Prosím o kontrolu logu a pomoc s viry

[luke1]

Zkontroloval jsem počítač pomocí MWAW a našel tohle:

File C:\WINDOWS\system32\UTSCSI.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xema Worm" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "personalantispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "spyware.smartpckeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "personalantispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45D68F08-56A0-4412-BB0F-8492BE978AC7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{558CD0A7-0548-4220-88FE-01CC1477DF61}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5AC9F44E-06C7-41E3-A464-37177AB9105D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{901C63FD-6673-47A6-9B5F-B13E3EBFA470}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C3CE4CED-46B0-407E-A703-7A83AAE02A36}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DBE84DB2-1794-4244-9859-9B720CA89B4D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\UTSCSI.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.

Jiné antiviry nic nenašly, ví někdo prosím, co to je?

Log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:12, on 2.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - D:\Programy\Alarm\AlarmMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 6794 bytes


Děkuji všem za případnou pomoc

[Reklama]

[jaro3]

Odinstaluj toto: personalantispy
Možná planý poplach, ale pro kontrolu:

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[luke1]

Odinstaluj toto: personalantispy
Možná planý poplach, ale pro kontrolu:

jenže jak? Já vlastně ani nevím, kde to hledat, nějak to z toho nemůžu vyčíst

[jaro3]

START-ovl. panely-přidat/odebrat programy.-klik na personalantispy a odebrat.

[luke1]

hm, no jasně, tohle vím, jenže v seznamu nainstalovaných programů žádný takový program není

Tady je lod z ComboFix:

ComboFix 08-11-02.01 - Radovan Vrba 2008-11-02 18:16:14.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.989 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Radovan Vrba\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\UTSCSI.EXE
.
---- Previous Run -------
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\dbfb.dll
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 15:41 . 2008-11-02 15:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-11-02 11:47 . 2008-11-02 15:55 0 --a------ C:\23990098.$$$
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-02 11:34 . 2008-11-02 11:34 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-02 11:30 . 2008-11-02 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-02 11:30 . 2008-11-02 11:30 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-02 11:30 . 2008-11-02 11:30 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-02 11:30 . 2004-08-18 13:00 147,968 --a------ C:\WINDOWS\R.COM
2008-11-02 11:30 . 2004-08-18 13:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-11-02 11:30 . 2008-11-02 11:30 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-02 11:30 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-02 11:30 . 2008-11-02 15:52 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-02 08:10 . 2008-11-02 08:10 286,720 --------- C:\WINDOWS\Setup1.exe
2008-10-23 13:10 . 2008-10-23 13:10 2,672 --a------ C:\WINDOWS\system32\settings.aaw
2008-10-23 13:10 . 2008-10-23 13:10 1,152 --a------ C:\WINDOWS\system32\history.aaw
2008-10-22 15:29 . 2008-10-22 15:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-22 15:29 . 2008-10-22 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-10-14 17:03 . 2008-10-14 17:03 <DIR> d-------- C:\Program Files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 07:10 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-15 18:00 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-09-19 08:04 --------- d-----w C:\Documents and Settings\Radovan Vrba\Data aplikací\Talkback
2008-09-15 16:40 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 16:40 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 11:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 14:46 2,182,528 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:46 2,182,528 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 14:46 2,138,112 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 14:46 2,059,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 14:46 2,059,904 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:46 2,017,792 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-14 10:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2007-09-09 19:26 87,608 ----a-w C:\Documents and Settings\Radovan Vrba\Data aplikací\ezpinst.exe
2007-09-09 19:26 47,360 ----a-w C:\Documents and Settings\Radovan Vrba\Data aplikací\pcouffin.sys
2007-07-23 13:44 6,144 --sha-w C:\Program Files\Thumbs.db
2007-11-14 18:30 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-14 18:30 8 --sh--r C:\WINDOWS\system32\D61A92063C.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 15360]
"Net4Switch"="C:\Program Files\ASUS\Net4Switch\Net4Switch.exe" [2006-03-02 1101824]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 106496]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2006-10-10 32768]
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2006-10-10 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-05-04 03:59 16206848 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-27 16269]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 69120]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-07-02 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-06-29 8064]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [ ]
S3 AlarmClockMonitor;Talking Alarm Clock user logon monitor;D:\Programy\Alarm\AlarmMonitor.exe [2004-09-15 246184]
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]
S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 34944]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa8c1f8-c61a-11dc-ad17-0018f38d55ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5151896c-6912-11db-ab30-0018f3336243}]
\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87876de4-8014-11db-ab73-0018f3336243}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'

2008-07-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:35]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Radovan Vrba\Data aplikací\Mozilla\Firefox\Profiles\djngl4hn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.seznam.cz
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 18:17:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-02 18:18:26
ComboFix-quarantined-files.txt 2008-11-02 17:18:26

Před spuštěním: Volných bajtů: 10,184,425,472
Po spuštění: Volných bajtů: 10,292,723,712

159 --- E O F --- 2008-10-24 11:55:21

[jaro3]

Když není ,tak je to v pohodě. Ten log z CF je po výmazu čistý .Takže pošli ještě nový log z HJT.

[luke1]

Tady je nový log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:35, on 3.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - D:\Programy\Alarm\AlarmMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)


Jenže jsem znovu projel PC MWAV a pořád je tam tohle

Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xema Worm" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "personalantispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "spyware.smartpckeylog Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "diskknight Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spyware.expresskeylog Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "personalantispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "personalantispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XTTB00001.XTTB00001Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45D68F08-56A0-4412-BB0F-8492BE978AC7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{558CD0A7-0548-4220-88FE-01CC1477DF61}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5AC9F44E-06C7-41E3-A464-37177AB9105D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{901C63FD-6673-47A6-9B5F-B13E3EBFA470}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C3CE4CED-46B0-407E-A703-7A83AAE02A36}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DBE84DB2-1794-4244-9859-9B720CA89B4D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{44A8E6F7-0081-422A-B5E1-20B3CF773FA4}\RP2\A0001052.EXE infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.

Co to vlastně je, a můžu se toho nějak zbavit?

[jaro3]

Fix v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - Global Startup: MultiFrame.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe (file missing)

To jsou všechno jen zbytky po odstraněných nákazách. Comp máš čistý.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u10

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Je to vše.

[luke1]

Díky moc

[jaro3]

Ještě jsem zapomněl, pokud je PC v pořádku tak udělej toto:
Vypni obnovu systému- restartuj PC- a pak ji zase zapni.
Jinak není zač.