Pomoc s LSASS.EXE

[ak47]

LSASS.EXE mi odebírá až 60 % výkonu.
Zatím žádná antivirová kontrola nepomohla.
Mohlo by se jednat o vir?
Posílám svůj Hijack log.
Děkuji.
----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:56:07, on 7.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Bětka\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy111.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {EBE50619-77A3-4AD2-9C9E-1B5FB611D1E4} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\ljjijhh.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/cz/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ljjijhh - C:\WINDOWS\SYSTEM32\ljjijhh.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Reklama]

[paul27]

Z těchto stránek použij SDFix (snad to Vundo zničí): http://www.paul27.ic.cz

Pak pošli log, kterej ti to vyhodí a novej HijackThis.

[ak47]

Děkuji, použil jsem SDFix a znovu Hijack. Logy posílám.
Problém ale stále nebyl vyřešen. Process LSASS.EXE běží dál a ubírá střídavě 10 až 60 % CPU. Některé procesy běží pořád 2x.
-----------------
SDFIx report:


SDFix: Version 1.124

Run by BŘtka on po 07.01.2008 at 12:13

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\B·TKA\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\antiv.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 12:20:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\System32\\dpnsvr.exe"="C:\\WINDOWS\\System32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"D:\\Hry\\Codemasters\\Race Driver\\RaceDriver.exe"="D:\\Hry\\Codemasters\\Race Driver\\RaceDriver.exe:*:Disabled:RaceDriver"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"="C:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE:*:Enabled:Kerio Personal Firewall 4 - GUI"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\BŘtka\\Local Settings\\Temp\\~os71.tmp\\ossproxy.exe"="C:\\Documents and Settings\\BŘtka\\Local Settings\\Temp\\~os71.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\Documents and Settings\\BŘtka\\Dokumenty\\Dowloaded\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\BŘtka\\Dokumenty\\Dowloaded\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\strong dc\\StrongDC.exe"="C:\\Program Files\\strong dc\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\DOCUME~1\\B·TKA\\LOCALS~1\\Temp\\win136.exe"="C:\\DOCUME~1\\B·TKA\\LOCALS~1\\Temp\\win136.exe:*:Enabled:win136"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 7 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4e5c31f54badc4ea2bc0cd5bddeb17e\BIT4E.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b95839b4d5e2c0bda9ff4803479a62ae\BIT14.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1101414bb9e83b62084019569c64e3bb\BIT15.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\BIT16.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e5d341b83923c9c441c2b3b14b0320d3\BIT17.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3\BIT18.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba698011e4f92f4f5a7de348c0eb7e8f\BIT19.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15b5453822a5dd8d6fd132a4c7c17977\BIT1A.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34448bd8142379149cb8cef0f5a0f690\BIT1B.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\14de9ff37c6b4e4eea2b0481a107ae59\BIT1C.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\612fb09751075bc84631a5f45a14242b\BIT1D.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\BIT1E.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00f85aac948bcf6d640626746edf60f9\BIT1F.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT20.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83fea40c19f48d8678633ac5af441e54\BIT21.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1eef3fc3cbdb5c2dd1f7c8aeca9057e4\BIT22.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a96455fa4f0c660d44502301c2c7fc41\BIT23.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e0a3a14ec0d4e4d61a1ad2b435c7de0\BIT24.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6cd2e40d19879f80e7bf6868618f255f\BIT25.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\852fa9cd37d04bc89e414a3fb2ef2f4b\BIT26.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bcc3f24dcc5ab7bb112aea41ce8f2c8b\BIT27.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0951061dbce750922010bdaa7abf1e49\BIT28.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\BIT11.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42ee6ff0bd464ce23260323989e41d58\BIT12.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be9cf81654629f0178f1fbd377160e05\BIT13.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\BIT14.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc78e55f61f4d31ee3f3e77dbba3a4e3\BIT15.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\11aafafbb87ec74d28458e82d4e698ae\BIT16.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc3db833e3f609b71eae88255a252a15\BIT17.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6ad53a8394e8bdfdfb4d7e9bbfc4a035\BIT18.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd6839713105adac18b8731e4e551f86\BIT19.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e70cae62aa04e88be1d0e3f4341552ae\BIT1A.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9abe4e4fdc20ef26387cd9e096392331\BIT1B.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d4d720d85b0fcfb9e1e299b282c6ec92\BIT1C.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f458bd461aec609d2fbb34f48bbbe4d2\BIT1D.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\343ee728fc29446bf7afc2cdaef1b332\BIT1E.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b8bbb6975447c7fcec803dbcdc61261\BIT1F.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88896ca0498e954bfa21602cc9c1d566\BIT20.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8f14336809d26202246a8947e41aa50\BIT21.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\642eca1c8980052e3055d14b91066db5\BIT22.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a710c4f8df8ca45d258f91026a568cb0\BIT23.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7a11776576065db16f0bb72c1ad6b25\BIT24.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b61aa71b9af024a32d0706989159aad\BIT25.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00727be00eb44eabbe301c318b80ba61\BIT26.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed476d6c3767ce82048580a8ee41dcf5\BIT27.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\11095a33c01fc6ca655fdaaa5fae14a0\BIT8E.tmp"
