Kontrola logu

[LukasZPasek]

pri nejmensim mam zavirovany pc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48, on 2008-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 91.121.146.46 l2authd.lineage2.com
O1 - Hosts: 91.121.146.46 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_7p.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5423 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[LukasZPasek]

tady ho mas a dik za pomoc

ComboFix 08-06-19.1 - user 2008-06-19 23:22:23.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.279 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Codemasters\RF Online;\Item\Shield\Mesh\Desktop_.ini
C:\Program Files\Codemasters\RF Online;\Item\Shield\Tex\Desktop_.ini

----- BITS: Possible infected sites -----

hxxp://reddii.org
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTSVC
-------\Legacy_FCI
-------\Legacy_MSDIRECTX
-------\Legacy_TCPSR
-------\Service_CcEvtSvc
-------\Service_FCI
-------\Service_tcpsr
-------\Legacy_ServerTime
-------\Service_ServerTime


((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 23:18 . 2008-06-19 23:18 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-19 22:53 . 2008-06-19 22:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-19 22:52 . 2008-06-19 22:53 <DIR> d-------- C:\Program Files\CCleaner
2008-06-19 22:40 . 2008-06-19 22:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 22:25 . 2008-06-19 22:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-19 22:24 . 2008-06-19 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 19:09 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-19 19:09 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-15 18:32 . 2008-06-15 18:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 10:26 . 2008-06-15 10:26 <DIR> d-------- C:\Program Files\GOA
2008-06-15 08:08 . 2008-06-15 08:08 <DIR> d-------- C:\Soldat
2008-06-15 07:35 . 2008-06-15 07:50 <DIR> d-------- C:\Program Files\Bitter Vengeance
2008-06-14 13:59 . 2008-06-19 21:22 <DIR> d-------- C:\Program Files\Lineage II
2008-05-31 06:58 . 2008-05-31 06:58 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-31 06:58 . 2003-07-18 14:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-31 06:58 . 2005-01-02 05:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-30 17:58 . 2008-05-30 17:59 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-23 16:52 . 2008-05-23 16:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-22 13:56 . 2008-05-22 14:51 <DIR> d-------- C:\Program Files\RF Online;
2008-05-22 00:30 . 2008-05-22 00:30 45 ---h----- C:\WINDOWS\dsez3402.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 16:26 --------- d-----w C:\Program Files\Cheat Engine
2008-05-08 12:59 --------- d-----w C:\Program Files\Codemasters
2008-05-03 13:18 --------- d-----w C:\Program Files\Warcraft III
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 23:32 --------- d-----w C:\Program Files\Java
2008-04-23 23:31 --------- d-----w C:\Program Files\Common Files\Java
2008-04-23 13:01 --------- d-----w C:\Program Files\IVT Corporation
2008-04-23 11:18 --------- d-----w C:\Program Files\Alwil Software
2008-04-20 09:58 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-20 09:58 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-20 09:55 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-04-20 09:55 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-04-20 09:39 --------- d-----w C:\Program Files\Fma 2
2008-04-13 17:24 220 ----a-w C:\Documents and Settings\user\delself.bat
2008-04-08 08:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\tmp_7p.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agm52.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 15:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runservices]
C:\WINDOWS\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\zaloha\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 15:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 16:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 Apache2.2;Apache2.2;"C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe" -k runservice []
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d2d3d7-ec14-11dc-bbae-926feb8d03c1}]
\Shell\AutoRun\command - F:\autorun.bat

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 23:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-19 23:27:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 21:27:48

Adresářů: 9, Volných bajtů: 24,904,007,680
Adres ý…: 11, Volněch bajt…: 24,859,480,064

150

[LukasZPasek]

takze?

