VIRUS ALERT

[Annie126]

Prosím o pomoc. Na liště se mi vedle plochy objevil nápis VIRUS ALERT!, nemůžu se dostat k diskům ani nastavení počítače. Navíc se mi na ploše objevily 3 nové ikony (Error Cleaner, Privacy Protector, Spyware&Malware Protection). Počítač mi projely tři antivirové programy, ale bohužel. Budu ráda za jakoukoli radu.

[Reklama]

[Yelkinson]

Vloz sem log z HJT on se na nej nekdo podiva.Mam ho v podpisu!

[Annie126]

Tak jsem spustila SDFix, opět můžu k diskům, zmizelo hlášení VIRUS ALERT!, ale pořád mi vyskakuje okno s Antivirus 2009 a přidal se i jakýsi SuspenzorPC. I internet stále běhá pomalu. Spolu s prosbou o pomoc přikládám report z SDFix i HiJackThis.

SDFix: Version 1.218
Run by Libor Form nek on Łt 19.08.2008 at 21:08

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\Documents and Settings\Libor Form nek\Plocha\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\EPXM.EXE - Deleted
C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\privacy_danger\images\danger.jpg - Deleted
C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\privacy_danger\images\spacer.gif - Deleted
C:\Documents and Settings\Libor Form nek\Local Settings\Temp\aax4C.tmp.exe - Deleted
C:\Documents and Settings\Libor Form nek\Local Settings\Temp\ubi1C.tmp.exe - Deleted
C:\Documents and Settings\Libor Form nek\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\Libor Form nek\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\Libor Form nek\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Program Files\RichVideoCodec\MultiLoader.dll - Deleted
C:\Program Files\VirusRemover2008\Viruses.bdt - Deleted
C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\sfsrv.exe.bat - Deleted
C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\ateqoflr.exe - Deleted
C:\WINDOWS\wbqxfpgl.dll - Deleted



Folder C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\privacy_danger - Removed
Folder C:\Program Files\RichVideoCodec - Removed
Folder C:\Program Files\VirusRemover2008 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 21:25:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\UT2003\\System\\UT2003.exe"="C:\\UT2003\\System\\UT2003.exe:*:Enabled:UT2003"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Unreal Anthology\\UnrealGold\\System\\Unreal.exe"="C:\\Unreal Anthology\\UnrealGold\\System\\Unreal.exe:*:Enabled:Unreal"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2 Trial\\mcm2.exe"="C:\\Program Files\\Microsoft Games\\Motocross Madness 2 Trial\\mcm2.exe:*:Enabled:MicrosoftR Motocross Madness 2"
"C:\\games\\Paintball2\\paintball2.exe"="C:\\games\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"C:\\Program Files\\GameTop.com\\Extreme Racers\\Extreme Racers.exe"="C:\\Program Files\\GameTop.com\\Extreme Racers\\Extreme Racers.exe:*:Enabled:Cipher Game Engine"
"C:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"="C:\\Unreal Anthology\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\LIBORF~1\Plocha\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 15 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\670f65b4beba72d9da6c0847dce9968a\BIT1.tmp"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ef9933da35bdbcb8d9cd93868ba3092\BIT66.tmp"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:28, on 20.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [70a65723] rundll32.exe "C:\WINDOWS\system32\qfstuvut.dll",b
O4 - HKLM\..\Run: [BM739564bf] Rundll32.exe "C:\WINDOWS\system32\dwymguby.dll",s
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackgroundCycler] C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\Content.IE5\PXKCTKBB\Cycler[1].exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3481372421
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7741 bytes

[Yelkinson]

V logach se nevyznam,ale na ten suspenzor pc se pouzival SUPERANTISPYWARE: http://www.superantispyware.com/downloa ... PYWAREFREE

Tak to projed nejlepe v nouzaku!

[fredik]

Pokud ti stále nejde spustit ComboFix, tak pak sem dej log z DSS:

Stáhni si Deckard's System Scanner (DSS) a ulož si ho na plochu
- ukonči všechna aktivní okna a spusť ho
- potvrď licenční podmínky a postupuj podle pokynů
- začne prohlídka systému
- po ukončení kontroly program vytvoří dva logy a zobrazí je: main.txt a extra.txt, tak sem vlož obsah souboru/logu main.txt
- jinak jsou logy uloženy v adresáři: c:\Deckard\System Scanner\

//odstraněn odkaz na DSS

[Annie126]

Ráda bych se řídila Vaší radou, bohužel vypadá to, že odkaz, který jste uvedl, byl přesunut. Nechce se otevřít a ani vyhledávač program nenajde.

[fredik]

DSS ti stáhnout nepůjde, protože byl před pár dny stažen, kvůli určitému problému.

Pokud máš ještě stažený ComboFix, tak ho smaž a stáhni si ho znovu.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Pokud by ti furt psal nějakou chybu, tak zkus napsat přesně co.

