Při startu widows xp se objeví Chyba RUNDLL Vyřešeno

[jazzdave]

Zdravím.
Díky moc Frediku za kvalitní návod, udělal jsem vše co v něm je a tady je tedy ten log:

ComboFix 08-05-01.3 - Administrator 2008-05-02 20:00:56.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1636 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\beyfxylf.ini
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\gnybidhy.ini
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sAGjlUvw.ini
C:\WINDOWS\system32\sAGjlUvw.ini2

----- BITS: Possible infected sites -----

hxxp://58.65.234.25
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-05-02 17:17 . 2008-05-02 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 17:17 . 2008-05-02 17:17 812,344 --a------ C:\HJTInstall.exe
2008-04-30 23:53 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AoA DVD Creator
2008-04-30 22:44 . 2008-04-30 22:44 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-30 22:06 . 2008-04-30 22:06 <DIR> d-------- C:\Program Files\XviD
2008-04-30 22:06 . 2004-07-26 12:13 200,192 --a------ C:\WINDOWS\system32\LameACM.acm
2008-04-30 22:06 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-30 22:06 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-30 22:06 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-30 22:06 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-30 20:19 . 2008-04-30 20:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-29 21:55 . 2008-05-01 14:58 <DIR> d-------- C:\Program Files\URUSoft
2008-04-27 15:56 . 2008-04-27 15:59 210 --a------ C:\WINDOWS\wininit.ini
2008-04-27 13:44 . 2008-04-27 13:44 94,784 --------- C:\WINDOWS\system32\yhdibyng.dll_old
2008-04-26 13:37 . 2008-04-27 13:43 109,734 --a------ C:\WINDOWS\BM3ff2f089.xml
2008-04-25 23:44 . 2008-04-25 23:44 <DIR> d-------- C:\DriveKey
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AVSMedia
2008-04-23 23:02 . 2002-01-05 16:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-04-23 23:02 . 2002-01-05 15:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-04-23 23:02 . 2002-01-05 03:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-04-23 23:02 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-23 23:02 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-23 23:02 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-23 23:02 . 2004-12-20 11:10 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-23 23:02 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-23 23:02 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-23 23:02 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-20 16:01 . 2008-04-20 16:01 <DIR> d-------- C:\Program Files\Defraggler
2008-04-20 15:10 . 2008-04-27 13:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-20 09:55 . 2008-04-20 09:55 <DIR> d-------- C:\Program Files\ESET
2008-04-19 23:18 . 2008-04-20 09:06 551,137 --a------ C:\ESET.FiX.v3.0.exe
2008-04-19 11:56 . 2007-04-10 12:08 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-19 11:23 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-19 11:23 . 2006-06-01 20:49 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-04-19 11:23 . 2006-06-01 20:49 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-04-19 11:21 . 2006-03-17 02:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-04-12 22:34 . 2008-04-12 22:34 <DIR> d-------- C:\SureSupply

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:54 --------- d-----w C:\Program Files\ICQToolbar
2008-05-01 12:59 --------- d-----w C:\Program Files\SlySoft
2008-04-30 21:42 --------- d-----w C:\Program Files\Bit Che
2008-04-30 18:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 20:27 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-19 19:41 --------- d-----w C:\Program Files\Real
2008-04-19 19:40 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 19:38 --------- d-----w C:\Program Files\HP
2008-04-19 19:33 --------- d-----w C:\Program Files\Webteh
2008-04-01 19:04 --------- d-----w C:\Program Files\GoldWave
2008-03-20 19:30 --------- d-----w C:\Program Files\Schlecker
2008-03-02 21:06 --------- d-----w C:\Program Files\OpenAL
2002-10-07 12:00 28,800 ----a-w C:\WINDOWS\inf\modem.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8AC2FAC-9DAC-412A-B594-FCD43E2A334E}]
C:\WINDOWS\system32\wvUljGAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 22:51 7323648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-17 10:09 98304]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-08 16:13 1410304]
"BM3ff2f089"="C:\WINDOWS\system32\wgdxyqei.dll" [ ]
"3cc1c315"="C:\WINDOWS\system32\yhdibyng.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnKBTKB]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"D:\\downNET\\sdc212\\sdc212\\StrongDC.exe"=