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\tmp_7p.dll
C:\WINDOWS\services.exe
C:\Documents and Settings\user\delself.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runservices]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[LukasZPasek]

tu je z z combofixu co mi to hodilo

ComboFix 08-06-19.1 - user 2008-06-21 0:23:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.275 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\user\delself.bat
C:\WINDOWS\services.exe
C:\WINDOWS\system32\tmp_7p.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\delself.bat

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 15:52 . 2003-07-18 14:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-20 15:52 . 2005-01-02 05:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-20 08:01 . 2008-06-20 08:01 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-19 22:53 . 2008-06-19 22:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-19 22:52 . 2008-06-19 22:53 <DIR> d-------- C:\Program Files\CCleaner
2008-06-19 22:40 . 2008-06-19 22:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 22:25 . 2008-06-19 22:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-19 22:25 . 2008-06-19 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-06-19 22:24 . 2008-06-19 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 19:09 . 2001-10-24 11:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-19 19:09 . 2001-10-24 11:54 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-15 18:32 . 2008-06-15 18:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 10:26 . 2008-06-15 10:26 <DIR> d-------- C:\Program Files\GOA
2008-06-15 08:08 . 2008-06-15 08:08 <DIR> d-------- C:\Soldat
2008-06-15 08:08 . 2008-06-15 08:08 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\Soldat
2008-06-15 07:35 . 2008-06-15 07:50 <DIR> d-------- C:\Program Files\Bitter Vengeance
2008-06-14 13:59 . 2008-06-20 22:00 <DIR> d-------- C:\Program Files\Lineage II
2008-05-31 06:58 . 2008-05-31 06:58 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-30 17:59 . 2008-05-30 18:37 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\teamspeak2
2008-05-30 17:58 . 2008-05-30 17:59 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-23 16:52 . 2008-05-23 16:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-22 13:56 . 2008-05-22 14:51 <DIR> d-------- C:\Program Files\RF Online;

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 15:44 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-06-15 06:07 --------- d-----w C:\Documents and Settings\user\Data aplikací\uTorrent
2008-06-11 18:21 --------- d-----w C:\Documents and Settings\user\Data aplikací\Skype
2008-05-31 11:27 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-05-29 16:26 --------- d-----w C:\Program Files\Cheat Engine
2008-05-19 12:18 --------- d-----w C:\Documents and Settings\user\Data aplikací\ICQ Toolbar
2008-05-08 12:59 --------- d-----w C:\Program Files\Codemasters
2008-05-03 13:18 --------- d-----w C:\Program Files\Warcraft III
2008-04-30 07:20 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 23:32 --------- d-----w C:\Program Files\Java
2008-04-23 23:31 --------- d-----w C:\Program Files\Common Files\Java
2008-04-23 13:01 --------- d-----w C:\Program Files\IVT Corporation
2008-04-23 11:18 --------- d-----w C:\Program Files\Alwil Software
2008-04-20 09:59 --------- d-----w C:\Documents and Settings\user\Data aplikací\Teleca
2008-04-20 09:58 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-20 09:58 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-20 09:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-04-20 09:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-04-20 09:55 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-04-20 09:55 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-04-20 09:39 --------- d-----w C:\Program Files\Fma 2
2008-04-20 09:39 --------- d-----w C:\Documents and Settings\user\Data aplikací\FMA
2008-04-08 08:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-28 13:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-20 14:47 2,170,880 ----a-w C:\Documents and Settings\user\Data aplikací\sa3125_02_fus_eng.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_23.27.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 21:18:01 246,312 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-20 06:01:05 246,312 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-20 22:10:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agm52.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 15:49 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\zaloha\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 15:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 16:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 15:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 Apache2.2;Apache2.2;"C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe" -k runservice []
S3 dump_wmimmc;dump_wmimmc;D:\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d2d3d7-ec14-11dc-bbae-926feb8d03c1}]
\Shell\AutoRun\command - F:\autorun.bat

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 00:25:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-21 0:25:54
ComboFix-quarantined-files.txt 2008-06-20 22:25:51
ComboFix2.txt 2008-06-19 21:27:52

Adresářů: 9, Volných bajtů: 23,531,556,864
Adresářů: 11, Volných bajtů: 23,543,390,208

138

a tady z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 4973 bytes

[fredik]

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pravděpodobně máš problém se spuštěním Avastu, že se ti nezobrazí jeho ikona v system tray, tak udělej toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE (nefunguje korektně)

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
- restartuj Pc a mělo by to pak být v pořádku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku

Máš ještě nějaké problémy?