mike007: Prosím o kontrolu logu (zavirováno) Vyřešeno

[mike007]

Ahoj jaro3,

Mohu tě poprosit o kontrolu logu z HJT a MWAV?

Mám podezření na vir. Už třetí den se mi objevuje chybová hláška, viz obrázek níže. Vždy po jejím odkliknutí mi problikne obrazovka, na vteřinu se vypne vzhled (Zune), zmenší se hlavní panel (normálně ho mám vytáhlý na tři řádky), ikony na ploše se zarovnají doleva a žádný z přehrávačů (KM player, PowerDVD, WMP) mi nespustí hudbu...



Včera jsem použil Combofix, který smazal tyto položky:

c:\windows\regedit.com
c:\windows\system32\NeW\
c:\windows\system32\taskmgr.com

Byl na chvíli klid, ale teď to blbne znovu...

Díky za pomoc

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:02, on 1.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\apache\Apache.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\apache\Apache.exe
C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programy a hry\kontrola proti virům\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Startup: Zástupce - WATCHDOG.lnk = C:\my_system\WATCHDOG.xls
O4 - Startup: Zástupce - létání.lnk = ?
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - c:\apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6767 bytes

---

Log z MWAV:

Objekt "Trackware.BarBrowser Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Trackware.BarBrowser Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Win32.Passma Virus" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Conducent FlexPak Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "DSK Trojan Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "SmitFraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.ExpressKeylog Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "DiskKnight Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "PersonalAntispy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\KMPlayer.kpl" odkazuje na neplatný objekt "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\KMPlayer.ksf" odkazuje na neplatný objekt "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\Photoshop.Image.10" odkazuje na neplatný objekt "{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""D:\data\cdw32.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.6.0_02\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Recycled\Dc2.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Recycled\Dc4.exe je infikovaný virem Backdoor.Generic.55025 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\phptriad\tools\backup\backup.exe je infikovaný virem BkCln.Unknown !! Provedené akce: Ponecháno, neodstraněno!.

[Reklama]

[jaro3]

Ahoj!
Můžeš smazat:
C:\phptriad\tools\backup\backup.exe

dej sem nový log z CF.

[mike007]

Vždy, po kontrole Combofixem mi nefunguje zvuk. Je to normální? Pomůže jen restart.
edit: Teď mi nejde zvuk ani po restartu. Chybová hláška stále vyskakuje, hlavní panel se mi zmenšuje, ikony na ploše se rovnají doleva. Takový vir jsem ještě v životě neměl

Log:

ComboFix 09-03-31.04 - Michael 2009-04-01 20:41:40.9 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1535.1097 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michael\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\NeW\

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-04-01 20:01 . 2009-04-01 20:01 <DIR> d-------- c:\program files\KMplayer
2009-04-01 18:48 . 2009-04-01 19:14 13,030 --a------ C:\PDOXUSRS.NET
2009-04-01 16:50 . 2009-04-01 16:50 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-31 20:20 . 2009-03-31 20:20 <DIR> d-------- c:\program files\Java
2009-03-31 20:20 . 2009-03-31 20:20 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-08 16:29 . 2009-03-08 16:29 <DIR> d-------- c:\program files\Google
2009-03-06 16:48 . 2009-03-06 16:48 <DIR> d-------- c:\windows\Application Data\PunkBuster
2009-03-06 16:44 . 2009-03-06 16:44 <DIR> d-------- c:\windows\Application Data\id Software
2009-03-06 16:42 . 2009-03-06 16:42 <DIR> d-------- c:\windows\All Users\Application Data\id Software
2009-03-06 16:42 . 2009-03-06 16:42 2,246,144 --a------ c:\windows\SYSTEM32\pbsvc.exe
2009-03-06 16:42 . 2009-03-07 16:39 188,896 --a------ c:\windows\SYSTEM32\PnkBstrB.exe
2009-03-06 16:42 . 2009-03-07 16:39 138,784 --a------ c:\windows\SYSTEM32\DRIVERS\PnkBstrK.sys
2009-03-06 16:42 . 2009-03-07 16:39 70,968 --a------ c:\windows\SYSTEM32\PnkBstrA.exe
2009-03-04 12:32 . 2009-03-04 12:32 <DIR> d-------- c:\windows\speech
2009-03-04 12:32 . 2009-03-04 12:32 796,672 --a------ c:\windows\GPInstall.exe
2009-03-04 12:32 . 1999-10-20 18:28 7,538 --a------ c:\windows\Czech_CZ.gpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 18:20 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-11 13:01 153,592 ----a-w c:\windows\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 18:50 --------- d-----w c:\program files\eRightSoft
2009-02-26 13:11 28,672 ----a-w c:\windows\SYSTEM32\eEmpty.exe
2008-12-26 16:21 47,360 ----a-w c:\windows\Application Data\pcouffin.sys
2008-12-26 13:41 87,608 ----a-w c:\windows\Application Data\ezpinst.exe
2007-12-14 11:45 22,328 ----a-w c:\windows\Application Data\PnkBstrK.sys
2006-12-31 14:50 92 ----a-w c:\windows\Application Data\fusioncache.dat
2006-12-31 13:55 271 --sh--w c:\program files\desktop.ini
2006-12-31 13:55 23,423 ---h--w c:\program files\folder.htt
2006-05-03 09:06 163,328 --sh--r c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\SYSTEM32\nbDX.dll
2008-01-23 11:03 2,258 --sha-r c:\windows\All Users\Application Data\id Software\QuakeLive\npcleanup.vbs
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VistaStartMenu"="c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe" [2007-11-12 1702064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-06 1115728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]
"C-Media Mixer"="Mixer.exe" [2001-10-22 c:\windows\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\SYSTEM32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\Michael\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2007-11-29 367104]
Z stupce - WATCHDOG.lnk - c:\my_system\WATCHDOG.xls [2006-05-23 171520]
Z stupce - l‚t nˇ.lnk - c:\documents and settings\Michael\Plocha\l‚t nˇ.xls [2009-03-27 17408]