R2 AFinding;AFinding Service;C:\WINDOWS\system32\afinding.exe [2001-10-25 16:00]
R2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-26 00:00]
R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-17 00:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 FlyPCI;FlyPCI;C:\PROGRA~1\FLY200~1\FlyPCI.sys [2003-10-10 13:06]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FF3FC4E4-2CEC-3E5F-C30D-E2946C8ACA23}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 20:05:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\drivers\WtSrv.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2008-05-02 20:09:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 18:09:28

Adresářů: 16, Volných bajtů: 855,343,104
Adres ý…: 19, Volněch bajt…: 896,028,672

178

[Reklama]

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
AFinding

File::
C:\WINDOWS\system32\wvUljGAs.dll
C:\WINDOWS\system32\wgdxyqei.dll
C:\WINDOWS\system32\yhdibyng.dll
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\yhdibyng.dll_old
C:\WINDOWS\BM3ff2f089.xml

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8AC2FAC-9DAC-412A-B594-FCD43E2A334E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM3ff2f089"=-
"3cc1c315"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnKBTKB]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FF3FC4E4-2CEC-3E5F-C30D-E2946C8ACA23}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.

[jazzdave]

Díky moc, zdá se že problém je vyřešen ten combofix restartoval PC a při spuštění windows se ty chyby už neobjevily.

Takže tady je log z combofixu:


ComboFix 08-05-01.3 - Administrator 2008-05-03 9:21:53.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1606 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM3ff2f089.xml
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\wgdxyqei.dll
C:\WINDOWS\system32\wvUljGAs.dll
C:\WINDOWS\system32\yhdibyng.dll
C:\WINDOWS\system32\yhdibyng.dll_old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3ff2f089.xml
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\yhdibyng.dll_old

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 09:11 . 2008-05-03 09:12 <DIR> d-------- C:\Program Files\Winamp
2008-05-03 09:11 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-03 08:48 . 2008-05-03 08:48 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-03 00:14 . 2008-05-03 00:14 17,884,459 --a------ C:\klmcodec390.exe
2008-05-02 21:42 . 2008-05-02 21:42 <DIR> d-------- C:\PC-help
2008-05-02 17:17 . 2008-05-02 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 17:17 . 2008-05-02 17:17 812,344 --a------ C:\HJTInstall.exe
2008-04-30 23:53 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AoA DVD Creator
2008-04-30 22:44 . 2008-04-30 22:44 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-30 22:06 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-30 22:06 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-30 22:06 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-30 22:06 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-30 20:19 . 2008-04-30 20:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-29 21:55 . 2008-05-01 14:58 <DIR> d-------- C:\Program Files\URUSoft
2008-04-27 15:56 . 2008-04-27 15:59 210 --a------ C:\WINDOWS\wininit.ini
2008-04-25 23:44 . 2008-04-25 23:44 <DIR> d-------- C:\DriveKey
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AVSMedia
2008-04-23 23:02 . 2002-01-05 16:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-04-23 23:02 . 2002-01-05 15:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-04-23 23:02 . 2002-01-05 03:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-04-23 23:02 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-23 23:02 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-23 23:02 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-23 23:02 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-23 23:02 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-23 23:02 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-20 16:01 . 2008-04-20 16:01 <DIR> d-------- C:\Program Files\Defraggler
2008-04-20 15:10 . 2008-04-27 13:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-20 09:55 . 2008-04-20 09:55 <DIR> d-------- C:\Program Files\ESET
2008-04-19 23:18 . 2008-04-20 09:06 551,137 --a------ C:\ESET.FiX.v3.0.exe
2008-04-19 11:56 . 2007-04-10 12:08 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-19 11:23 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-19 11:23 . 2006-06-01 20:49 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-04-19 11:23 . 2006-06-01 20:49 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-04-19 11:21 . 2006-03-17 02:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-04-12 22:34 . 2008-04-12 22:34 <DIR> d-------- C:\SureSupply

