suspenzorPC

[Ghostwriter]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:59, on 20.3.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\TEMP\BN3.tmp
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\lofas\Local Settings\Application Data\windowsupdate.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 85.255.116.149,85.255.112.169
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O21 - SSODL: altvxvm - {9B9C20E9-2E4B-4835-AA95-D29005AB6F8A} - C:\WINDOWS\altvxvm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Schedule - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8283 bytes

[Reklama]

[Baron Prášil]

ten komp je děravej jak cedník. ani ten firewall ve windows nemáš,díky absenci SP2

takže jako první nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm,Comodo nebo Ashampoo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
Ashampoo Firewall free + čeština

vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit

Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.

[Ghostwriter]

takjo splněno, pořád je to hafec pomalý a vyskakovala na mě chyba "windows byl obnoven po závažné chybě" nebo něco takovýho, tady jsou logy, jdu nainstalovat firewall



SDFix: Version 1.159

Run by lofas on źt 20.03.2008 at 15:44

Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix

Checking Services :

Name:
JNQ60

Path:
\SystemRoot\System32\Drivers\Jnq60.sys

JNQ60 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\kdtwy.exe - Deleted
C:\876280~1 - Deleted
C:\WINDOWS\system32\drivers\ntio922.sys - Deleted
C:\WINDOWS\system32\drivers\ndisaluo.sys - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\WINDOWS\system32\drivers\IMP14.sys - Deleted
C:\WINDOWS\system32\drivers\JNQ60.sys - Deleted



Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\WINDOWS\privacy_danger - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 15:51:46
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7e,f8,87,75,d5,68,83,1e,e7,c7,a2,9e,76,6c,21,50,2d,34,9b,a9,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6d,ff,81,6b,3a,cc,b1,11,e5,ae,05,38,fb,07,b3,ec,93,..
"khjeh"=hex:cd,1c,eb,8d,47,76,7e,11,36,c2,59,b2,3a,2e,03,d3,d3,16,1f,d4,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,9a,78,d9,c9,53,f1,f7,62,13,7d,a7,06,f7,b6,c8,11,2d,06,40,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7e,f8,87,75,d5,68,83,1e,e7,c7,a2,9e,76,6c,21,50,2d,34,9b,a9,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6d,ff,81,6b,3a,cc,b1,11,e5,ae,05,38,fb,07,b3,ec,93,..
"khjeh"=hex:cd,1c,eb,8d,47,76,7e,11,36,c2,59,b2,3a,2e,03,d3,d3,16,1f,d4,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,9a,78,d9,c9,53,f1,f7,62,13,7d,a7,06,f7,b6,c8,11,2d,06,40,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7e,f8,87,75,d5,68,83,1e,e7,c7,a2,9e,76,6c,21,50,2d,34,9b,a9,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6d,ff,81,6b,3a,cc,b1,11,e5,ae,05,38,fb,07,b3,ec,93,..
"khjeh"=hex:cd,1c,eb,8d,47,76,7e,11,36,c2,59,b2,3a,2e,03,d3,d3,16,1f,d4,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,9a,78,d9,c9,53,f1,f7,62,13,7d,a7,06,f7,b6,c8,11,2d,06,40,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:e21340e2
"s1"=dword:6c54e3fd
"s2"=dword:5f5bfabb
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7e,f8,87,75,d5,68,83,1e,e7,c7,a2,9e,76,6c,21,50,2d,34,9b,a9,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6d,ff,81,6b,3a,cc,b1,11,e5,ae,05,38,fb,07,b3,ec,93,..
"khjeh"=hex:cd,1c,eb,8d,47,76,7e,11,36,c2,59,b2,3a,2e,03,d3,d3,16,1f,d4,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,9a,78,d9,c9,53,f1,f7,62,13,7d,a7,06,f7,b6,c8,11,2d,06,40,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7e,f8,87,75,d5,68,83,1e,e7,c7,a2,9e,76,6c,21,50,2d,34,9b,a9,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6d,ff,81,6b,3a,cc,b1,11,e5,ae,05,38,fb,07,b3,ec,93,..
"khjeh"=hex:cd,1c,eb,8d,47,76,7e,11,36,c2,59,b2,3a,2e,03,d3,d3,16,1f,d4,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,9a,78,d9,c9,53,f1,f7,62,13,7d,a7,06,f7,b6,c8,11,2d,06,40,ec,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