c:\windows\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2007-04-15 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.VDOM"= vdowave.drv
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 15:41 145496 c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\BASTLENI\\SDÍLENÉDOKUM\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;c:\windows\SYSTEM32\DRIVERS\viasraid.sys [2003-08-11 75904]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-11-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2008-11-10 20560]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2002-01-25 20480]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\SYSTEM32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 ovt530;Webcam Deluxe;c:\windows\SYSTEM32\DRIVERS\ov530vid.sys [2007-01-09 161792]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\Razerlow.sys [2007-08-21 13225]
R3 Usbfilt;UsbFilt;c:\windows\SYSTEM32\DRIVERS\usbfilt.sys [2007-11-29 26166]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S0 hhcpchfg;hhcpchfg;c:\windows\system32\drivers\lbjiarcc.sys --> c:\windows\system32\drivers\lbjiarcc.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\SYSTEM32\DRIVERS\vsp.sys [2007-04-15 3351]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c17ecd0-021b-11dd-b87f-000c76969a4e}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-03-25 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.foxconn.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
FF - ProfilePath - c:\windows\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\windows\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 20:44:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8000ED5-3463-43EC-3B92-C00E4301D097}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jagcgicldolaagaeigcc"=hex:62,61,6b,63,00,00
"jagcgicldolaagaeigob"=hex:62,61,67,65,00,00
"iagdlgnalhplgcpkch"=hex:6b,61,64,65,64,70,65,70,63,6e,70,63,70,67,69,6e,6e,6d,
62,65,6b,69,00,00
"haibfdoijfppghdb"=hex:6b,61,64,65,64,70,65,70,63,6e,70,63,70,67,69,6e,6e,6d,
6a,65,6e,6b,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A6C8521-363D-45C1-93C0-34B133B3948E}\InProcServer32*]
"oaajjehjeolelfodceooiahfdnmcck"=hex:6a,61,62,69,65,6d,6a,6c,68,65,67,6f,64,61,
6b,6f,6b,6b,64,65,00,29
"naajpgohhbkkplidhdhkfbgadkan"=hex:6a,61,6c,68,6c,6c,69,70,6f,6a,61,6b,6a,63,
69,64,6d,70,68,69,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,3e,78,c6,cd,63,
ec,4c,0e,c8,28,51,af,b0,29,a3,98,1e,ce,0f,11,e0,7b,6a,b7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,90,80,da,94,23,
64,06,af,71,3b,04,66,8b,46,0d,96,13,fa,9b,24,65,93,6d,8b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,cd,56,17,bf,
b3,85,b7,25,da,ec,7e,55,20,c9,26,85,d0,8f,96,c1,16,53,65,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,84,e1,5d,80,ea,
98,77,f5,3e,1e,9e,e0,57,5a,93,61,51,6f,51,a5,76,21,11,60,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,76,75,3b,71,e9,
0c,90,7d,cd,44,cd,b9,a6,33,6c,cd,81,e9,4f,e1,03,ea,5a,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,66,c3,91,35,a7,
13,e5,0f,b0,18,ed,a7,3f,8d,37,a4,d3,a9,ec,05,a2,d9,06,18,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f8,0c,96,c4,42,
bb,2f,00,31,77,e1,ba,b1,f8,68,02,b5,fa,30,57,21,df,09,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ca,30,55,73,f6,
b5,93,03,83,6c,56,8b,a0,85,96,ab,1d,7e,11,1b,ee,18,7a,da,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,42,e1,18,b8,5b,
65,fd,7d,51,fa,6e,91,28,9e,14,cc,c9,6a,5d,81,e6,48,30,4f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a2,2d,7c,9c,20,
33,04,ca,b1,cd,45,5a,a8,c4,f8,b9,e9,e2,2d,0f,da,eb,cb,36,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c3,9f,e1,a8,90,
29,ca,55,e3,0e,66,d5,eb,bc,2f,6b,c1,5c,2f,75,7b,0e,a7,8d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ff,39,37,92,33,
78,04,f2,fa,ea,66,7f,d4,3b,6b,70,61,57,08,a2,2b,ba,af,50,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-01 20:45:05
ComboFix-quarantined-files.txt 2009-04-01 18:45:04

Před spuštěním: Volných bajtů: 55 350 755 328
Po spuštění: Volných bajtů: 55,327,686,656

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
251

[jaro3]

Odinstaluj vše(pokud tam máš..):
Viewpoint
Viewpoint Toolbar
Viewpoint Manager
PartyGaming
PartyPoker
TRISNA~1

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config hhcpchfg start= disabled
sc stop hhcpchfg
sc delete hhcpchfg
sc config ViewpointService start= disabled
sc stop ViewpointService
sc delete ViewpointService

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\program files\desktop.ini
c:\program files\folder.htt
c:\windows\SYSTEM32\flvDX.dll
c:\windows\SYSTEM32\msfDX.dll
c:\windows\SYSTEM32\nbDX.dll


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Zítra..

[mike007]

To by mě zajímalo, kde jsem tohle svinstvo stáhnul ...
Hláška zatím pořád vyskakuje, zvuk nefunguje, respektive nemohu si spustit žádnou hudbu, přehrávače nefungují, v nastavení zvuků ve vše šedivé. Jediné co jde, jsou systémové zvuky, ikdyž i u nich v nastavení je vše šedivé

Combofix:

ComboFix 09-04-01.01 - Michael 2009-04-01 21:33:49.11 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1535.1084 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michael\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michael\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\program files\desktop.ini
c:\program files\folder.htt
c:\windows\SYSTEM32\flvDX.dll
c:\windows\SYSTEM32\msfDX.dll
c:\windows\SYSTEM32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini
c:\program files\folder.htt
c:\windows\SYSTEM32\flvDX.dll
c:\windows\SYSTEM32\msfDX.dll
c:\windows\SYSTEM32\nbDX.dll
c:\windows\system32\NeW\

