vyskakování okna fijifj.exe

[kvadratrix]

Díky, udělám to. Napřed ještě zkusím kontrolu pc antivirákem a antispywarovými programy v nouzovém režimu.

[Reklama]

[kvadratrix]

To vyskakování toho okna už ustalo a vypadá to, že ustaly i některé další problémy. Udělal jsem kontroly Ad-Awarem, Spybotem a Spyware Terminatorem a smazal jsem nebezpečné objekty. Teď se zdá stav OK. Stane se něco, když teď udělám ty procesy pomoci CDFixu a ComboFixu? Abych něco nepokazil. Nebo to ničemu nevadí? Nebo mám dodat nový log z HijackThis?
Díky díky za odpověď.

[fredik]

Pokud jsi nepoužil CFScript jak jsem napsal a udělal jsi mezi tím kontrolu pomocí tebou zmíněných programů, tak akci s CFScriptem nedělej. Pošli když tak ten log z SDFix a nový log z ComboFix (bez použití skriptu CFScript!)

[kvadratrix]

Tak to vyskakování fijifj.exe skutečně přestalo, ale mám jiný problém, který s tím zřejmě souvisí. Každou chvíli vždy na chvíli zmizí všechny ikony z plochy, ukáže se tam hláška "Konfigurování individuálního nastavení" (viz výřez ze screenu, který přikládám) a pak se ikony zase objeví. Vždy na chvíli zmizí i lišta se Startem. Běžící programy to neovlivní, ale pokud jsem měl otevřené nějaké složky, tak se tímto zavřou a zůstanou otevřeny jen ostatní programy. Dost to obtěžuje. Všiml jsem si, že se to zřejmě stává jen pokud je v počítači zapojen síťový kabel. (Nahlížel jsem do editoru registru a to číslo na té hlášce, i když není vidět úplně celé, je asi stejné jako číslo uvedené v editoru registru u souboru isee.exe). Občas se potom objeví hláška, že v aplikaci explorer.exe došlo k problému. Dnes jsem udělal opět kontroly proti spywaru, ale bez úspěchu.
Chtěl bych teď udělat ty procesy pomocí CDFix a ComboFix, jak jsi radil a chci se ještě jednou ujistit, co mám přesně udělat - takže:

1) spustit CDFix a nechat rozbalit na disk, kde je Windows -> restart do nouzového režimu -> spustit RunThis.bat -> Y -> Enter -> restart počítače -> (dokončí se čisticí proces) -> vytvoření logu;

2) spuštění ComboFix -> vytvoření logu;
oba logy sem vložit.
(chci se jen o tom postupu ujistit, nechci nic pokazit).

[fredik]

Pokud si stáhl SDFix už někdy dříve, tak si ho stáhni znovu a pak ho použij.

ComboFix jen spusť a nech ho proběhnout.

[kvadratrix]

Tady je log z SDFIxu, pod ním z ComboFixu.


SDFix: Version 1.166

Run by User on p 04.04.2008 at 18:55

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\system32\hook.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:02:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 2 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 2 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 2 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 2 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 7 Mar 2008 13,824 A.SHR --- "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Sat 17 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!






ComboFix 08-03-29.3 - User 2008-04-04 19:07:12.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.70 [GMT 2:00]
Running from: C:\Documents and Settings\User\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 18:50 . 2008-04-04 18:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-04 18:45 . 2008-04-04 06:08 <DIR> d-------- C:\SDFix
2008-04-01 21:35 . 2008-04-01 21:35 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-01 18:30 . 2008-04-01 23:03 20,800 --a------ C:\WINDOWS\system32\Isass
2008-03-31 22:22 . 2008-03-31 22:22 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 22:22 . 2008-03-31 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Crawler
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Documents and Settings\User\Data aplikací\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 01:01 . 2008-03-30 01:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 17:54 . 2008-03-29 17:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 17:54 . 2008-03-29 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-03-29 17:53 . 2008-03-29 17:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 09:50 . 2008-03-29 09:27 102,574 --a------ C:\WINDOWS\system32\h1dez.exe
2008-03-29 09:50 . 2008-03-29 07:46 17,249 --a------ C:\WINDOWS\system32\mconfg.dll
2008-03-29 09:50 . 2008-03-16 07:41 16,992 --a------ C:\WINDOWS\system32\mcmd.dll
2008-03-29 09:50 . 2008-03-29 09:34 12,427 --a------ C:\WINDOWS\system32\mcrss.dll
2008-03-29 09:50 . 2008-03-16 08:17 2,625 --a------ C:\WINDOWS\system32\ms32.sys
2008-03-29 09:50 . 2008-02-09 14:51 191 --a------ C:\WINDOWS\system32\poiyu
2008-03-28 11:45 . 2008-03-28 11:45 <DIR> d-------- C:\WINDOWS\system32\dk
2008-03-25 17:39 . 2008-03-25 17:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-22 10:59 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 10:59 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 10:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 10:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 10:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 10:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 10:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 10:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 10:58 . 2008-03-22 10:58 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-21 13:16 . 2008-03-21 13:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-19 23:11 . 2008-03-19 23:11 <DIR> d-------- C:\Program Files\RailCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 15:27 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-14 21:12 --------- d-----w C:\Program Files\PDFCreator
2008-02-14 20:07 --------- d-----w C:\Program Files\Foxit Software
2008-02-08 22:19 --------- d-----w C:\Program Files\IrfanView
2008-01-11 04:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-30_ 9.05.21,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 04:07:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 16:52:26 14,905,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 16:52:26 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 04:07:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 16:51:42 14,905,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 16:51:42 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-04 17:01:16 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_190.dat
+ 2008-04-04 17:01:00 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_784.dat
+ 2008-04-04 17:04:24 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_a44.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 23:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 20:03 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
NewShortcut1.lnk - C:\Program Files\HP\Office-Web Center\panel.exe [2006-12-21 13:32:13 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 20:00]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 20:00]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 20:00]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0B0C2FE9-DF20-8EC2-0603-060502080503}]
C:\WINDOWS\system32\Isass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 17:04:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:10:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 19:12:38
ComboFix-quarantined-files.txt 2008-04-04 17:12:34
ComboFix3.txt 2008-03-30 07:05:36
ComboFix2.txt 2008-03-31 16:50:30
Adresářů: 18, Volných bajtů: 15,074,721,792
Adresářů: 21, Volných bajtů: 15,056,961,536
.
2008-04-03 14:28:26 --- E O F ---

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE (nefunguje korektně pod FireFox)

Kód: Vybrat vše

File::
C:\WINDOWS\system32\Isass
C:\WINDOWS\system32\h1dez.exe
C:\WINDOWS\system32\mconfg.dll
C:\WINDOWS\system32\mcmd.dll
C:\WINDOWS\system32\mcrss.dll
C:\WINDOWS\system32\ms32.sys
C:\WINDOWS\system32\poiyu
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Folder::
C:\WINDOWS\system32\dk

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0B0C2FE9-DF20-8EC2-0603-060502080503}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[kvadratrix]

Tady je ten log:

ComboFix 08-03-29.3 - User 2008-04-06 0:12:23.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.136 [GMT 2:00]
Running from: C:\Documents and Settings\User\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
C:\WINDOWS\system32\h1dez.exe
C:\WINDOWS\system32\Isass
C:\WINDOWS\system32\mcmd.dll
C:\WINDOWS\system32\mconfg.dll
C:\WINDOWS\system32\mcrss.dll
C:\WINDOWS\system32\ms32.sys
C:\WINDOWS\system32\poiyu
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
C:\WINDOWS\system32\dk
C:\WINDOWS\system32\dk\aliases.ini
C:\WINDOWS\system32\dk\dbqp.fon
C:\WINDOWS\system32\dk\lam1.exe
C:\WINDOWS\system32\dk\lmz2.bmp
C:\WINDOWS\system32\dk\lmz3.bmp
C:\WINDOWS\system32\dk\mirc.ini
C:\WINDOWS\system32\dk\msn.dll
C:\WINDOWS\system32\dk\poiyu
C:\WINDOWS\system32\dk\qaz
C:\WINDOWS\system32\dk\Refix.ocx
C:\WINDOWS\system32\dk\systemac.dll
C:\WINDOWS\system32\dk\winreg.oce
C:\WINDOWS\system32\dk\wsx
C:\WINDOWS\system32\h1dez.exe
C:\WINDOWS\system32\Isass
C:\WINDOWS\system32\mcmd.dll
C:\WINDOWS\system32\mconfg.dll
C:\WINDOWS\system32\mcrss.dll
C:\WINDOWS\system32\ms32.sys
C:\WINDOWS\system32\poiyu

.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-05 21:13 . 2008-04-05 21:47 13,824 --a------ C:\is2.exe
2008-04-04 18:50 . 2008-04-04 18:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-04 18:45 . 2008-04-04 06:08 <DIR> d-------- C:\SDFix
2008-04-01 21:35 . 2008-04-01 21:35 <DIR> d-------- C:\Program Files\Veoh Networks
2008-03-31 22:22 . 2008-03-31 22:22 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 22:22 . 2008-03-31 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-30 22:23 . 2008-03-30 22:23 <DIR> d-------- C:\Program Files\Crawler
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Documents and Settings\User\Data aplikací\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-03-30 22:22 . 2008-03-30 22:22 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-30 01:01 . 2008-03-30 01:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 17:54 . 2008-03-29 17:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 17:54 . 2008-03-29 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-03-29 17:53 . 2008-03-29 17:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 17:39 . 2008-03-25 17:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-22 10:59 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 10:59 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 10:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 10:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 10:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 10:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 10:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 10:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 10:58 . 2008-03-22 10:58 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-21 13:16 . 2008-03-21 13:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-19 23:11 . 2008-03-19 23:11 <DIR> d-------- C:\Program Files\RailCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 15:27 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-14 21:12 --------- d-----w C:\Program Files\PDFCreator
2008-02-14 20:07 --------- d-----w C:\Program Files\Foxit Software
2008-02-08 22:19 --------- d-----w C:\Program Files\IrfanView
2008-01-11 04:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-30_ 9.05.21,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 04:07:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 16:52:26 14,905,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 16:52:26 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 04:07:34 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 16:51:42 14,905,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 16:51:42 253,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-05 07:08:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_148.dat
+ 2008-04-05 07:08:04 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_704.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 23:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 20:03 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 20:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
NewShortcut1.lnk - C:\Program Files\HP\Office-Web Center\panel.exe [2006-12-21 13:32:13 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 20:00]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 20:00]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 20:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 07:11:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 00:14:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 0:15:10
ComboFix-quarantined-files.txt 2008-04-05 22:15:08
ComboFix4.txt 2008-03-30 07:05:36
ComboFix3.txt 2008-03-31 16:50:30
ComboFix2.txt 2008-04-04 17:12:40
Adresářů: 18, Volných bajtů: 14,998,405,120
Adresářů: 21, Volných bajtů: 14,981,136,384
.
2008-04-03 14:28:26 --- E O F ---

[fredik]

Smaž tento soubor ručně:
C:\is2.exe

Dej sem nový log z HJT. Máš ještě problémy?

[kvadratrix]

Nechci to zakřiknout, ale zdá se, že je vše opět OK a počítač šlape zase jako dřív.
Chtěl bych ti mockrát poděkovat za pomoc a trpělivost, určitě mě to přimělo k tomu, abych si dával větší pozor a lépe zabezpečil svůj počítač. Ještě jednou díky, a pokud se někdy potkáme na tomto fóru, tak doufám, že už to nebude u podobné situace.
Samozřejmě to budu sledovat, a kdyby něco tak bych ještě napsal.
Ten soubor jsem smazal. Přidávám log z HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:10, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\HP\Office-Web Center\panel.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB5F487-6BC1-43E8-98DA-D2FCA17AC842}: NameServer = 81.19.45.14,81.19.45.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BB5F487-6BC1-43E8-98DA-D2FCA17AC842}: NameServer = 81.19.45.14,81.19.45.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 12770 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře: ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

Běží ti tam rezidentně dva antispyware programy (Windows Defender & Spybot - S&D) tak u jednoho z nich vypni rez. ochranu.

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

Nemáš za co, kdyby byl problém tak dej vědět.

[leeloo]

Takže to co jsi napsal nefunguje přes spustit...a nemám spy bot a taky jsem zjistil čím to je..je to skype ( stahl jsem nejnov. ) dla tuto blbost po vypnutí bez problému...zajimavé