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 22:08 --------- d-----w C:\Program Files\JPEG Resampler
2008-05-02 22:07 --------- d-----w C:\Program Files\DivX
2008-05-02 21:38 --------- d-----w C:\Program Files\Bit Che
2008-05-02 16:54 --------- d-----w C:\Program Files\ICQToolbar
2008-05-01 12:59 --------- d-----w C:\Program Files\SlySoft
2008-04-30 18:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 20:27 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-19 19:41 --------- d-----w C:\Program Files\Real
2008-04-19 19:40 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 19:38 --------- d-----w C:\Program Files\HP
2008-04-19 19:33 --------- d-----w C:\Program Files\Webteh
2008-04-01 19:04 --------- d-----w C:\Program Files\GoldWave
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 19:30 --------- d-----w C:\Program Files\Schlecker
2008-03-02 21:06 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-02 21:06 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2002-10-07 12:00 28,800 ----a-w C:\WINDOWS\inf\modem.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_20.09.05.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 18:04:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 07:24:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-10-25 14:00:00 5,796 ----a-w C:\WINDOWS\system32\adcklog.dat
+ 2001-10-25 14:00:00 200,192 ----a-w C:\WINDOWS\system32\asck.exe
- 2001-10-25 14:00:00 185,856 ----a-w C:\WINDOWS\system32\perfs.exe
+ 2001-10-25 14:00:00 31,744 ----a-w C:\WINDOWS\system32\perfs.exe
+ 2008-04-14 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-04-14 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-04-14 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-01-04 21:58:46 66,296 ----a-w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2008-01-04 21:58:46 64,760 ----a-w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2008-01-04 21:58:46 1,628,920 ----a-w C:\WINDOWS\system32\pxsfs.dll
+ 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2008-04-14 03:00:00 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-09-04 17:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
- 2004-12-20 09:03:26 679,936 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
- 2004-12-20 09:08:28 155,648 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-25 17:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 22:51 7323648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-17 10:09 98304]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-08 16:13 1410304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"D:\\downNET\\sdc212\\sdc212\\StrongDC.exe"=

R2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-26 00:00]
R2 WServing;WServing Service;C:\WINDOWS\system32\wserving.exe [2001-10-25 16:00]
R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-17 00:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 FlyPCI;FlyPCI;C:\PROGRA~1\FLY200~1\FlyPCI.sys [2003-10-10 13:06]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 09:24:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\drivers\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2008-05-03 9:29:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 07:29:02
ComboFix2.txt 2008-05-02 18:09:37

Adresářů: 17, Volných bajtů: 749,613,056
Adres ý…: 20, Volněch bajt…: 742,555,648

207

[jazzdave]

A tady log z Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:24, on 3.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\fluffy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--
End of file - 5955 bytes

[fredik]

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem, že tentokrát vlož do něho toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
WServing

File::
C:\WINDOWS\system32\wserving.exe

Vlož sem pak znovu log z ComboFix po jeho proběhnutí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si posldení verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

Pak sem vlož nový log z HJT.

[jazzdave]

Díky moc za rady.
Podle tvého doporučení jsem odinstaloval staré vrze JAvy a nainstaloval tu poslední verzi.
Po restartu při spuštění win už mi ty chyby nevyskakují, tak si myslím, že je to už OK.
Ale byl bych radči, kdybys mi to potvrdil, protože já se v tom Hijackthis vůbec nevyznám.

Díky moc.

Tady je ten log z Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:52, on 3.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\afinding.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\fluffy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 5968 bytes

[fredik]

V pořádku to není.

Pokud jsi použil na Noda toto: C:\ESET.FiX.v3.0.exe
- ten soubor smaž.
- přeinstaluj ESS.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem, že tentokrát vlož do něho toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
AFinding

File::
C:\WINDOWS\system32\afinding.exe

Vlož sem pak znovu log z ComboFix po jeho proběhnutí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak proveď kontrolu a vlož sem log z Kaspersky Online Scanner! (potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu:
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

Pod položkou: Scan Options: - nech zvlolené obě možnosti:

Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files

Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:

- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log ComboFix
- log z Kaspersky Online Scanner!

[jazzdave]

Takže soubor eset.fix.v3.0.exe jsem smazal a přeinstaloval jsem ESS.

log z ComboFix :

ComboFix 08-05-01.3 - Administrator 2008-05-03 21:41:27.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1622 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\afinding.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\afinding.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Service_AFinding


((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 21:12 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-05-03 13:54 . 2008-05-03 13:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-03 13:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-03 09:11 . 2008-05-03 09:12 <DIR> d-------- C:\Program Files\Winamp
2008-05-03 09:11 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-03 08:48 . 2008-05-03 08:48 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-03 00:14 . 2008-05-03 00:14 17,884,459 --a------ C:\klmcodec390.exe
2008-05-02 21:42 . 2008-05-02 21:42 <DIR> d-------- C:\PC-help
2008-05-02 17:17 . 2008-05-02 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 17:17 . 2008-05-02 17:17 812,344 --a------ C:\HJTInstall.exe
2008-04-30 23:53 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AoA DVD Creator
2008-04-30 22:44 . 2008-04-30 22:44 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-30 22:06 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-30 22:06 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-30 22:06 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-30 22:06 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-30 20:19 . 2008-04-30 20:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-29 21:55 . 2008-05-01 14:58 <DIR> d-------- C:\Program Files\URUSoft
2008-04-27 15:56 . 2008-04-27 15:59 210 --a------ C:\WINDOWS\wininit.ini
2008-04-25 23:44 . 2008-04-25 23:44 <DIR> d-------- C:\DriveKey
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-23 23:02 . 2008-05-01 14:56 <DIR> d-------- C:\Program Files\AVSMedia
2008-04-23 23:02 . 2002-01-05 16:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-04-23 23:02 . 2002-01-05 15:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-04-23 23:02 . 2002-01-05 03:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-04-23 23:02 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-23 23:02 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-23 23:02 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-23 23:02 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-23 23:02 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-23 23:02 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-20 16:01 . 2008-04-20 16:01 <DIR> d-------- C:\Program Files\Defraggler
2008-04-20 15:10 . 2008-04-27 13:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-20 09:55 . 2008-04-20 09:55 <DIR> d-------- C:\Program Files\ESET
2008-04-19 11:56 . 2007-04-10 12:08 60,032 -----c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-19 11:23 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-19 11:23 . 2006-06-01 20:49 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-04-19 11:23 . 2006-06-01 20:49 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-04-19 11:21 . 2006-03-17 02:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-04-12 22:34 . 2008-04-12 22:34 <DIR> d-------- C:\SureSupply

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 11:54 --------- d-----w C:\Program Files\Java
2008-05-03 11:44 --------- d-----w C:\Program Files\ICQToolbar
2008-05-02 22:08 --------- d-----w C:\Program Files\JPEG Resampler
2008-05-02 22:07 --------- d-----w C:\Program Files\DivX
2008-05-02 21:38 --------- d-----w C:\Program Files\Bit Che
2008-05-01 12:59 --------- d-----w C:\Program Files\SlySoft
2008-04-30 18:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 20:27 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-19 19:41 --------- d-----w C:\Program Files\Real
2008-04-19 19:40 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 19:38 --------- d-----w C:\Program Files\HP
2008-04-19 19:33 --------- d-----w C:\Program Files\Webteh
2008-04-01 19:04 --------- d-----w C:\Program Files\GoldWave
2008-03-20 19:30 --------- d-----w C:\Program Files\Schlecker
2002-10-07 12:00 28,800 ----a-w C:\WINDOWS\inf\modem.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-03_ 9.28.51.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 07:24:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 19:44:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-20 07:56:44 10,134 ----a-r C:\WINDOWS\Installer\{B10E1E71-53B9-42A2-BD5C-0162DAFC2419}\callmsi.exe
+ 2008-05-03 19:13:13 10,134 ----a-r C:\WINDOWS\Installer\{B10E1E71-53B9-42A2-BD5C-0162DAFC2419}\callmsi.exe
- 2008-04-20 07:56:44 140,544 ----a-r C:\WINDOWS\Installer\{B10E1E71-53B9-42A2-BD5C-0162DAFC2419}\egui.exe
+ 2008-05-03 19:13:13 140,544 ----a-r C:\WINDOWS\Installer\{B10E1E71-53B9-42A2-BD5C-0162DAFC2419}\egui.exe
- 2001-10-25 14:00:00 5,796 ----a-w C:\WINDOWS\system32\adcklog.dat
+ 2001-10-25 14:00:00 5,443 ----a-w C:\WINDOWS\system32\adcklog.dat
- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2001-10-25 14:00:00 31,744 ----a-w C:\WINDOWS\system32\perfs.exe
+ 2001-10-25 14:00:00 31,232 ----a-w C:\WINDOWS\system32\perfs.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 22:51 7323648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-17 10:09 98304]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-08 16:13 1410304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"D:\\downNET\\sdc212\\sdc212\\StrongDC.exe"=

R2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-26 00:00]
R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-17 00:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 FlyPCI;FlyPCI;C:\PROGRA~1\FLY200~1\FlyPCI.sys [2003-10-10 13:06]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 21:44:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\drivers\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2008-05-03 21:48:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 19:48:27
ComboFix2.txt 2008-05-03 11:37:49
ComboFix3.txt 2008-05-03 07:29:08
ComboFix4.txt 2008-05-02 18:09:37

Adresářů: 17, Volných bajtů: 652,980,224
Adres ý…: 19, Volněch bajt…: 644,087,808