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-04-01 20:01 . 2009-04-01 20:01 <DIR> d-------- c:\program files\KMplayer
2009-04-01 18:48 . 2009-04-01 19:14 13,030 --a------ C:\PDOXUSRS.NET
2009-04-01 16:50 . 2009-04-01 16:50 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-31 20:20 . 2009-03-31 20:20 <DIR> d-------- c:\program files\Java
2009-03-31 20:20 . 2009-03-31 20:20 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-08 16:29 . 2009-03-08 16:29 <DIR> d-------- c:\program files\Google
2009-03-06 16:48 . 2009-03-06 16:48 <DIR> d-------- c:\windows\Application Data\PunkBuster
2009-03-06 16:44 . 2009-03-06 16:44 <DIR> d-------- c:\windows\Application Data\id Software
2009-03-06 16:42 . 2009-03-06 16:42 <DIR> d-------- c:\windows\All Users\Application Data\id Software
2009-03-04 12:32 . 2009-03-04 12:32 <DIR> d-------- c:\windows\speech
2009-03-04 12:32 . 2009-03-04 12:32 796,672 --a------ c:\windows\GPInstall.exe
2009-03-04 12:32 . 1999-10-20 18:28 7,538 --a------ c:\windows\Czech_CZ.gpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 18:20 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-11 13:01 153,592 ----a-w c:\windows\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 18:50 --------- d-----w c:\program files\eRightSoft
2009-02-26 13:11 28,672 ----a-w c:\windows\SYSTEM32\eEmpty.exe
2008-12-26 16:21 47,360 ----a-w c:\windows\Application Data\pcouffin.sys
2008-12-26 13:41 87,608 ----a-w c:\windows\Application Data\ezpinst.exe
2007-12-14 11:45 22,328 ----a-w c:\windows\Application Data\PnkBstrK.sys
2006-12-31 14:50 92 ----a-w c:\windows\Application Data\fusioncache.dat
2008-01-23 11:03 2,258 --sha-r c:\windows\All Users\Application Data\id Software\QuakeLive\npcleanup.vbs
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VistaStartMenu"="c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe" [2007-11-12 1702064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-06 1115728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 148888]
"C-Media Mixer"="Mixer.exe" [2001-10-22 c:\windows\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\SYSTEM32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\Michael\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2007-11-29 367104]
Z stupce - WATCHDOG.lnk - c:\my_system\WATCHDOG.xls [2006-05-23 171520]
Z stupce - l‚t nˇ.lnk - c:\documents and settings\Michael\Plocha\l‚t nˇ.xls [2009-03-27 17408]

