Prosím o kontrolu

[Skogen]

Ahoj,od včera mi nod hlásí vir,nejde smazat ani léčit.Už jsem zkusil i vundo fix a virtumundo begone ale pořád mi tu zůstává.Neví někdo co s tím? Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:17, on 10.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {01A51E25-3065-4517-96D4-14BECF7B94ED} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {54A16605-ED55-4530-B17E-CF7412887264} - C:\WINDOWS\system32\hgGxYPGX.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7587251930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7588149419
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CD08C16-416C-4BC3-9549-189D55B3B513}: NameServer = 212.71.133.6,212.71.128.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FE573D-7723-4BC2-ADC9-DC2624F080C6}: NameServer = 212.71.133.6,212.71.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CD08C16-416C-4BC3-9549-189D55B3B513}: NameServer = 212.71.133.6,212.71.128.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 7437 bytes

//přesunuto

//mmm

[Reklama]

[Baron Prášil]

vítám na fóru PC-HELP

začneme odinstalací Spyware Terminatora - mlátí se s ESS a vypínaní jeho štítu nevěřim.

potom spust opět hijackthis a fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: (no name) - {54A16605-ED55-4530-B17E-CF7412887264} - C:\WINDOWS\system32\hgGxYPGX.dll

stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\hgGxYPGX.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu. po restartu pošli novej log z hijackthis

[Skogen]

Díky za radu,vše jsem udělal ale bohužel je to tu pořád

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:55, on 10.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {01A51E25-3065-4517-96D4-14BECF7B94ED} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {3D875842-1B76-48EB-B178-5C7F33CC8D67} - C:\WINDOWS\system32\hgGxYPGX.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7587251930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7588149419
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CD08C16-416C-4BC3-9549-189D55B3B513}: NameServer = 212.71.133.6,212.71.128.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FE573D-7723-4BC2-ADC9-DC2624F080C6}: NameServer = 212.71.133.6,212.71.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CD08C16-416C-4BC3-9549-189D55B3B513}: NameServer = 212.71.133.6,212.71.128.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 7161 bytes

[Baron Prášil]

přiznám se že jsem to trochu čekal,ale lepší zkusit nejprve méně invazivní léčbu před combofixem.

takže Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ideálně když se odpojíš od netu a sken combofixem uděláš s vypnutými štíty ess
bude stačit odpojit net ve firewallu ESS

[Skogen]

Tak jsem všechno provedl.Nod zatím nic nehlásí, tak to už snad bude ok.Tady přikládám log. Díky za pomoc