C:\Documents and Settings\lofas\Local Settings\Temporary Internet Files\Content.IE5\IXW1EL0D\framesetScreen[1].:
1354 bytes hidden from API
C:\Documents and Settings\lofas\Local Settings\Temporary Internet Files\Content.IE5\UV0NUZEX\folderScreen[1].:
37300 bytes hidden from API
C:\Documents and Settings\lofas\Local Settings\Temporary Internet Files\Content.IE5\UV0NUZEX\gate[1].:
548 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 16 Sep 1996 202,240 A..H. --- "C:\hry\Neverhood\setup95.exe"
Sat 22 Oct 2005 56 ..SHR --- "C:\WINDOWS\system32\9A7F71F1A0.sys"
Mon 13 Aug 2007 13,146 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 21 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 Mar 2008 26,912 ..SH. --- "C:\WINDOWS\system32\drivers\svchost.exe"
Fri 21 Oct 2005 4,348 ...H. --- "C:\Documents and Settings\lofas\Dokumenty\Hudba\License Backup\drmv1key.bak"
Thu 11 May 2006 20 A..H. --- "C:\Documents and Settings\lofas\Dokumenty\Hudba\License Backup\drmv1lic.bak"
Sat 8 Apr 2006 400 ...H. --- "C:\Documents and Settings\lofas\Dokumenty\Hudba\License Backup\drmv2key.bak"
Thu 11 May 2006 10,752 A..H. --- "C:\Documents and Settings\lofas\Dokumenty\Hudba\License Backup\drmv2lic.bak"
Thu 4 Jan 2007 53,760 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL0001.tmp"
Wed 14 Feb 2007 28,672 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL0005.tmp"
Wed 14 Feb 2007 239,104 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL0031.tmp"
Wed 14 Feb 2007 233,472 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL0409.tmp"
Wed 14 Feb 2007 239,104 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1148.tmp"
Wed 14 Feb 2007 239,616 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1405.tmp"
Wed 14 Feb 2007 238,080 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1619.tmp"
Wed 14 Feb 2007 254,464 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1757.tmp"
Wed 14 Feb 2007 239,104 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1833.tmp"
Wed 14 Feb 2007 275,968 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL1883.tmp"
Wed 14 Feb 2007 275,968 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL2091.tmp"
Wed 14 Feb 2007 223,744 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL3093.tmp"
Wed 14 Feb 2007 243,712 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL3804.tmp"
Wed 14 Feb 2007 232,960 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_05\~WRL3893.tmp"
Thu 15 Feb 2007 54,784 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_07\~WRL0002.tmp"
Thu 15 Feb 2007 42,496 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_07\~WRL0004.tmp"
Thu 15 Feb 2007 44,032 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_07\~WRL0783.tmp"
Tue 20 Feb 2007 55,296 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL0084.tmp"
Tue 20 Feb 2007 54,272 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL2328.tmp"
Tue 20 Feb 2007 50,688 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL2363.tmp"
Tue 20 Feb 2007 46,592 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL2424.tmp"
Tue 20 Feb 2007 36,352 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL3065.tmp"
Thu 15 Feb 2007 72,192 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL3919.tmp"
Tue 20 Feb 2007 54,272 A..H. --- "C:\Honza\school\maturitauzne\vypoźetka\mativt\m_i_10\~WRL3964.tmp"

Finished!













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:00, on 20.3.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D36B1878-7FE7-4B85-B3B1-38531651E8E5}: NameServer = 85.255.116.149,85.255.112.169
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.169
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Schedule - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7535 bytes

[Ghostwriter]

tak jsem zkoušel ashampoo a ten po restartu celej spad, samá chyba, ukončení aplikace... dám tam zonealarm
jinak symptomy jsou stále stejné, skáčou na mě okna, pomalý prohlížeč :(

[Oyer]

mel jsem tu sracku v kompu, ale zmizelo to samo, prisuzuju to NOD32 tak si ho taky zkuste

[Ghostwriter]

taakže zone alarm nejde - zlclient.exe chyba aplikace, stejně tak ten třetí doporučovanej firewall.. to je neuvěřitelný, já už tu nerozchodim žádnou aplikaci :(

[HyBLiK]

Skus Sunbelt Kerio. Po vypršení licence je mírně okleštěn myslím. Pokud i to nepůjde vyděl bych to na reinstal systému.

[Ghostwriter]

ono to chce hlavně nejdřív vyčistit od toho bordelu a až pak tam cpát firewall, podle mýho názoru

[HyBLiK]

Tak defragmentuj, použij CCleaner a RegCleaner. Odinstaluj zbytečnosti které nepotřebuješ poté znovu očištění CClanerem a RegCleanerem a budeme chytřejší.

// EDIT: žádnýho šmejda tam nevidím, jedině aktualizuj javu. Někde to tu je popsaný, Hledej šmudlo...

[paul27]

Nejdřív by to chtělo doodvirovat. Radši bych počkal na Barona.

C:\WINDOWS\system32\drivers\svchost.exe

[Ghostwriter]

v logu z hijackthis je pořád svinstvo:

C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dwwin.exe

plus určitě ještě něco v registrech, ale NEJSEM SI JISTEJ, proto počkám na Barona Prášila, aby to zkontroloval (předem dík)

Jinak ještě jedna drobnost, na ploše mam jako pozadí bílou html stránku, ale nemůžu se ji zbavit, pač adresář s ní jsem smazal, ale je to tohle:

O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

[Ghostwriter]

paul27: přesně tak, nejdřív se zbavit těch zásadních ksindlů jinak svchost to asi bude všechno řídit, šmejd jeden