kontrola logu

[nuggy]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:03, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS\Data aplikac\second regs grim software\warn logo trans.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\mmygyhro.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [LowRateVoip] "D:\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [New Two] C:\DOCUME~1\MAREK-~1.OND\LIMEWI~1\DATAAP~1\BITSRE~1\Platform dead.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} (ICQDevilImg Control) - http://xtraz.icq.com/xtraz/products/pho ... vilImg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6357 bytes

[Reklama]

[fredik]

Je tam toho krapet víc takže to bude v několika fázích.

Postupuj podle tohoto návodu a udělej a vlož sem log z Lopfind.

Pak použij Vundofix a vlož sem z něho log.

Přejmenuj pak soubor HijackThis.exe třeba na fluffybunny.exe a udělej z něho nový log a ten sem vlož.

Otestuj tento soubor na VirusTotall a vlož sem výsledek.
C:\WINDOWS\system32\d3dxim.dll => bude to taky potvora

[nuggy]

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A2E57F3191BAFBD9.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\marek-~1.ond\limewi~1\dataap~1\bitsre~1\onlinemoveplan.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Marek-ondra'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/29/2007 11:00:00
NextRun: 07/29/2007 13:00:00
StartError: S_OK
ExitCode: 0x40010004
Status: SCHED_S_TASK_RUNNING
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/13/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[nuggy]

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.7.28.0 2007.07.27 Win-Trojan/Xema.variant
AntiVir 7.4.0.50 2007.07.28 TR/Dldr.Delf.aeo.45
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.29 Win32:Delf-DOM
AVG 7.5.0.476 2007.07.28 Downloader.Generic4.ZFX
BitDefender 7.2 2007.07.29 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.29 Trojan.Delf-1156
DrWeb 4.33 2007.07.29 Trojan.Ads
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.29 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.29 W32/Delf.AEO!tr.dldr
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 Trojan-Downloader.Win32.Delf.aeo
Ikarus T3.1.1.8 2007.07.29 Trojan-Downloader.Win32.Delf.AEO
Kaspersky 4.0.2.24 2007.07.29 Trojan-Downloader.Win32.Delf.aeo
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.29 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 W32/Delf.AKFP
Panda 9.0.0.4 2007.07.28 Suspicious file
Rising 19.33.62.00 2007.07.29 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 Trojan-Downloader.Win32.Delf.aeo
Symantec 10 2007.07.29 Trojan Horse
TheHacker 6.1.7.156 2007.07.29 Trojan/Downloader.Delf.aeo
VBA32 3.12.2.1 2007.07.29 Trojan-Downloader.Win32.Delf.aeo
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.29 Trojan.Dldr.Delf.aeo.45
Rozšiřující informace
File size: 70656 bytes
MD5: 32f366e4371a56ea28057041bb5dbff1
SHA1: 85f0a229a8958acbe67a74cb95a18969f51060ae
packers: UPX
packers: UPX
packers: UPX
packers: UPX

[fredik]

Stáhni si Killbox
do volného řádku zkopíruj tento tučně označený text:
C:\WINDOWS\system32\d3dxim.dll

a zaškrtni Delete on Reboot a Unregister .dll Before Deleting
pak stiskni bílý křížek v červeném kolečku. PC bude chtít restart tak to povol.

Ten log z Lopfind není celý, spusť ho znovu, dej ho sem a použij již zmíněný Vundofix + log z něho, který po použití najdeš zde (C:\VundoFix.txt) a přejmenuj HJT a dej sem z něho nový log.

[nuggy]

ten program killbox mi nejde spustit hned se mi to vypíná............

[fredik]

Když ti nejde Killbox tak použij avenger.

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\WINDOWS\system32\d3dxim.dll

Poté klikni na Done.
Pak klikni na ikonku semaforu.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

Kdyby nešel některý z kroků tak ho vynechej a pokračuj dalším. Proveď pak ostatní příslušné kroky a dej sem příslušné logy.

[nuggy]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojegfwjg

*******************

Script file located at: epdrkkgb

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

[nuggy]

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 12:42:31 29.7.2007

Listing files found while scanning....

C:\windows\system32\abwnhlrg.exe
C:\WINDOWS\system32\awtuusr.dll
C:\windows\system32\coavfcnd.dll
C:\windows\system32\gtlbaxdl.dll
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.tmp
C:\WINDOWS\system32\mljjj.dll
C:\windows\system32\ojvnxraq.dll
C:\windows\system32\pyikxurl.dll
C:\windows\system32\qtanalyw.dll
C:\windows\system32\qwkxkyig.dll
C:\windows\system32\rrewapka.dll
C:\windows\system32\rtltxkpn.dll
C:\WINDOWS\system32\rvoehrvn.dll
C:\windows\system32\rxxwdjni.dll
C:\windows\system32\twdsfmnw.dll
C:\windows\system32\xtuqqlcr.dll
C:\windows\system32\ykbryhrt.dll

Beginning removal...

Attempting to delete C:\windows\system32\abwnhlrg.exe
C:\windows\system32\abwnhlrg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuusr.dll
C:\WINDOWS\system32\awtuusr.dll Could not be deleted.

Attempting to delete C:\windows\system32\coavfcnd.dll
C:\windows\system32\coavfcnd.dll Has been deleted!

Attempting to delete C:\windows\system32\gtlbaxdl.dll
C:\windows\system32\gtlbaxdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.tmp
C:\WINDOWS\system32\jjjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\windows\system32\ojvnxraq.dll
C:\windows\system32\ojvnxraq.dll Has been deleted!

Attempting to delete C:\windows\system32\pyikxurl.dll
C:\windows\system32\pyikxurl.dll Has been deleted!

Attempting to delete C:\windows\system32\qtanalyw.dll
C:\windows\system32\qtanalyw.dll Has been deleted!

Attempting to delete C:\windows\system32\qwkxkyig.dll
C:\windows\system32\qwkxkyig.dll Has been deleted!

Attempting to delete C:\windows\system32\rrewapka.dll
C:\windows\system32\rrewapka.dll Has been deleted!

Attempting to delete C:\windows\system32\rtltxkpn.dll
C:\windows\system32\rtltxkpn.dll Has been deleted!

Attempting to delete C:\windows\system32\rxxwdjni.dll
C:\windows\system32\rxxwdjni.dll Has been deleted!

Attempting to delete C:\windows\system32\twdsfmnw.dll
C:\windows\system32\twdsfmnw.dll Has been deleted!

Attempting to delete C:\windows\system32\xtuqqlcr.dll
C:\windows\system32\xtuqqlcr.dll Has been deleted!

Attempting to delete C:\windows\system32\ykbryhrt.dll
C:\windows\system32\ykbryhrt.dll Has been deleted!

Performing Repairs to the registry.
Done!

[nuggy]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:03, on 29.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS\Data aplikac\second regs grim software\warn logo trans.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\mmygyhro.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [LowRateVoip] "D:\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [New Two] C:\DOCUME~1\MAREK-~1.OND\LIMEWI~1\DATAAP~1\BITSRE~1\Platform dead.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} (ICQDevilImg Control) - http://xtraz.icq.com/xtraz/products/pho ... vilImg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: za - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6357 bytes

[fredik]

Ještě by se hodil log z Lopfind.
Zkus znovu použít ten Avenger.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[nuggy]

ComboFix 07-08-02.3 - "Marek-ondra" 2007-08-02 18:59:04.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.True
* Created a new restore point