ComboFix 08-04-09.9 - Jirka 2008-04-10 22:05:19.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.176 [GMT 2:00]
Running from: C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM83c3eaac.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\plksudcs.ini
C:\WINDOWS\system32\XGPYxGgh.ini
C:\WINDOWS\system32\XGPYxGgh.ini2
C:\WINDOWS\system32\yayVLETl.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 22:27 . 2008-04-07 17:28 <DIR> d--h----- C:\Documents and Settings\Administrator.MUJKOMP\ćablony
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.MUJKOMP\Plocha
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> d--h----- C:\Documents and Settings\Administrator.MUJKOMP\Okolnˇ tisk rny
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> d--h----- C:\Documents and Settings\Administrator.MUJKOMP\Okolnˇ sˇś
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.MUJKOMP\Oblˇben‚ polo§ky
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> dr------- C:\Documents and Settings\Administrator.MUJKOMP\Nabˇdka Start
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> d-------- C:\Documents and Settings\Administrator.MUJKOMP\Dokumenty
2008-04-09 22:27 . 2008-04-07 19:20 <DIR> dr-h----- C:\Documents and Settings\Administrator.MUJKOMP\Data aplikacˇ
2008-04-09 22:13 . 2008-04-09 22:14 <DIR> d-------- C:\Program Files\Crawler
2008-04-09 21:54 . 2008-04-09 21:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 19:19 . 2008-04-07 21:29 211 --a------ C:\boot.ini.comodofirewall
2008-04-09 19:18 . 2008-04-09 19:18 <DIR> d-------- C:\Program Files\Comodo
2008-04-09 18:44 . 2008-04-09 18:44 <DIR> d-------- C:\VundoFix Backups
2008-04-09 06:25 . 2008-04-09 06:35 <DIR> d-------- C:\Program Files\ArchiCAD 8.1
2008-04-09 06:25 . 2008-04-09 06:25 <DIR> d-------- C:\Documents and Settings\Jirka\Graphisoft
2008-04-09 06:23 . 2002-02-18 10:23 945,936 --a------ C:\WINDOWS\system32\msjava.dll
2008-04-09 06:21 . 2008-04-09 06:21 <DIR> d-------- C:\Program Files\WIBUKEY
2008-04-09 06:21 . 2008-04-09 06:21 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-04-09 06:21 . 2003-02-14 03:31 765,952 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-04-09 06:21 . 2003-02-14 03:31 135,168 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-04-09 06:21 . 2003-02-14 03:31 67,584 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2008-04-09 06:21 . 2000-10-18 03:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-04-09 06:21 . 2002-09-25 03:30 17,408 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-04-09 06:04 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-08 22:01 . 2008-04-08 22:04 <DIR> d-------- C:\Program Files\CyberLink
2008-04-08 22:01 . 2008-04-08 22:01 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-08 20:56 . 2008-04-08 20:56 <DIR> d-------- C:\Program Files\LucasArts
2008-04-08 06:40 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-08 06:23 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-08 06:02 . 2008-04-08 06:02 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-08 06:01 . 2008-04-08 06:01 <DIR> d-------- C:\Program Files\MSBuild
2008-04-08 05:53 . 2008-04-08 05:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-07 23:08 . 2008-04-08 05:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-07 23:06 . 2008-04-07 23:06 <DIR> dr-h----- C:\MSOCache
2008-04-07 23:04 . 2008-04-07 23:04 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-07 23:04 . 2008-04-07 23:03 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-07 22:54 . 2008-04-10 21:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-07 22:43 . 2008-04-10 20:46 <DIR> dr-h----- C:\Documents and Settings\Jirka\Data aplikacˇ
2008-04-07 22:43 . 2008-04-10 20:46 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2008-04-07 22:42 . 2008-04-07 22:42 <DIR> d-------- C:\Program Files\Webteh
2008-04-07 22:41 . 2008-04-07 23:33 <DIR> d-------- C:\Program Files\Mv2Player
2008-04-07 22:29 . 2008-04-07 22:29 <DIR> d-------- C:\Program Files\Nero
2008-04-07 22:29 . 2008-04-07 22:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-07 22:12 . 2008-04-07 22:12 40,448 --a------ C:\WINDOWS\system32\fccdedEu.dll.vir
2008-04-07 22:08 . 2004-08-17 15:49 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-04-07 22:08 . 2004-08-17 15:49 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-07 22:08 . 2004-08-17 15:49 26,624 --a------ C:\WINDOWS\system32\irmon.dll
2008-04-07 22:08 . 2004-08-17 15:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-04-07 22:08 . 2004-08-17 15:49 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-04-07 22:08 . 2004-08-17 15:49 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-07 22:07 . 2008-04-07 22:07 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2008-04-07 21:51 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-07 21:51 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-07 21:50 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-07 21:50 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-07 21:50 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-07 21:50 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-07 21:50 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-07 21:50 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-07 21:50 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-07 21:50 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-07 21:50 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-07 21:49 . 