Suspenzor PC

[Pataz]

Téma rozděleno, příště si založ vlastní téma i kdy by jsi měl stejný problém jako se řešil v tématu
fredik

Zdravím, komp mi při ukazuje ať si stáhnu Suspenzor tak jsem ho projel přes Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:58, on 15.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NI.UGDCCZ_0001_N122M1712] "C:\Downloads\installer_cz.exe"
O4 - HKLM\..\Run: [9c162f1d] rundll32.exe "C:\WINDOWS\system32\qodyeolp.dll",b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BM9f251c81] Rundll32.exe "C:\WINDOWS\system32\opymlncx.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1229272821-1647877149-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Danek')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{82B26376-9F75-4173-A56F-6ED87EE1F82F}: NameServer = 217.197.150.168,217.197.152.145
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8916 bytes

[Reklama]

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Pataz]

je to moc dlouhe, tak jsem radši celý ComboFix.txt upnul: http://www.uloz.to/323916/combofix.txt

[fredik]

Vypnul sis sám vědomě/úmyslně upozornění/výstrahy v Centru zabezpečeni u u Antiviru & Update

Jinak ten log by sem měl vejít, případně kdyby ne, tak ho můžeš rozložit do více příspěvků.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\uddawxoq.dll
C:\WINDOWS\system32\rshcbrtv.dll
C:\WINDOWS\system32\htncnslt.dll
C:\WINDOWS\system32\gtsmmuns.dll
C:\WINDOWS\system32\ubbcgwej.dll
C:\WINDOWS\system32\vgkngufh.dll
C:\WINDOWS\system32\xvmwanev.dll
C:\WINDOWS\system32\nbwiagls.dll
C:\WINDOWS\system32\cbipeeka.dll
C:\WINDOWS\system32\ijynsiyv.dll
C:\WINDOWS\system32\kefnsfav.dll
C:\WINDOWS\system32\tgthbmqi.dll
C:\WINDOWS\system32\vgnrsykm.dll
C:\WINDOWS\system32\wnffpwkh.dll
C:\WINDOWS\system32\ucmeuywu.dll
C:\WINDOWS\BM9f251c81.xml
C:\WINDOWS\system32\qoMfDuvT.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8889FA25-E076-4350-8029-2AA402168CAD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUnmKCR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UGDCCZ_0001_N122M1712"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.

[Pataz]

tady je ten log z ComboFix:

ComboFix 08-04-14.2 - PatrikII 2008-04-15 21:16:22.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\PatrikII\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\PatrikII\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM9f251c81.xml
C:\WINDOWS\system32\cbipeeka.dll
C:\WINDOWS\system32\gtsmmuns.dll
C:\WINDOWS\system32\htncnslt.dll
C:\WINDOWS\system32\ijynsiyv.dll
C:\WINDOWS\system32\kefnsfav.dll
C:\WINDOWS\system32\nbwiagls.dll
C:\WINDOWS\system32\qoMfDuvT.dll
C:\WINDOWS\system32\rshcbrtv.dll
C:\WINDOWS\system32\tgthbmqi.dll
C:\WINDOWS\system32\ubbcgwej.dll
C:\WINDOWS\system32\ucmeuywu.dll
C:\WINDOWS\system32\uddawxoq.dll
C:\WINDOWS\system32\vgkngufh.dll
C:\WINDOWS\system32\vgnrsykm.dll
C:\WINDOWS\system32\wnffpwkh.dll
C:\WINDOWS\system32\xvmwanev.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.url
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url
C:\Documents and Settings\Danek\Oblíbené položky\Online Security Test.url
C:\WINDOWS\BM9f251c81.xml
C:\WINDOWS\system32\cbipeeka.dll
C:\WINDOWS\system32\gtsmmuns.dll
C:\WINDOWS\system32\htncnslt.dll
C:\WINDOWS\system32\ijynsiyv.dll
C:\WINDOWS\system32\kefnsfav.dll
C:\WINDOWS\system32\nbwiagls.dll
C:\WINDOWS\system32\rshcbrtv.dll
C:\WINDOWS\system32\tgthbmqi.dll
C:\WINDOWS\system32\ubbcgwej.dll
C:\WINDOWS\system32\ucmeuywu.dll
C:\WINDOWS\system32\uddawxoq.dll
C:\WINDOWS\system32\vgkngufh.dll
C:\WINDOWS\system32\vgnrsykm.dll
C:\WINDOWS\system32\wnffpwkh.dll
C:\WINDOWS\system32\xvmwanev.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 16:58 . 2008-04-15 16:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 15:40 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-15 15:39 . 2008-04-15 15:40 <DIR> d-------- C:\Program Files\Parallel Port Joystick
2008-04-15 15:18 . 2008-04-15 15:18 <DIR> d-------- C:\Documents and Settings\Patrik\Data aplikací\ATI
2008-04-14 19:10 . 2008-04-14 19:10 <DIR> d-------- C:\Documents and Settings\Danek\Data aplikací\ATI
2008-04-14 17:54 . 2008-04-14 17:54 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\ATI
2008-04-14 17:54 . 2008-04-14 17:54 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\ATI
2008-04-14 17:54 . 2008-04-14 17:54 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\ATI
2008-04-14 17:54 . 2008-04-14 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-04-14 17:38 . 2008-04-14 17:38 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-14 17:37 . 2007-12-20 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-04-14 17:36 . 2008-04-14 17:50 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-14 17:18 . 2007-12-21 04:35 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-04-14 17:18 . 2007-12-21 04:35 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-04-14 17:18 . 2007-12-21 04:35 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-04-14 17:18 . 2007-12-21 05:09 368,640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-04-14 17:18 . 2007-12-21 05:02 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-04-14 17:18 . 2007-11-27 21:34 160,289 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-14 17:18 . 2007-11-20 10:23 11,874 -ra------ C:\WINDOWS\atiogl.xml
2008-04-14 17:18 . 2007-08-31 16:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-04-14 17:18 . 2008-04-14 17:18 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-12 13:08 . 2004-08-17 16:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-12 12:52 . 2008-04-15 21:13 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-05 16:47 . 2008-04-05 16:47 <DIR> d-------- C:\Program Files\ElcomSoft
2008-04-02 20:04 . 2008-04-02 20:04 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-31 20:02 . 2005-12-15 18:37 86,095 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-03-28 23:15 . 2008-03-28 23:15 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\LangSoft
2008-03-28 23:15 . 2008-03-28 23:15 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\LangSoft
2008-03-28 23:15 . 2008-03-28 23:15 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\LangSoft
2008-03-28 23:14 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-28 23:14 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-28 23:14 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-28 23:14 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-28 07:35 . 2008-03-28 07:35 40 --ah----- C:\WINDOWS\system32\ivireg.ivr
2008-03-27 21:48 . 2008-03-27 21:50 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\Corel
2008-03-27 21:48 . 2008-03-27 21:50 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\Corel
2008-03-27 21:48 . 2008-03-27 21:50 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\Corel
2008-03-27 21:48 . 2008-03-27 21:52 2,828 --ahs---- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
2008-03-27 21:48 . 2008-03-27 21:50 88 -r-hs---- C:\Documents and Settings\All Users\Data aplikací\0F600FF185.sys
2008-03-27 21:46 . 2005-09-20 18:27 10,368 --a------ C:\WINDOWS\system32\drivers\iviaspi.sys
2008-03-27 21:45 . 2008-03-27 21:45 <DIR> d-------- C:\Program Files\Real
2008-03-27 21:14 . 2008-03-27 21:14 <DIR> d-------- C:\Program Files\InterVideo
2008-03-27 21:14 . 2008-03-27 21:14 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-03-27 21:14 . 2008-03-27 21:14 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-27 21:14 . 2008-03-27 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Corel
2008-03-27 21:13 . 2008-03-27 21:13 <DIR> d-------- C:\Program Files\Corel
2008-03-26 22:11 . 2008-03-26 22:11 <DIR> d-------- C:\TCM_THE_BEGINNING_RATED
2008-03-26 20:20 . 2008-03-26 20:27 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-03-26 20:20 . 2008-03-26 20:20 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\URSoft
2008-03-26 20:20 . 2008-03-26 20:20 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\URSoft
2008-03-26 20:20 . 2008-03-26 20:20 <DIR> d-------- C:\Documents and Settings\PatrikII\Data aplikací\URSoft
2008-03-26 15:21 . 2008-03-28 23:15 <DIR> d-------- C:\PC TRANSLATOR DEMO
2008-03-26 15:20 . 2008-03-26 15:21 <DIR> d-------- C:\Documents and Settings\Danek\Data aplikací\LangSoft
2008-03-26 15:20 . 2008-03-26 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2008-03-25 20:28 . 2008-03-25 20:28 <DIR> d-------- C:\Program Files\MP3 Finder
2008-03-24 00:01 . 2008-04-15 14:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-24 00:01 . 2008-03-24 00:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-20 14:55 . 2008-04-09 20:14 280 --a------ C:\WINDOWS\emm386n.dl
2008-03-20 14:50 . 2008-04-02 13:58 <DIR> d-------- C:\Program Files\Microsoft GIF Animator
2008-03-20 14:50 . 2008-03-20 14:50 <DIR> d-------- C:\Multimedia Files
2008-03-17 12:34 . 2008-03-19 17:50 113 --a------ C:\WINDOWS\mp3wavcon.ini
2008-03-17 12:31 . 2008-03-17 12:34 <DIR> d-------- C:\My Music
2008-03-17 12:30 . 2008-03-17 12:30 <DIR> d-------- C:\Program Files\HiFisoftware
2008-03-17 12:30 . 2003-12-15 13:43 1,871,872 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-03-17 12:30 . 2003-12-08 13:19 425,984 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-03-17 12:30 . 2002-12-25 10:44 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-17 12:30 . 2004-12-01 15:43 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-03-17 12:30 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-03-17 12:30 . 2008-03-19 17:50 5 --a------ C:\WINDOWS\system32\SySMP3OC.dat
2008-03-17 10:03 . 2008-03-17 10:03 <DIR> d-------- C:\Program Files\Macromedia
2008-03-17 10:03 . 2008-03-29 00:55 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-03-16 20:31 . 2008-03-16 20:31 5,694 --a------ C:\Sdicon32.ico
2008-03-15 15:36 . 2008-03-15 15:39 <DIR> d-------- C:\Program Files\Pes2008 MTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 19:03 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-15 19:03 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-04-15 18:57 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-04-15 16:14 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Hamachi
2008-04-15 16:14 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Hamachi
2008-04-15 16:14 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Hamachi
2008-04-15 12:42 --------- d-----w C:\Program Files\ICQToolbar
2008-04-14 20:40 --------- d-----w C:\Program Files\SopCast
2008-04-14 15:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 23:05 --------- d-----w C:\Program Files\Lx_cats
2008-04-11 14:31 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-04-10 17:53 --------- d-----w C:\Program Files\Common Files\Real
2008-04-05 18:46 --------- d-----w C:\Program Files\Valve
2008-03-30 11:09 --------- d-----w C:\Program Files\MASHED
2008-03-28 23:03 --------- d-----w C:\Program Files\Gabest
2008-03-28 22:45 87,608 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\ezpinst.exe
2008-03-28 22:45 87,608 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\ezpinst.exe
2008-03-28 22:45 87,608 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\ezpinst.exe
2008-03-28 22:45 47,360 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\pcouffin.sys
2008-03-28 22:45 47,360 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\pcouffin.sys
2008-03-28 22:45 47,360 ----a-w C:\Documents and Settings\PatrikII\Data aplikací\pcouffin.sys
2008-03-28 22:45 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Vso
2008-03-28 22:45 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Vso
2008-03-28 22:45 --------- d-----w C:\Documents and Settings\PatrikII\Data aplikací\Vso
2008-03-27 19:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-26 18:28 --------- d-----w C:\Program Files\SlySoft
2008-03-26 18:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-03-20 12:55 --------- d-----w C:\Program Files\Zoner
2008-03-20 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 21:21 --------- d-----w C:\Program Files\MediaCoder
2008-03-09 20:03 --------- d-----w C:\Program Files\America's Army Server Manager
2008-03-03 13:54 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-03 13:54 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-03 10:23 --------- d-----w C:\Program Files\Common Files\DirectX
2008-03-03 10:20 --------- d-----w C:\Program Files\directx
2008-03-01 15:17 --------- d-----w C:\Program Files\BitComet
2008-02-29 06:26 --------- d-----w C:\Documents and Settings\Danek\Data aplikací\Zoner
2008-02-28 14:16 --------- d-----w C:\Program Files\Real Desktop
2008-02-25 15:24 --------- d-----w C:\Documents and Settings\Danek\Data aplikací\Winamp
2008-02-25 11:03 --------- d-----w C:\Program Files\ICQ6
2008-02-23 19:28 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-02-21 21:11 --------- d-----w C:\Program Files\Common Files\Mediostream
2008-02-21 21:10 --------- d-----w C:\Program Files\Mediostream
2008-02-21 20:45 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-02-21 20:44 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-21 20:13 --------- d-----w C:\Program Files\The KMPlayer
2008-02-16 17:16 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-15 22:42 --------- d-----w C:\Program Files\Flatout
2008-02-11 21:23 428,176 ----a-w C:\bin0.bin
2008-02-11 21:23 197,203 ----a-w C:\subafsfile0.bin
2008-01-27 11:53 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
.

------- Sigcheck -------

2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-01-19 17:17 359040 ebeab4c47642cd68d7fd23187eeca1b0 C:\WINDOWS\system32\backup\tcpip.sys
2004-08-04 00:14 359040 3bb4b08619c111c7be8bda07aa0de6a2 C:\WINDOWS\system32\drivers\tcpip.sys

2002-09-20 18:17 1947776 42d5a8cf5e356f48fb36e388b1d87e6e C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-17 16:45 2059008 e86dd06f2b8f919ddf23f78a3bf2aa23 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-17 16:45 2069376 8037f6f216964bcc22ec465227a8dfb0 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-17 16:45 2059008 e86dd06f2b8f919ddf23f78a3bf2aa23 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2002-09-20 17:12 2042112 21cdbe74e5c5f435b6c27dda1bd27b34 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-17 16:45 2183168 12c80e46dcec9b82473d1b1b9da1f16b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-17 16:45 2193536 0c243e9faeac65b72d2fdafb16f1e15d C:\WINDOWS\system32\ntoskrnl.exe
2004-08-17 16:45 2183168 12c80e46dcec9b82473d1b1b9da1f16b C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2004-08-17 16:49 1422848 eff9b7d4e4ae0ee895e0172ac54218d9 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 14:01 163840]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 19:03 7307264]
"nwiz"="nwiz.exe" [2005-11-04 19:03 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-04 19:03 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-27 16:14 949376]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39 217088]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Hry\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Hry\\Warcraft III\\Warcraft III.exe"=
"D:\\Hry\\Flatout\\flatout.exe"=
"D:\\Hry\\Warcraft III\\War3.exe"=
"D:\\Hry\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"D:\\Hry\\Valve\\Condition Zero\\czero.exe"=
"D:\\Hry\\Valve\\CS 1.6\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21308:TCP"= 21308:TCP:BitComet 21308 TCP
"21308:UDP"= 21308:UDP:BitComet 21308 UDP
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 12:36]
R2 PSI_SVC_2;Protexis Licensing V2;"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 21:09]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-08-16 21:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-08-16 21:21]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 21:18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-15 21:19:31
ComboFix-quarantined-files.txt 2008-04-15 19:19:22

Adresářů: 18, Volných bajtů: 5,349,597,184
Adresářů: 21, Volných bajtů: 5,338,312,704

[Pataz]

a tady z HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{82B26376-9F75-4173-A56F-6ED87EE1F82F}: NameServer = 217.197.150.168,217.197.152.145
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8843 bytes

[fredik]

Vypnul sis sám vědomě/úmyslně upozornění/výstrahy v Centru zabezpečeni u u Antiviru & Update?

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 5
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 5 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u5-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si ATF-Cleaner (by Atribune) a ulož si ho na disk
- Spusť ATF-Cleaner

Pod položkou Main zatrhni možnost: Select All
Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč FireFox:

- Zvol nahoře možnost Firefox
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Firefoxu, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč Operu:

- Zvol nahoře možnost Opera
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Opery, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pak můžeš program zavřít.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš ještě problémy?

[Pataz]

moc díky...problémy zmizely...

[fredik]

Nemáš za co , kdyby se vyskytl nějaký problém tak dej vědět.

[Pataz]

chci se ještě zeptat...stahuju nové ovladače ke grafárně, než je nainstaluju, musím odinstalovat ty staré nebo něco takového???

[fredik]

Lepší by bylo nejdříve odinstalovat staré ovladače a pak si nainstalovat nové.

[Pataz]

a ať nemusím zakládat nové téma,
někdy se mi stane že se mi zničehonic restartuje pc a po opětovném najetí windowsu se mi objeví hláška že došlo k závažné chybě ve windows....
....už chvíli se mi to nestalo tak jsem na to nějak zapomněl vzhledem k ostatním problémum, ale dnes opět, tak se ptám nevíte co s tím?