-03-01 07:58 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2008-03-01 07:58 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\SYSTEM32\T.COM
2008-03-01 07:58 . 2008-03-01 20:11 26 --a------ C:\WINDOWS\Lic.xxx
2008-02-27 09:57 . 2008-02-27 09:57 <DIR> d-------- C:\Program Files\Voipwise.com
2008-02-25 14:59 . 2008-02-25 15:00 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-02-17 17:55 . 2008-03-01 08:59 <DIR> d-------- C:\Program Files\Smart PC Solutions
2008-02-17 08:34 . 2008-02-17 08:34 <DIR> d-------- C:\Downloads
2008-02-10 12:30 . 2008-02-10 12:30 <DIR> d-------- C:\Program Files\Indentix
2008-02-04 13:34 . 2004-10-08 01:32 163,840 -ra------ C:\WINDOWS\SYSTEM32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 10:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 09:36 --------- d-----w C:\Program Files\3B Software
2008-03-01 08:08 --------- d-----w C:\Program Files\Vista Start Menu
2008-03-01 08:07 --------- d-----w C:\Program Files\FDF
2008-02-29 10:00 --------- d-----w C:\Program Files\Spyware Terminator
2008-02-25 14:42 --------- d-----w C:\Program Files\Freecorder
2008-02-17 07:41 --------- d-----w C:\Program Files\SpeedFan
2008-01-20 14:47 --------- d-----w C:\Program Files\UltraSMS
2008-01-20 14:31 --------- d-----w C:\Program Files\HfAsistent
2008-01-17 18:22 --------- d-----w C:\Program Files\TouchStoneSoftware
2008-01-13 08:48 --------- d-----w C:\Program Files\7-Zip
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-05-31 17:43 703,258 ----a-w C:\Program Files\JUN2007_d3dx10_34_x64.cab
2007-05-31 17:43 701,218 ----a-w C:\Program Files\JUN2007_d3dx10_34_x86.cab
2007-05-31 17:43 44,687 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-05-31 17:43 200,646 ----a-w C:\Program Files\JUN2007_XACT_x64.cab
2007-05-31 17:43 155,892 ----a-w C:\Program Files\JUN2007_XACT_x86.cab
2007-05-31 17:43 1,611,772 ----a-w C:\Program Files\JUN2007_d3dx9_34_x64.cab
2007-05-31 17:43 1,610,203 ----a-w C:\Program Files\JUN2007_d3dx9_34_x86.cab
2003-01-01 05:49 266 --sh--w C:\Program Files\desktop.ini
2003-01-01 05:49 11,253 ---ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-02-25 15:42 1555480 --a------ C:\Program Files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-02 12:34 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [2008-02-25 15:42 1555480]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-02 12:34 262144]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 12:53 1704624]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"Voipwise"="C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" [2007-09-06 11:24 7394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-09-01 05:20 2778112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-18 09:59 180269]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 01:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 01:27 126976]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 20:39 3647656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^KAREL^Nabídka Start^Programy^Po spuštění^Scheduler.lnk]
path=C:\Documents and Settings\KAREL\Nabídka Start\Programy\Po spuštění\Scheduler.lnk
backup=C:\WINDOWS\pss\Scheduler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^KAREL^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
--a------ 2004-12-17 21:44 318976 C:\Program Files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idefisk.exe]
--a------ 2006-06-23 22:02 2343936 C:\Program Files\idefisk\idefisk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-17 14:49 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 14:16 5058560 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 14:16 49152 C:\WINDOWS\System32\NVMCTRAY.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 15:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
--a------ 2007-07-27 20:39 3647656 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2006-05-12 10:27 831488 C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 15:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-08-12 10:02 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-29 08:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-18 09:59 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 2006-06-19 10:43 262144 C:\WINDOWS\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
--a------ 2007-09-06 11:24 7394608 C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 18:38 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2004-08-02 14:32 176128 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\idefisk\\idefisk.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2007-09-01 05:22]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-12 11:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-12 11:34]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-12 11:34]
S3 NCHSSVAD;SoundTap Recorder;C:\WINDOWS\system32\drivers\nchssvad.sys [2007-09-08 14:33]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2007-01-18 13:38]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 08:53]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 14:33:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-03-02 14:36:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 13:36:13
.
2007-07-09 14:32:37 --- E O F ---

[Karel1943]

Hlásím se opět.Po nainstalování Comode,ty viry šly vymazat ,ale pak nastal restart a konec.Stále se comp snažil načíst,nabíhal Windows,pak znova na začátek do nekonečna.Nedalo se s tím nic udělat,jen jedna varianta, zformátovat HDD atd. 8hodin práce,než jsem to dal dokupy.Tedˇmám konečně klid a nervy "kýblu".

[Baron Prášil]

oki.ale ještě jednou opakuji na viry antivir na spyware antispyware a na kontrolu komunikace na netu-
firewall.