Fri 16 Sep 2005 344,064 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\isp3A.tmp\_Setup.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\msvcp71.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\msvcr71.dll"
Tue 22 Apr 2003 135,168 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Doźasně adres ý 1 pro avipreview_by_aj_026_alpha.zip\AVIPreview.exe"
Tue 25 Oct 2005 720,896 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\~setuptmp0\irsetup.exe"
Sun 16 Feb 2003 87,552 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Plus! Digital Media Edition Setup\Setup.exe"
Sat 9 Dec 2006 44,544 ...H. --- "C:\Documents and Settings\BŘtka\Data aplikacˇ\Microsoft\Word\~WRL0778.tmp"
Mon 2 Dec 2002 372,736 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\{5F8C9AE5-9A62-436A-B422-5787D7EBB329}\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\isrt.dll"
Mon 2 Dec 2002 290,816 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\{5F8C9AE5-9A62-436A-B422-5787D7EBB329}\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\_IsRes.dll"
Sun 17 Aug 2003 73,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Edisk\NED.exe"
Tue 20 Jul 2004 1,944,888 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\LUpdate\LUSETUP.EXE"
Fri 13 Aug 2004 73,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\SymLnch\SymLnch.exe"
Sun 15 Aug 2004 19,040 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\IWP\App\ALEUpdat.exe"
Sun 15 Aug 2004 87,136 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\IWP\App\FRERules.dll"
Sun 15 Aug 2004 46,176 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\IWP\App\ICFMgr.dll"
Wed 18 Aug 2004 46,208 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\IWP\App\NPFMntor.exe"
Sat 14 Aug 2004 62,584 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\ccCommon\ccCommon\ccProSub.dll"
Wed 4 Aug 2004 140,400 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\ccCommon\ccCommon\Dec2RAR.dll"
Sun 12 Feb 2006 60,516 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\tb_temp\xpcom.ns\bin\components\jar50.dll"
Sat 14 Aug 2004 95,352 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\ccIMScan.dll"
Sat 14 Aug 2004 62,584 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\ccIMScn.exe"
Mon 8 Dec 2003 62,584 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\N32call.dll"
Wed 18 Aug 2004 37,504 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\N32Exclu.dll"
Wed 18 Aug 2004 74,880 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\NAVAPSCR.dll"
Wed 18 Aug 2004 62,592 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\NAVError.dll"
Wed 18 Aug 2004 156,800 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\NAVEvent.dll"
Wed 18 Aug 2004 87,168 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\navprod.dll"
Wed 18 Aug 2004 35,968 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\Navwnt.exe"
Wed 18 Aug 2004 16,512 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\PtchInst.dll"
Wed 18 Aug 2004 185,472 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\ScanMgr.dll"
Sat 3 Aug 2002 5,696 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\TKNV16O.DLL"
Sat 3 Aug 2002 19,456 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\NAV\External\NORTON\APP\TKNV32O.DLL"
Wed 19 Mar 2003 89,088 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\atl71.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\mfc71.dll"
Wed 19 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\mfc71u.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\msvcp71.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\msvcr71.dll"
Tue 31 Jul 2001 24,576 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\msxml3a.dll"
Tue 31 Jul 2001 44,032 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\msxml3r.dll"
Wed 19 Mar 2003 106,496 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\MSRedist\MSRedist\System32\Ansi\atl71.dll"
Sat 14 Aug 2004 11,040 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\SymNet\SymNet\System32\Drivers\symdns.sys"
Sat 14 Aug 2004 46,208 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\SymNet\SymNet\System32\Drivers\symndis.sys"
Sat 14 Aug 2004 25,824 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\SymNet\SymNet\System32\Drivers\symredrv.sys"
Tue 29 Jun 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\basics.dll"
Tue 29 Jun 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\context.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\disable.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\emerg.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\faq.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\feat_sum.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_001.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_002.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_003.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_004.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_FAQ.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_Mode.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_PC.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\LU_Sub.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\monitor.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\NAV_001.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\options.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\Supt_CPD.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\symhelp.dll"
Wed 18 Aug 2004 9,728 A..H. --- "C:\Documents and Settings\BŘtka\Local Settings\Temp\Norton AntiVirus 2005\Support\Help\External\Common\SymShare\Help\unin.dll"

