Spyware?? Vyřešeno

[xylofon]

Zdravím, potřeboval bych pomoct. V počítači se mi usadila nějaká mrška. Teda projevuje se když jsem na netu (Mozzila 3.0.3),
různě po stránce mi vyskakujou okna typu: Váš počítač je ohrožen, scanujte nyní, atd...., navíc některé stránky nejdou normálně zobrazit.
Zkoušel jsem Ad-aware 6.0, AVG anti spyware, Spy bot, Avg antivrus, ale ani jeden z nich nic nenašel.
Přikládám kopii logu, tak jestli by mi některý ze zkušených poradil, díky.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:47, on 7.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Gigabyte\ET5Pro\GUI.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [EasyTuneVPro] D:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [d011a0bf] rundll32.exe "D:\WINDOWS\system32\iktviasn.dll",b
O4 - HKLM\..\Run: [BMbb83c424] Rundll32.exe "D:\WINDOWS\system32\dhohxbqb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 5470 bytes

[Reklama]

[jaro3]

Fix HJT:

Kód: Vybrat vše

O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k


Vypni rez. ochranu U AVG a Keria.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[xylofon]

Jo, tak tady to je, zatim dik.


ComboFix 08-10-06.06 - vanin 2008-10-07 15:35:38.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1560 [GMT 2:00]
Spuštěný z: D:\Documents and Settings\vanin\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\BMbb83c424.txt
D:\WINDOWS\BMbb83c424.xml
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\ackliipk.dll
D:\WINDOWS\system32\bmgwrjwm.dll
D:\WINDOWS\system32\ccrumkou.ini
D:\WINDOWS\system32\dhohxbqb.dll
D:\WINDOWS\system32\ibqemvqo.ini
D:\WINDOWS\system32\iktviasn.dll
D:\WINDOWS\system32\kpiilkca.ini
D:\WINDOWS\system32\MpXEdMoq.ini
D:\WINDOWS\system32\MpXEdMoq.ini2
D:\WINDOWS\system32\nsaivtki.ini
D:\WINDOWS\system32\qoMdEXpM.dll
D:\WINDOWS\system32\xeqpfrxx.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-07 do 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-07 15:23 . 2008-10-07 15:42 3,381,614 --a------ D:\WINDOWS\{00000005-00000000-00000000-00001102-00000002-100A1102}.BAK
2008-10-05 00:02 . 2006-09-05 18:03 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-04 22:16 . 2008-10-04 22:30 <DIR> d-------- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-04 10:59 . 2008-10-04 10:59 <DIR> d-------- D:\WINDOWS\Logs
2008-10-03 22:51 . 2008-10-03 22:51 <DIR> d-------- D:\Kudos 2 Demo
2008-10-03 22:51 . 2008-10-03 22:51 4,096 --a------ D:\WINDOWS\d3dx.dat
2008-09-24 20:40 . 2008-09-24 20:40 <DIR> d-------- D:\Documents and Settings\vanin\Data aplikací\DivX
2008-09-24 20:39 . 2008-09-24 20:39 <DIR> d-------- D:\Documents and Settings\vanin\Data aplikací\Media Player Classic
2008-09-12 14:33 . 2008-09-12 14:33 52,224 --a------ D:\WINDOWS\ipuninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 13:42 24,944 ----a-w D:\WINDOWS\system32\drivers\GVTDrv.sys
2008-10-06 07:42 --------- d-----w D:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-10-05 15:18 --------- d-----w D:\Documents and Settings\vanin\Data aplikací\uTorrent
2008-10-04 22:01 --------- d-----w D:\Documents and Settings\vanin\Data aplikací\AVG7
2008-10-04 09:00 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2008-10-03 23:02 --------- d-----w D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-10-03 15:30 --------- d-----w D:\Documents and Settings\vanin\Data aplikací\Corel
2008-10-03 15:29 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-24 18:33 --------- d-----w D:\Program Files\K-Lite Codec Pack
2008-09-17 15:24 88 --sh--r D:\Documents and Settings\All Users\Data aplikací\108948AD27.sys
2008-09-17 15:24 2,516 --sha-w D:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
2008-08-24 18:54 --------- d-----w D:\Documents and Settings\vanin\Data aplikací\Creative
2008-08-24 16:53 --------- d--h--w D:\Program Files\Creative Installation Information
2008-08-24 16:53 --------- d-----w D:\Program Files\Creative
2008-08-24 16:53 --------- d-----w D:\Documents and Settings\All Users\Data aplikací\Creative
2008-08-24 16:52 --------- d-----w D:\Program Files\Common Files\Creative
2008-08-21 18:13 --------- d-----w D:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-08-21 18:12 --------- d-----w D:\Documents and Settings\vanin\Data aplikací\CyberLink
2008-08-21 18:04 --------- d-----w D:\Program Files\CyberLink
2008-07-25 08:34 161,096 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-07 20:44 22,328 ----a-w D:\Documents and Settings\vanin\Data aplikací\PnkBstrK.sys
2008-05-07 20:40 103,736 ----a-w D:\Documents and Settings\vanin\Data aplikací\PnkBstrB.exe
2005-05-04 00:55 142,454 ----a-w D:\Program Files\avi.ico
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVPro"="D:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"AudioHQU"="D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE" [2002-01-18 176128]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-23 579584]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2008-10-06 6731312]
"CTHelper"="CTHELPER.EXE" [2003-08-28 D:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-23 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 19:20 91432 D:\Program Files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:06 3144800 D:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-17 07:15 221184 D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-17 07:15 81920 D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 D:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 09:35 72736 D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 D:\WINDOWS\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\uTorrent\\utorrent.exe"=

R1 fwdrv;Firewall Driver;D:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};D:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12 41456]
R2 UxTuneUp;TuneUp Design Expansion;D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 GVTDrv;GVTDrv;D:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-10-07 24944]
R3 MarkFun_NT;MarkFun_NT;D:\Program Files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 17912]
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MARKFUN_NT
.
Obsah adresáře 'Naplánované úlohy'

2008-10-03 D:\WINDOWS\Tasks\1-Click Maintenance.job
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{CC3B4700-C680-428C-99A6-0B87869D7993} - D:\WINDOWS\system32\qoMdEXpM.dll
HKLM-Run-d011a0bf - D:\WINDOWS\system32\iktviasn.dll
HKLM-Run-BMbb83c424 - D:\WINDOWS\system32\dhohxbqb.dll
ShellExecuteHooks-{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - (no file)
Notify-urqqOGAP - urqqOGAP.dll
MSConfigStartUp-BMbb83c424 - D:\WINDOWS\system32\xeqpfrxx.dll
MSConfigStartUp-d011a0bf - D:\WINDOWS\system32\ackliipk.dll


.
------- Doplňkový sken -------
.
FireFox -: Profile - D:\Documents and Settings\vanin\Data aplikací\Mozilla\Firefox\Profiles\e1r5fwsh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - D:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 15:42:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\D:\Program Files\Gigabyte\ET5Pro\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\D:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
C:\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Gigabyte\ET5Pro\GUI.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2008-10-07 15:44:35 - počítač byl restartován [vanin]
ComboFix-quarantined-files.txt 2008-10-07 13:44:28

Před spuštěním: 6,116,429,824
Po spuštění: 6,039,625,728

179

[jaro3]

Log z CF vypadá čiště, vše smazáno. Pošli ještě log z HJT a info o chování compu.

[xylofon]

Aha, takže to je opravený ? já myslel, že s tím logem budeš něco dělat. Každopádně to vypadá, že je to všechno ready.
Díky moc za pomoc.

[xylofon]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:26, on 7.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [EasyTuneVPro] D:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [AudioHQU] D:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 5281 bytes


Děkuju mockrát

[xylofon]

Jo jinak , stránky který nešly, jdou bez problému, net běží taky normálně, takže to vypadá vyléčeně. Zdarec

[jaro3]

Log je čistý.
Aktualizuj javu:
Java Runtime Environment (JRE) 6 Update 7
http://java.sun.com/javase/downloads/index.jsp
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u7-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

[xylofon]

ješte jednou dik