Jinak pokud ho budeš mít na ploše tak udělej toto:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /f3m a dej Ok.
- pak sem vlož log co se ti zobrazí.

[Annie126]

Tak to stále ještě nejde. Hlásí: You cannot rename Combofix as Combofix[2]. Please use another name, preferbaly made up of alphanumerical characters. Naskočí to hned potom, program stáhne. Přijde mi to na hlavu, nemám jakoukoli příležitost program přejmenovávat a už hlásí, že to dělám špatně.

[fredik]

Smaž ten ComboFix pokud ho máš ještě někde. Podívej se na disk C a jestli tam adresář/složku pojmenovanou ComboFix (C:\ComboFix) tak ji také smaž.

Klikni pravým tlačítkem myši na odkaz zde a zvol Uložit cíl jako...
- otevře se ti okno, kde přejmenuj ComboFix třeba na TermVir a ulož si ho na plochu.

Pak ho zkus spustit jak bylo napsáno. Pokud by i pak byl problém, tak udělej toto.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Annie126]

Tady je log z ComboFix:

ComboFix 08-08-21.02 - Libor Formánek 2008-08-23 20:10:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.240 [GMT 2:00]
Running from: C:\Documents and Settings\Libor Formánek\Plocha\TermVir.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Secure Solutions
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Secure Solutions\Antispyware 2008 XP\LOG\20080817194709812.log
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@2o7[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@ad.yieldmanager[2].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@clicktorrent[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@counter.cnw[2].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@hits.gureport.co[2].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@indextools[2].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@pikant.centrum[6].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@pocitadlo[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@revsci[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@server.cpmstar[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@seznam[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@www.mp3search[1].txt
C:\Documents and Settings\Libor Formánek\Cookies\libor_formánek@www.pixmania[2].txt
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\MUZAoDA9.che
C:\WINDOWS\BM739564bf.txt
C:\WINDOWS\BM739564bf.xml
C:\WINDOWS\clofghls.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\jestertb.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cgqvnguc.ini
C:\WINDOWS\system32\cvudoora.ini
C:\WINDOWS\system32\dkgedjhu.dll
C:\WINDOWS\system32\dwymguby.dll
C:\WINDOWS\system32\hxnkcyke.dll
C:\WINDOWS\system32\lUBLUvut.ini
C:\WINDOWS\system32\lUBLUvut.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nuavypqs.ini
C:\WINDOWS\system32\oxphawbv.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\rrcpbbfb.dll
C:\WINDOWS\system32\tuvutsfq.ini
C:\WINDOWS\system32\uhjdegkd.ini
C:\WINDOWS\system32\vdvehcew.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-19 21:07 . 2008-08-19 21:07 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-19 20:49 . 2008-08-19 20:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-17 22:00 . 2008-08-17 22:00 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-17 19:53 . 2008-08-23 12:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-17 19:50 . 2008-08-23 17:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-17 19:50 . 2008-08-17 19:50 <DIR> d-------- C:\Program Files\AVG
2008-08-17 19:50 . 2008-08-17 19:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-17 19:50 . 2008-08-17 19:50 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-17 19:50 . 2008-08-17 19:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 16:12 . 2008-08-15 16:12 <DIR> d-------- C:\WINDOWS\system32\The X-Files - I Want To Believe dir
2008-08-15 16:12 . 2008-08-15 16:12 520,192 --a------ C:\WINDOWS\system32\The X-Files - I Want To Believe.scr
2008-08-14 07:37 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 07:35 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-05 12:42 . 2008-08-15 16:49 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2008-08-02 18:23 . 2008-08-02 18:36 <DIR> d-------- C:\Program Files\MIKSOFT
2008-08-01 20:39 . 2008-08-01 20:39 <DIR> d-------- C:\Program Files\Ubisoft
2008-07-28 10:52 . 2008-07-28 10:53 <DIR> d-------- C:\Program Files\LEGO Software
2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 10:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 18:45 --------- d-----w C:\Program Files\Congoo NetPass
2008-08-17 18:06 --------- d-----w C:\Program Files\Phenomedia AG
2008-08-17 17:55 --------- d-----w C:\Program Files\AOL Security Toolbar
2008-08-15 12:50 --------- d-----w C:\Program Files\DivX
2008-08-02 16:23 --------- d-----w C:\Program Files\MediaCoder
2008-07-23 19:27 --------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2008-07-21 20:56 --------- d-----w C:\Program Files\Sony Corporation
2008-07-10 10:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-09 20:01 --------- d-----w C:\Program Files\VSTplugins
2008-07-09 19:50 --------- d-----w C:\Program Files\CENZURA
2008-07-09 19:16 --------- d-----w C:\Program Files\Sony
2008-07-09 19:13 --------- d-----w C:\Program Files\Microsoft Games
2008-07-07 10:06 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-07 10:04 --------- d-----w C:\Program Files\Sony Setup
2008-07-07 09:51 --------- d-----w C:\Program Files\MSBuild
2008-07-07 09:49 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-04 15:02 --------- d-----w C:\Program Files\ElastoMania111
2008-07-03 11:21 --------- d-----w C:\Program Files\Mario Forever
2008-07-03 09:29 --------- d-----w C:\Program Files\city of world
2008-07-02 12:56 --------- d-----w C:\Program Files\Moucha
2008-07-01 13:27 --------- d-----w C:\Program Files\Project Zeit
2008-07-01 13:17 --------- d-----w C:\Program Files\WinMatrix XP
2008-07-01 12:32 --------- d-----w C:\Program Files\Blender Foundation
2008-06-27 13:27 --------- d-----w C:\Program Files\Rockstar Games
2008-06-25 11:38 2,813,952 ----a-w C:\WINDOWS\Mann-Filter Rallye.scr
2008-06-24 17:25 --------- d-----w C:\Program Files\Laser Dolphin
2008-06-23 14:24 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2006-03-31 11:56 917,318 -c--a-w C:\Program Files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c--a-w C:\Program Files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c--a-w C:\Program Files\Apr2006_xinput_x86.cab
2006-03-31 11:56 41,890 -c--a-w C:\Program Files\dxdllreg_x86.cab
2006-03-31 11:56 4,163,518 -c--a-w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c--a-w C:\Program Files\Apr2006_xact_x64.cab
2006-03-31 11:56 133,991 -c--a-w C:\Program Files\Apr2006_xact_x86.cab
2006-03-31 11:56 1,398,718 -c--a-w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c--a-w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-03-31 11:41 81,733 -c--a-w C:\Program Files\dxupdate.cab
2006-03-31 11:40 484,560 -c--a-w C:\Program Files\DXSETUP.exe
2006-03-31 11:40 2,248,912 -c--a-w C:\Program Files\dsetup32.dll
2006-03-31 11:39 74,448 -c--a-w C:\Program Files\DSETUP.dll
2006-02-03 08:00 179,247 -c----w C:\Program Files\Feb2006_xact_x64.cab
2006-02-03 08:00 133,297 -c----w C:\Program Files\Feb2006_xact_x86.cab
2006-02-03 08:00 1,363,684 -c----w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-07-22 18:14 1,351,430 -c----w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w C:\Program Files\BDAXP.cab
2004-09-27 10:29 703,080 -c----w C:\Program Files\BDA.cab
2004-09-27 10:29 15,493,481 -c----w C:\Program Files\DirectX.cab
2004-09-27 10:29 13,265,040 -c----w C:\Program Files\dxnt.cab
2004-09-27 10:29 1,156,363 -c----w C:\Program Files\BDANT.cab
2008-05-12 19:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-17 19:50 1232152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-06-15 16:12 577536 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\UT2003\\System\\UT2003.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Unreal Anthology\\UnrealGold\\System\\Unreal.exe"=
"C:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-17 19:50]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-08-29 11:07]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-17 19:50]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 19:50]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-17 19:50]
R2 dvdmmg;dvdmmg;C:\WINDOWS\system32\drivers\dvdmmg.sys [2007-09-06 13:15]
R2 MLPTDR_C;MLPTDR_C;C:\WINDOWS\system32\MLPTDR_C.sys [2002-03-26 03:55]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
S3 PCD65X3;PCD65X3;C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\PCD65X3.sys []
S3 PCD65X4;PCD65X4;C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\PCD65X4.sys []
S3 PCD65X5;PCD65X5;C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\PCD65X5.sys []
S3 PCD65X6;PCD65X6;C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\PCD65X6.sys []
S3 PCD65X7;PCD65X7;C:\DOCUME~1\LIBORF~1\LOCALS~1\Temp\PCD65X7.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{EAD74E2E-677C-481A-A72E-DA35A2D36A6D} - C:\WINDOWS\system32\tuvULBUl.dll
HKCU-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-BackgroundCycler - C:\Documents and Settings\Libor Formánek\Local Settings\Temporary Internet Files\Content.IE5\PXKCTKBB\Cycler[1].exe
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
HKLM-Run-70a65723 - C:\WINDOWS\system32\dkgedjhu.dll
HKLM-Run-BM739564bf - C:\WINDOWS\system32\rrcpbbfb.dll
Notify-winhdn32 - winhdn32.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.seznam.cz/
R0 -: HKCU-Main,Default_Search_URL =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 20:19:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-23 20:26:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 18:26:42

Pre-Run: Volných bajtů: 60,760,760,320
Post-Run: Volněch bajt…: 62,359,650,304

251 --- E O F --- 2008-08-23 10:33:19

[fredik]

Dej sem nový log z HJT.

[Annie126]

Tak tady je další log. Už to vypadá, že comp se v pořádku, internet běhá normálně, dostanu se ke všem složkám počítače.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:19, on 24.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3481372421
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7145 bytes