pls o kontrolu logu

[Smisek]

Logfile of HijackThis v1.99.1
Scan saved at 21:43:33, on 4.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Programy\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Programy\Eset\nod32kui.exe
C:\WINDOWS\vsnp2std.exe
D:\Programy\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\MSN Messenger\MsnMsgr.Exe
D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programy\HP\Digital Imaging\bin\hpqgalry.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\WinRAR\WinRAR.exe
C:\DOCUME~1\jijik\LOCALS~1\Temp\Rar$EX01.719\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08EEC77A-D0BA-4C78-89CA-8609FF455AA3} - C:\WINDOWS\system32\urqoppm.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - D:\Programy\Video ActiveX Object\isadd.dll (file missing)
O2 - BHO: (no name) - {73A16907-0706-40BB-83CA-2293E458DF6F} - C:\WINDOWS\system32\vtsqq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yterljwx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programy\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\vuufnnba.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programy\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = D:\Programy\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - D:\Programy\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - D:\Programy\Britanik\britanik.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B8BCE2-9244-4BCF-A092-1AFF9271999D}: NameServer = 213.183.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB7A2914-98F6-437C-B106-57866B0FB38D}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2706B69-F1A4-4DFC-A2A0-A254288C5F2B}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programy\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programy\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqoppm - C:\WINDOWS\SYSTEM32\urqoppm.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programy\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Programy\PC Connectivity Solution\ServiceLayer.exe

[Reklama]

[fredik]

Použij Vundo Fix podle návodu: Vundo, Virtumonde
a dej sem z něho log + udělej nový log z HJT ale přejmenuj soubor hijackthis.exe na třeba test.exe a z něho teprve vygeneruj log který sem dáš.

Zatím fixni v HJT toto:
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - D:\Programy\Video ActiveX Object\isadd.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\vuufnnba.dll",realset
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked

[Smisek]

Logfile of HijackThis v1.99.1
Scan saved at 22:30:31, on 4.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Programy\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
D:\Programy\Eset\nod32kui.exe
C:\WINDOWS\vsnp2std.exe
D:\Programy\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Programy\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
D:\Programy\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\jijik\Plocha\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programy\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programy\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programy\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = D:\Programy\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - D:\Programy\Britanik\britanik.dll
O9 - Extra 'Tools' menuitem: Britanik - {479BEE90-08C0-44fa-AE28-06BA96963B5B} - D:\Programy\Britanik\britanik.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B8BCE2-9244-4BCF-A092-1AFF9271999D}: NameServer = 213.183.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB7A2914-98F6-437C-B106-57866B0FB38D}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2706B69-F1A4-4DFC-A2A0-A254288C5F2B}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{146C18D5-7D61-4530-BDD8-1F20608AB895}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programy\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Programy\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programy\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Programy\PC Connectivity Solution\ServiceLayer.exe

[fredik]

Ještě fixni v HJT toto:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Můžeš z prevence projet Pc tímto:
Stáhni si Mwav. Proveď update a spusť prohlídku přes tlačítko Scan & Clean (nesmíš mít zatrhnutou volbu Scan Only). Pokud ještě něco najde tak to sám odstraní. Po skončení prohlídky bude chtít možná restart tak ho povol.