Nejdou otevřít žádné složky na ploše

[v.hospodka]

Při pokusu o otevření jakékoliv složky (včetně Koš a Tento počítač) na ploše dojde ke zmizení ikon a nabídky Start (zbyte pouze tapeta) a poté (cca 3 vteřiny) se vše znovu objeví, ale složka se neotevře. Občas se take objeví hlášení CYHBA ACTIVE DESKTOP - ale to jen někdy. Nejde mi ani otevřít Průzkumník, a dokonce ani IE. Pdf, word, excel aj. soubory z plochy otevřít jdou. V nouzovém režimu vše funguje normálně, ale v jiném profilu (jiný uživatel) je chyba stále. Díky za radu.

[Reklama]

[Baron Prášil]

nikdo nic...tak já
co kdyby jsme se zkusily odpíchnout logem z HJT

HijackThis stahneš tady-
http://www.bleepingcomputer.com/files/M ... ckThis.zip
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.

[v.hospodka]

Dík, zítra to tu bude.....

[v.hospodka]

Tak jsem to provedl a zde je výsledek....pro jistotu jsem ještě přidal obsah truhly - používám Avast! - je možné, že jsem tam přesunul něco, co mělo zůstat na svém místě....i když vše dle doporučení programu - každou chvíli se mi na PC objeví nějaký adware či spyware, tak z toho mám docela chaos...

Logfile of HijackThis v1.99.1
Scan saved at 21:23:47, on 5.6.2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\petra\Plocha\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Computer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [melg3445] C:\4.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINNT\System32\duumiiwl.dll",realset
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKCU\..\Run: [melg3445] C:\4.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57D0DBD-0293-43B4-88FA-23E14436A533}: NameServer = 213.250.218.130,213.250.192.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

[Baron Prášil]

nutně potřebuješ firewall
http://viry.cz/forum/viewtopic.php?t=65 ... b226c523ee
nainstaluj hned,doporučim Comodo

potom fixni
O4 - HKLM\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\Run: [melg3445] C:\4.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINNT\System32\duumiiwl.dll",realset
O4 - HKLM\..\RunServices: [Symantec Antivirus professional] flushdns.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] flushdns.exe
O4 - HKCU\..\Run: [melg3445] C:\4.exe


potom pošli novej log z HJT,ale HijackThis.exe přejmenuj na hájdžek.exe

[v.hospodka]

Dík, s tím nainstalováním je to trochu na dlouhý lokte...do zítřka to bude....jen bych trošku potřeboval objasnit skutkovou podstatu slova "fixni" - co přesně provést,....a to přejmenovaní je k čemu???

[fredik]

Fixnout znamená:
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky které ti napsal Baron Prášil a po zaškrtnutí klikni na tlačítko Fix Checked

Máš/měl si tam infiltraci od Conhook tedy Virtumonde, který dokáže skrýt položky O2 a O20 před HJT, proto to přejmenování.

Použij Vundo Fix

Pak přejmenuj teprve soubor HJT a vlož sem z něho log + vlož sem log z Vundofix, který najdeš na C:\VundoFix.txt

[v.hospodka]

Tak jsem to provedl a zde jsou výsledky (problém zatím stále přetrvává):

Logfile of HijackThis v1.99.1
Scan saved at 21:26:21, on 6.6.2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\petra\Plocha\HijackThis\hájdžek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Computer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1991A514-9B97-497F-98A7-8554CBBDCCFA} - C:\WINNT\System32\pmnnm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AAB253F-75D2-44DE-9829-5366F02D78Ca} - C:\WINNT\System32\lslsvpqi.dll (file missing)
O2 - BHO: (no name) - {A70269C0-903B-4F3B-A191-4987714522E3} - C:\WINNT\System32\kcrthsqd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [j1271138] rundll32 C:\WINNT\System32\j1271138.dll sook
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\petra\Plocha\vundofix.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57D0DBD-0293-43B4-88FA-23E14436A533}: NameServer = 213.250.218.130,213.250.192.1
O20 - Winlogon Notify: pmnnm - C:\WINNT\System32\pmnnm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

.............a vundo:

VundoFix V6.4.2

Checking Java version...

Sun Java not detected
Scan started at 20:42:40 6.6.2007

Listing files found while scanning....

C:\WINNT\System32\aagtumjo.dll
C:\WINNT\system32\anfpvfbo.ini
C:\WINNT\System32\bowuluvs.dll
C:\WINNT\system32\cbxuvvs.dll
C:\WINNT\system32\duumiiwl.dll
C:\WINNT\system32\klunnwcy.ini
C:\WINNT\system32\lwiimuud.ini
C:\WINNT\system32\mnnmp.bak1
C:\WINNT\system32\mnnmp.bak2
C:\WINNT\system32\mnnmp.ini
C:\WINNT\system32\mnnmp.ini2
C:\WINNT\system32\mnnmp.tmp
C:\WINNT\system32\obfvpfna.dll
C:\WINNT\System32\pmnnm.dll
C:\WINNT\system32\pyyxhlrv.ini
C:\WINNT\system32\rdnsvunr.dll
C:\WINNT\System32\tbvtsopr.dll
C:\WINNT\system32\vqptqpur.dll
C:\WINNT\system32\vrlhxyyp.dll
C:\WINNT\system32\ycwnnulk.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\WINNT\system32\anfpvfbo.ini
C:\WINNT\system32\anfpvfbo.ini Has been deleted!

Attempting to delete C:\WINNT\system32\duumiiwl.dll
C:\WINNT\system32\duumiiwl.dll Has been deleted!