180




Log z Kaspersky Online Scanner :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 12:16:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 659651
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
M:\
S:\
T:\

Scan Statistics:
Total number of scanned objects: 68585
Number of viruses found: 9
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:12:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3CAF.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE04F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE0B8.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programování v PASCALU\ALL PASCAL_zaloha\tp\MOJEMINY.EXE Infected: Virus.DOS.Tupas.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Indt2.sys.vir Infected: Trojan.Win32.VB.cqe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wserving.exe.vir Infected: Trojan-Downloader.Win32.Delf.gru skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yhdibyng.dll_old.vir Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP367\A0067506.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP367\A0067507.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP367\A0067508.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP367\A0067509.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP367\A0067510.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP374\A0069279.exe Infected: Trojan.Win32.Agent.kcn skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP374\A0069280.sys Infected: Trojan-Clicker.Win32.VB.aoi skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP374\A0069358.exe Infected: Trojan-Downloader.Win32.Delf.gqv skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP375\A0070008.exe Infected: Trojan.Win32.Agent.kcn skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP375\A0070009.sys Infected: Trojan.Win32.VB.cqe skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP375\A0070012.exe Infected: Trojan-Downloader.Win32.Delf.gru skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP375\A0070083.exe Infected: Trojan.Win32.Agent.kfl skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP376\A0070096.sys Infected: Trojan.Win32.VB.cqe skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP376\A0070099.exe Infected: Trojan-Downloader.Win32.Delf.gru skipped
C:\System Volume Information\_restore{4FFD7ECE-F82C-40D1-AF15-B827A3EDD687}\RP382\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SB630987C.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\DOWNLOADED\NEDOKONČENÉ\07.03.07.50.First.Dates.2004.DiVX6.DTS.BDRiP-CHD\chd-50-first-dates-dts-bdrip.avi Object is locked skipped
D:\DOWNLOADED\Partition Magic 8.05\Partition Magic 8.05\Setup\Setup.exe/data0000.cab/is153121.exe Infected: Packed.Win32.Monder.gen skipped
D:\DOWNLOADED\Partition Magic 8.05\Partition Magic 8.05\Setup\Setup.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
D:\DOWNLOADED\Partition Magic 8.05\Partition Magic 8.05\Setup\Setup.exe Rsrc-Package: infected - 2 skipped
D:\DOWNLOADED\Partition Magic 8.05.rar/Partition Magic 8.05/Setup/Setup.exe/data0000.cab/is153121.exe Infected: Packed.Win32.Monder.gen skipped
D:\DOWNLOADED\Partition Magic 8.05.rar/Partition Magic 8.05/Setup/Setup.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
D:\DOWNLOADED\Partition Magic 8.05.rar/Partition Magic 8.05/Setup/Setup.exe Infected: Packed.Win32.Monder.gen skipped
D:\DOWNLOADED\Partition Magic 8.05.rar RAR: infected - 3 skipped
D:\DOWNLOADED\Windows Media Player 11 + Validation\wmp-x86-setup.exe/data.rar/msms.exe Infected: Trojan-Dropper.Win32.Pincher.ag skipped
D:\DOWNLOADED\Windows Media Player 11 + Validation\wmp-x86-setup.exe/data.rar Infected: Trojan-Dropper.Win32.Pincher.ag skipped
D:\DOWNLOADED\Windows Media Player 11 + Validation\wmp-x86-setup.exe RarSFX: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
T:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Smaž tento soubor:
D:\DOWNLOADED\Windows Media Player 11 + Validation\wmp-x86-setup.exe
+ případně i toto:
D:\DOWNLOADED\Partition Magic 8.05\Partition Magic 8.05\Setup\Setup.exe
D:\DOWNLOADED\Partition Magic 8.05.rar
+
Můžeš smazat tento adresář/složku, patří to k adware, který se instaluje společně s Deamon Tools, ale pro jeho chod není potřeba:
C:\Program Files\DaemonTools_WhenUSave_Installer

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.

Případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner

Vzhledem k tomu že používáš IE tak bych ti doporučil jako prevenci tento program: SpywareBlaster
- návod je sice sepsaný na předchozí verzi, ale kromě změny GUI je vše podstatné stejné.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud nemáš žádné další problémy tak by to bylo vše.

[jazzdave]

OK udělám to. Díky moc za rady!!!!!!!!!!!!!!!!!!!!!!!!!