Finished!
------------------------------------------------------
Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:15, on 7.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield .exe
C:\Documents and Settings\Bětka\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy111.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AEB2E993-9FBF-4081-85E5-9C7151167AFD} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: MSEvents Object - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\ljjijhh.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/cz/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ljjijhh - C:\WINDOWS\SYSTEM32\ljjijhh.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[fredik]

SDFix ne, použij ComboFix:

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[ak47]

Děkuji moc, vypadá to že problém byl vyřešen.
Proces LSASS.EXE už neběží jako předtím a procesy taky už neběží 2x.
Měl bych použít firewall? Mám spuštěný Avast 4 home a Spyware terminator. Stačí to?
Posílám logy.
-----------------

COMBOFIX:

ComboFix 08-01-04.1 - Bětka 2008-01-07 12:38:02.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.120 [GMT 1:00]
Running from: C:\Documents and Settings\Bětka\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ISM
C:\Program Files\ISM\ISMData\themes\ICQ Původní.ist
C:\Program Files\ISM\ISMUninstall.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.exe
C:\WINDOWS\system32\ljjijhh.dll
C:\WINDOWS\system32\rk.bin

Kód: Vybrat vše

 <pre>
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
"C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe" moved to QooBox
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE" moved to QooBox
"C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE" moved to QooBox
"C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe" moved to QooBox
"C:\Program Files\Synaptics\SynTP\SynTPEnh .exe" replaces infected copy of "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr .exe" replaces infected copy of "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe" replaces infected copy of "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp .exe" replaces infected copy of "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
</pre>

.
.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 12:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 12:12 . 2008-01-07 12:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-07 10:33 . 2008-01-07 10:33 <DIR> d-------- C:\VundoFix Backups
2008-01-07 09:29 . 2008-01-07 09:29 <DIR> d-------- C:\Program Files\Foundstone
2008-01-06 23:19 . 2008-01-06 23:19 <DIR> d-------- C:\fsaua.data
2008-01-06 22:31 . 2008-01-06 22:31 <DIR> d-------- C:\Program Files\CCleaner
2008-01-06 12:21 . 2008-01-06 12:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 12:21 . 2008-01-06 12:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-06 12:21 . 2008-01-06 12:23 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 12:21 . 2008-01-06 12:23 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-06 12:08 . 2008-01-06 12:08 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-06 00:12 . 2008-01-06 00:12 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-06 00:02 . 2008-01-06 00:02 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-06 00:02 . 2008-01-06 00:02 <DIR> d-------- C:\Program Files\Crawler
2008-01-05 22:55 . 2008-01-05 22:55 <DIR> d-------- C:\!KillBox
2008-01-05 21:23 . 2008-01-05 21:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-05 16:00 . 2008-01-05 16:00 <DIR> d-------- C:\Program Files\Uniblue
2008-01-04 17:03 . 2008-01-04 17:03 29,312 --a------ C:\WINDOWS\RF024539
2008-01-04 17:03 . 2008-01-04 17:03 28,874 --a------ C:\WINDOWS\RT024543
2008-01-04 17:03 . 2008-01-04 17:03 20,397 --a------ C:\WINDOWS\RT024159
2008-01-04 17:03 . 2008-01-04 17:03 19,835 --a------ C:\WINDOWS\RF024154
2008-01-04 17:03 . 2008-01-04 17:03 998 --a------ C:\WINDOWS\RT024089
2008-01-04 17:03 . 2008-01-04 17:03 917 --a------ C:\WINDOWS\RF024084
2008-01-04 17:03 . 2008-01-04 17:03 704 --a------ C:\WINDOWS\RT025628
2008-01-04 17:03 . 2008-01-04 17:03 618 --a------ C:\WINDOWS\RF025623
2008-01-04 10:42 . 2008-01-04 17:03 710 --a------ C:\WINDOWS\WEBTRAN4.INI
2008-01-03 23:49 . 2008-01-03 23:49 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-03 23:49 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-03 23:48 . 2008-01-03 23:48 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-03 23:47 . 2008-01-03 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 23:28 . 2008-01-03 23:28 <DIR> d-------- C:\Program Files\TaskPatrol Personal
2008-01-03 01:05 . 2008-01-03 01:05 <DIR> d-------- C:\Program Files\Xvid CZ
2008-01-02 09:11 . 2008-01-04 13:18 245,760 --a------ C:\WINDOWS\system32\Check .exe
2008-01-02 09:11 . 2008-01-04 17:30 32,768 --a------ C:\WINDOWS\system32\keyhook .exe
2008-01-01 17:06 . 2008-01-01 17:06 <DIR> d-------- C:\Program Files\Crystal Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 12:18 245,760 ----a-w C:\WINDOWS\system32\Check .exe
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-01 15:54 0 ----a-w C:\Documents and Settings\Bětka\timeseal.exe
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2006-02-06 17:12 105 ----a-w C:\Program Files\GPRSpeed Plus Client setup.log
2005-09-17 14:14 4,440 ----a-w C:\Documents and Settings\Bětka\WRT_Settings.dat
.

Kód: Vybrat vše

<pre>
----a-w            32,768 2008-01-04 16:30:08  C:\WINDOWS\system32\keyhook .exe
----a-w           245,760 2008-01-04 12:18:24  C:\WINDOWS\system32\Check .exe
----a-w         1,885,464 2008-01-05 15:26:22  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster  .exe
----a-w           315,392 2008-01-04 16:50:14  C:\Program Files\Launch Manager\QtZgAcer .EXE
----a-w            98,304 2008-01-03 09:52:36  C:\Program Files\QuickTime\qttask     .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-07 12:22 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-07 12:22 688218]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-07 12:22 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-01-07 12:22 2834432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deluxe Tree]
C:\Documents and Settings\Bětka\Dokumenty\Dowloaded\Christmas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhfe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-01-04 14:17 1937408 --------- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"ICQ"=????
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"eRecoveryService"=C:\Windows\System32\Check.exe
"SoundMan"=SOUNDMAN.EXE
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-06 00:12]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 15:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 15:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 15:30]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 20:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 20:00]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 20:00]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-03 23:49]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 20:00]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 20:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b6bba42-a185-11dc-94c9-00c09fb4c89f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:37:26 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 12:49:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 12:50:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 11:50:42

----------------------------------------------------------------------------

HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 18:55:23, on 7.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Documents and Settings\Bětka\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy111.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/cz/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[fredik]

Stáhni si RenV (by sUBs)
- spusť ho a za chvíli se ti zobrazí log, zkopíruj sem prosím celý jeho obsah

[ak47]

Kód: Vybrat vše

Ran on st 09.01.2008 - 23:16:19,39

----a-w            32,768 2008-01-04 16:30:08  C:\WINDOWS\system32\keyhook .exe
----a-w           245,760 2008-01-04 12:18:24  C:\WINDOWS\system32\Check .exe
----a-w         1,885,464 2008-01-05 15:26:22  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster  .exe
----a-w           315,392 2008-01-04 16:50:14  C:\Program Files\Launch Manager\QtZgAcer .EXE
----a-w            98,304 2008-01-03 09:52:36  C:\Program Files\QuickTime\qttask     .exe

 Entries:                5  (5)
 Directories:            0  Files:             5
 Bytes:          2,577,688  Blocks:        5,035


[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Na stejném místě (ve stejném složce/adresáři) kde jsi spustil RenV se vytvořil soubor Log.txt
- uchop myší uvedený soubor (Log.txt ) a přemísti ho nad RenV.exe a když se oba soubory překryjí, log upusť

- Program se znovu spustí a po proběhnutí ti zobrazí opět log - zkopíruj ho prosím sem

[ak47]

Postup jsem provedl. Log zasílám. Čeho jsme tím docílili? Děkuji.

Kód: Vybrat vše

Ran on so 12.01.2008 - 21:31:46,04

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0


[fredik]

Co jsi tam měl ti modifikovalo některé programy co se spouští po stratu Win. Upravili jsem je do původní podoby.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Smaž adresář/složku kterou si vytvořil VundoFix & SDFix:
C:\VundoFix Backups
C:\SDFix

Také můžeš smazat použitý program:
RenV.exe a jeho log Log.txt které najdeš ve stejném umístění.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš tam starou verzi Javy tak proveď její update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.

Máš ještě nějaké problémy?

[ak47]

Vše jsem provedl podle návodu a nemám už žádné další problémy.

Děkuji moc za pomoc, skvělá práce!

[fredik]

Nemáš za co

Kdyby se vyskytl nějaký problém tak dej vědět.