2008-04-07 21:49 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-07 21:49 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-07 21:49 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-07 21:49 . 2007-04-25 16:20 4,030,144 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-07 21:49 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-04-07 21:49 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-04-07 21:49 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-04-07 21:49 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-07 21:49 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-07 21:36 . 2008-04-07 21:36 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-07 21:29 . 2008-04-07 22:28 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-07 21:29 . 2004-08-17 15:49 239,616 --a------ C:\WINDOWS\system32\wstrenderer.ax
2008-04-07 21:29 . 2004-08-17 15:49 164,352 --a------ C:\WINDOWS\system32\wstpager.ax
2008-04-07 21:29 . 2004-08-17 15:48 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-04-07 21:29 . 2004-08-17 15:49 53,248 --a------ C:\WINDOWS\system32\vbicodec.ax
2008-04-07 21:29 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-04-07 21:29 . 2004-08-17 15:49 32,768 --a------ C:\WINDOWS\system32\asr_pfu.exe
2008-04-07 21:29 . 2004-08-03 22:59 12,800 --a------ C:\WINDOWS\system32\spiisupd.exe
2008-04-07 21:29 . 2004-08-03 22:59 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2008-04-07 21:26 . 2008-04-07 21:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-07 21:20 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002457_.tmp
2008-04-07 21:20 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-07 21:17 . 2008-04-07 21:29 <DIR> d-------- C:\WINDOWS\EHome
2008-04-07 18:57 . 2008-04-07 18:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-07 18:57 . 2004-08-17 15:49 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-07 18:57 . 2004-08-17 15:49 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-07 18:57 . 2004-08-17 15:49 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-07 18:57 . 2004-08-17 15:49 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-07 18:55 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-07 18:55 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-07 18:55 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-07 18:55 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-07 18:55 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-07 18:55 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-07 18:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-07 18:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-07 18:55 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-07 18:54 . 2008-04-07 18:54 <DIR> d---s---- C:\Documents and Settings\Jirka\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 04:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 19:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 17:18 --------- d-----w C:\Program Files\ESET
2008-04-07 15:51 --------- d-----w C:\Program Files\KYE
2008-04-07 15:47 --------- d-----w C:\Program Files\WZCBDL Service
2008-04-07 15:47 --------- d-----w C:\Program Files\NIOC Service
2008-04-07 15:47 --------- d-----w C:\Program Files\D-Link
2008-04-07 15:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 15:41 --------- d-----w C:\Program Files\ATI Technologies
2008-04-07 15:32 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D875842-1B76-48EB-B178-5C7F33CC8D67}]
C:\WINDOWS\system32\hgGxYPGX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:49 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 21:05 339968]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-30 00:36 32768]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168]
"CHotkey"="mHotkey.exe" [2002-07-05 16:37 491008 C:\WINDOWS\mHotkey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 16:28 196608]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20 91432]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06 62760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\Jirka\\Plocha\\utorrent.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]
R2 NIOC;NIOC Service;C:\WINDOWS\System32\NIOC.SYS [2002-09-27 18:21]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 12:45]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
Start Pending2 WZCBDLService;WZCBDL Service;C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 12:15]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:10:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-04-10 22:11:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 20:11:30
Adresářů: 7, Volných bajtů: 141,698,179,072
Adres ý…: 10, Volněch bajt…: 141,663,453,184
.
2008-04-07 20:40:20 --- E O F ---

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\hgGxYPGX.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D875842-1B76-48EB-B178-5C7F33CC8D67}]

log z combofixu už neposílej,jestli se komp bude chovat jak má.

pro zajímavost nech na virustotal http://www.virustotal.com/flash/index_en.html
zkontrolovat toto C:\WINDOWS\Alcrmv.exe
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

pošli případne jen nálezy renomovaných antivirů - avast,nod,kaspersky,symantec

[Skogen]

Tak všechno je ok.Na virustotal žádný antivir taky nic nenašel.Ještě jednou ti děkuju za pomoc, nerad bych znovu instaloval Windows:)

[memphisto]

je doplním.ten Alcrmv.exe je proces od Realtek AC'97 Removing Tool