c:\windows\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2007-04-15 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.VDOM"= vdowave.drv
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 15:41 145496 c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\BASTLENI\\SDÍLENÉDOKUM\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;c:\windows\SYSTEM32\DRIVERS\viasraid.sys [2003-08-11 75904]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-11-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2008-11-10 20560]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2002-01-25 20480]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\SYSTEM32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 ovt530;Webcam Deluxe;c:\windows\SYSTEM32\DRIVERS\ov530vid.sys [2007-01-09 161792]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\Razerlow.sys [2007-08-21 13225]
R3 Usbfilt;UsbFilt;c:\windows\SYSTEM32\DRIVERS\usbfilt.sys [2007-11-29 26166]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\SYSTEM32\DRIVERS\vsp.sys [2007-04-15 3351]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c17ecd0-021b-11dd-b87f-000c76969a4e}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-03-25 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.foxconn.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
FF - ProfilePath - c:\windows\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\windows\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 21:34:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8000ED5-3463-43EC-3B92-C00E4301D097}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jagcgicldolaagaeigcc"=hex:62,61,6b,63,00,00
"jagcgicldolaagaeigob"=hex:62,61,67,65,00,00
"iagdlgnalhplgcpkch"=hex:6b,61,64,65,64,70,65,70,63,6e,70,63,70,67,69,6e,6e,6d,
62,65,6b,69,00,00
"haibfdoijfppghdb"=hex:6b,61,64,65,64,70,65,70,63,6e,70,63,70,67,69,6e,6e,6d,
6a,65,6e,6b,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A6C8521-363D-45C1-93C0-34B133B3948E}\InProcServer32*]
"oaajjehjeolelfodceooiahfdnmcck"=hex:6a,61,62,69,65,6d,6a,6c,68,65,67,6f,64,61,
6b,6f,6b,6b,64,65,00,29
"naajpgohhbkkplidhdhkfbgadkan"=hex:6a,61,6c,68,6c,6c,69,70,6f,6a,61,6b,6a,63,
69,64,6d,70,68,69,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,3e,78,c6,cd,63,
ec,4c,0e,c8,28,51,af,b0,29,a3,98,1e,ce,0f,11,e0,7b,6a,b7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,90,80,da,94,23,
64,06,af,71,3b,04,66,8b,46,0d,96,13,fa,9b,24,65,93,6d,8b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,cd,56,17,bf,
b3,85,b7,25,da,ec,7e,55,20,c9,26,85,d0,8f,96,c1,16,53,65,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,84,e1,5d,80,ea,
98,77,f5,3e,1e,9e,e0,57,5a,93,61,51,6f,51,a5,76,21,11,60,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,76,75,3b,71,e9,
0c,90,7d,cd,44,cd,b9,a6,33,6c,cd,81,e9,4f,e1,03,ea,5a,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,66,c3,91,35,a7,
13,e5,0f,b0,18,ed,a7,3f,8d,37,a4,d3,a9,ec,05,a2,d9,06,18,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f8,0c,96,c4,42,
bb,2f,00,31,77,e1,ba,b1,f8,68,02,b5,fa,30,57,21,df,09,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ca,30,55,73,f6,
b5,93,03,83,6c,56,8b,a0,85,96,ab,1d,7e,11,1b,ee,18,7a,da,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,42,e1,18,b8,5b,
65,fd,7d,51,fa,6e,91,28,9e,14,cc,c9,6a,5d,81,e6,48,30,4f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a2,2d,7c,9c,20,
33,04,ca,b1,cd,45,5a,a8,c4,f8,b9,e9,e2,2d,0f,da,eb,cb,36,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c3,9f,e1,a8,90,
29,ca,55,e3,0e,66,d5,eb,bc,2f,6b,c1,5c,2f,75,7b,0e,a7,8d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,ff,39,37,92,33,
78,04,f2,fa,ea,66,7f,d4,3b,6b,70,61,57,08,a2,2b,ba,af,50,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-01 21:35:45
ComboFix-quarantined-files.txt 2009-04-01 19:35:44
ComboFix2.txt 2009-04-01 19:32:58

Před spuštěním: Volných bajtů: 55 317 135 360
Po spuštění: Volných bajtů: 55,293,804,544

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
252

---

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:18, on 1.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\apache\Apache.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
c:\apache\Apache.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\system32\svchost.exe
c:\apache\APACHE.EXE
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programy a hry\kontrola proti virům\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Startup: Zástupce - WATCHDOG.lnk = C:\my_system\WATCHDOG.xls
O4 - Startup: Zástupce - létání.lnk = ?
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - c:\apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE

--
End of file - 6328 bytes

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config Viewpoint Manager Service start= disabled
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service


ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\NeW
c:\windows\GPInstall.exe
c:\program files\Viewpoint\Common\ViewpointService.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Problémem je stále se objevující složka:
c:\windows\system32\NeW
ve výmazech.

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

(potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu: Next
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:
standard - detect viruses, worms, Trojans, rootkits
Pod položkou: Scan Options: - nech zvolené obě možnosti:
Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files
Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:
My Computer
- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)
Pak ho sem vlož, upozornuji , že sken může trvat i několik hodin...

[mike007]

Tady je log z OTMoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\NeW not found.
File/Folder c:\windows\GPInstall.exe not found.
File/Folder c:\program files\Viewpoint\Common\ViewpointService.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\~DF3ACC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\etilqs_Nqz1ffu5RBHMvdaZYBIY scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\printpdf@pavlov.net\chrome\printpdf.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\greasemonkey.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}\chrome\bbcode.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}\chrome\foxtab.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}\chrome\tmp.xpi scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\dwhelper.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\amin.eft_Shutdown@gmail.com\chrome\inbshutdown.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}\chrome\clrtabs.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome\adblockplus.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\chrome\tabmixplus.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}\chrome\livepr.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}\chrome\webdeveloper.jar scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\parent.lock scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\cert8.db scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\key3.db scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\permissions.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\downloads.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\formhistory.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\places.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\cookies.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\places.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\content-prefs.sqlite scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\search.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04022009_171900

Files moved on Reboot...
C:\DOCUME~1\Michael\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\Michael\LOCALS~1\Temp\~DF3ACC.tmp moved successfully.
File C:\DOCUME~1\Michael\LOCALS~1\Temp\etilqs_Nqz1ffu5RBHMvdaZYBIY not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4d0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat not found!
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_MAP_ moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_001_ moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_002_ moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\Cache\_CACHE_003_ moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\printpdf@pavlov.net\chrome\printpdf.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome\greasemonkey.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}\chrome\bbcode.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}\chrome\foxtab.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}\chrome\tmp.xpi moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\dwhelper.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\amin.eft_Shutdown@gmail.com\chrome\inbshutdown.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}\chrome\clrtabs.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome\adblockplus.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\chrome\tabmixplus.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}\chrome\livepr.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}\chrome\webdeveloper.jar moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\XUL.mfl moved successfully.
File C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\parent.lock not found!
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\cert8.db moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\key3.db moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\permissions.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\downloads.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\formhistory.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\places.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\urlclassifier3.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\cookies.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\places.sqlite-journal moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\content-prefs.sqlite moved successfully.
C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5h0gcrnh.default\search.sqlite moved successfully.

OTMoveIt mi vymazal všechny doplňky z Firefoxu, včetně skinu. Snad k tomu měl dobrý důvod.

Log z Online skenu dodám až bude k dispozici. Počítač stále hlásí chybu, problikává plocha. Všiml jsem si, že mi i mizí přípony u souborů. Už dvakrát jsem je musel zapínat. Už aby to bylo pryč...

Zatím díky.

[mike007]

Tak Kaspersky Online scan nenašel vůbec nic.



Žádné zlepšení se nedostavilo. Počítač si dělá co chce

[jaro3]

Vlož sem nový log z HJT.

Stahni si SREng
- rozbal na plochu a spust ho
- zvol "zvol Smart Scan", nech nastaveni tak jak je
- zvol "Verify the digital signature of process modules"
- klik na "Scan"
- klik na Save Reports, uloz log na plochu a cely obsah logu zkopirujt sem
- rozbal na plochu a spust ho
+
- Spusť ho a zvol možnost System Repair
- Na první záložce File Associations pokud bude zatrhnutý/vybraný některý čtvereček z výpisu, tak klikni dole na tlačítko Repair
Podívám se zítra..

[mike007]

Fórum mi nedovolilo vložit log z SReg, protože má moc znaků. Je tedy v příloze.

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:22, on 2.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
c:\apache\Apache.exe
c:\apache\Apache.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\system32\svchost.exe
c:\apache\APACHE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programy a hry\kontrola proti virům\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Startup: Zástupce - WATCHDOG.lnk = C:\my_system\WATCHDOG.xls
O4 - Startup: Zástupce - létání.lnk = ?
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - c:\apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE

--
End of file - 6603 bytes

[jaro3]

Najdi a smaž tuto složku:
C:\Program Files\Viewpoint

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Dial-a-fix
Klikni na kladívko-další možnosti:
SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).
Klikni na službu a potom na GO.

[mike007]

CCleaner a T-Cleaner proveden. Dial se v cca 10% zasekl a byl konec. Teď mi asi půl hodiny nešel spustit žádný EXE soubor. Nakonec se to po dvou tvrdých restartech zpamatovalo. Teď čekám až mi to vir zase všechno pozamyká. Až se tak stane, dám vědět. Zatím jedu OK.