Attempting to delete C:\WINNT\system32\klunnwcy.ini
C:\WINNT\system32\klunnwcy.ini Has been deleted!

Attempting to delete C:\WINNT\system32\lwiimuud.ini
C:\WINNT\system32\lwiimuud.ini Has been deleted!

Attempting to delete C:\WINNT\system32\mnnmp.bak1
C:\WINNT\system32\mnnmp.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\mnnmp.bak2
C:\WINNT\system32\mnnmp.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\mnnmp.ini
C:\WINNT\system32\mnnmp.ini Has been deleted!

Attempting to delete C:\WINNT\system32\mnnmp.ini2
C:\WINNT\system32\mnnmp.ini2 Has been deleted!

Attempting to delete C:\WINNT\system32\mnnmp.tmp
C:\WINNT\system32\mnnmp.tmp Has been deleted!

Attempting to delete C:\WINNT\system32\obfvpfna.dll
C:\WINNT\system32\obfvpfna.dll Has been deleted!

Attempting to delete C:\WINNT\System32\pmnnm.dll
C:\WINNT\System32\pmnnm.dll Could not be deleted.

Attempting to delete C:\WINNT\system32\pyyxhlrv.ini
C:\WINNT\system32\pyyxhlrv.ini Has been deleted!

Attempting to delete C:\WINNT\system32\rdnsvunr.dll
C:\WINNT\system32\rdnsvunr.dll Has been deleted!

Attempting to delete C:\WINNT\system32\vqptqpur.dll
C:\WINNT\system32\vqptqpur.dll Has been deleted!

Attempting to delete C:\WINNT\system32\vrlhxyyp.dll
C:\WINNT\system32\vrlhxyyp.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ycwnnulk.dll
C:\WINNT\system32\ycwnnulk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Sun Java not detected
Scan started at 21:08:33 6.6.2007

Listing files found while scanning....

C:\WINNT\system32\mnnmp.ini
C:\WINNT\System32\mnnmp.ini2
C:\WINNT\System32\pmnnm.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\mnnmp.ini
C:\WINNT\system32\mnnmp.ini Has been deleted!

Attempting to delete C:\WINNT\System32\mnnmp.ini2
C:\WINNT\System32\mnnmp.ini2 Has been deleted!

Attempting to delete C:\WINNT\System32\pmnnm.dll
C:\WINNT\System32\pmnnm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINNT\system32\mnnmp.ini
C:\WINNT\system32\mnnmp.ini Has been deleted!

Attempting to delete C:\WINNT\System32\pmnnm.dll
C:\WINNT\System32\pmnnm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

[Baron Prášil]

fixni
O2 - BHO: (no name) - {1991A514-9B97-497F-98A7-8554CBBDCCFA} - C:\WINNT\System32\pmnnm.dll
O2 - BHO: (no name) - {6AAB253F-75D2-44DE-9829-5366F02D78Ca} - C:\WINNT\System32\lslsvpqi.dll (file missing)
O2 - BHO: (no name) - {A70269C0-903B-4F3B-A191-4987714522E3} - C:\WINNT\System32\kcrthsqd.dll
O4 - HKLM\..\Run: [j1271138] rundll32 C:\WINNT\System32\j1271138.dll sook
O20 - Winlogon Notify: pmnnm - C:\WINNT\System32\pmnnm.dll

použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484

a tento skript

Files to delete:
C:\WINNT\System32\pmnnm.dll
C:\WINNT\System32\kcrthsqd.dll
C:\WINNT\System32\j1271138.dll

po restartu pošli ještě log

[v.hospodka]

Tak už to funguje, tak jak má, i počítač je tak nějak rychlejší (kupodivu). Jen se mi vždy po startu zobrazí ovládací panel k Audiodeck..... Každopádně moc díky za dobré rady a ještě ten log z HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:13:44, on 7.6.2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Documents and Settings\petra\Plocha\HijackThis\hájdžek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Computer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8D7E4555-1237-4DEA-BF40-1977FCA588E1} - C:\WINNT\System32\awtroom.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [melg3445] C:\4.exe
O4 - HKLM\..\Run: [lfckpmyh] C:\cqkcdpid.bat
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57D0DBD-0293-43B4-88FA-23E14436A533}: NameServer = 213.250.218.130,213.250.192.1
O20 - Winlogon Notify: awtroom - C:\WINNT\SYSTEM32\awtroom.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

[Baron Prášil]

dobrý to neni.a je to moje chyba

toto sem přehlíd
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
toto je třeba zastavit a zakázat ve službách
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
zastav službu a typ spuštění na zakázáno

potom fix
O4 - HKLM\..\Run: [melg3445] C:\4.exe
O4 - HKLM\..\Run: [lfckpmyh] C:\cqkcdpid.bat
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

potom použij znova Vundofix

a pošli opět oba logy

[v.hospodka]

Tak už to pracuje zase o něco lépe a zde jsou logy:

VundoFix V6.4.2

Checking Java version...

Sun Java not detected
Scan started at 22:35:00 8.6.2007

Listing files found while scanning....

No infected files were found.

Logfile of HijackThis v1.99.1
Scan saved at 8:36:49, on 10.6.2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\petra\Plocha\HijackThis\hájdžek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: Computer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48967055-9F47-4C88-AC52-1A22EE401115} - C:\WINNT\System32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8D7E4555-1237-4DEA-BF40-1977FCA588E1} - C:\WINNT\System32\awtroom.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINNT\System32\jrtfwkad.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINNT\System32\wuxrhanq.dll",realset
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [melg3445] C:\4.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57D0DBD-0293-43B4-88FA-23E14436A533}: NameServer = 213.250.218.130,213.250.192.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe