Prosim o pomoc alebo radu mam problem s dvomi dll subormi

Mam taky problem ze ked zapnem pocitac nahodi mi ze mi chybaju tieto subory owqnjoxa.dll a rdcaunlr.dll su ulozene v system 32 a neviem co s tym robit avg my hlasi ze su nakazene takze neviem ako to mam fixnut pls help aby sami to opravilo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:20, on 11.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {00504EAE-B78F-4BFA-97EF-65DA049119DD} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23CD7C72-0F70-4CBF-A90F-0B43A33F0396} - (no file)
O2 - BHO: (no name) - {2AAB94F0-0346-4B27-AD57-08295EF4867A} - (no file)
O2 - BHO: (no name) - {3DD4BBC5-F794-4E19-A7BB-037317DB57D7} - C:\WINDOWS\system32\uhixjjvd.dll
O2 - BHO: (no name) - {4560EED2-882F-40B7-9251-05442B20D7AF} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {4C51E6D0-DABB-4F1D-8C5C-17FAA5FE9B4C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {82E40E71-CAD0-4055-BC9C-828157AD921C} - (no file)
O2 - BHO: (no name) - {97B5ED34-D605-4882-92B0-43180C1BC954} - (no file)
O2 - BHO: (no name) - {A3D27A86-3B41-4A3A-8868-C167C400E3AB} - (no file)
O2 - BHO: (no name) - {B7E4BFA8-6FB4-4AAD-B1D9-A441037BEA5D} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)
O2 - BHO: (no name) - {D657A191-3878-47A3-8E9F-C964520FA816} - (no file)
O2 - BHO: (no name) - {E6B485BA-2BC2-423F-8156-949B10E67C83} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\owqnjoxa.dll",forkonce
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rdcaunlr.dll",sitypnow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O20 - Winlogon Notify: tuvwvsq - tuvwvsq.dll (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8564 bytes

mam este taky problem ked hram hru world of warcraft neviem ci poznate tak ked hram mi to sekne a nic sa neda robit iba restart pc a robi mi to stale pls help cim to moze byt

1) Fixni:

O2 - BHO: (no name) - {00504EAE-B78F-4BFA-97EF-65DA049119DD} - (no file)
O2 - BHO: (no name) - {23CD7C72-0F70-4CBF-A90F-0B43A33F0396} - (no file)
O2 - BHO: (no name) - {2AAB94F0-0346-4B27-AD57-08295EF4867A} - (no file)
O2 - BHO: (no name) - {82E40E71-CAD0-4055-BC9C-828157AD921C} - (no file)
O2 - BHO: (no name) - {97B5ED34-D605-4882-92B0-43180C1BC954} - (no file)
O2 - BHO: (no name) - {A3D27A86-3B41-4A3A-8868-C167C400E3AB} - (no file)
O2 - BHO: (no name) - {B7E4BFA8-6FB4-4AAD-B1D9-A441037BEA5D} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)
O2 - BHO: (no name) - {D657A191-3878-47A3-8E9F-C964520FA816} - (no file)
O2 - BHO: (no name) - {E6B485BA-2BC2-423F-8156-949B10E67C83} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: tuvwvsq - tuvwvsq.dll (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)


2) Postupuj podľa návodu => http://www.viry.cz/forum/viewtopic.php?t=16634/


3) Potom nový log

Zatial to mam tak ale :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:51, on 11.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {00504EAE-B78F-4BFA-97EF-65DA049119DD} - (no file)
O2 - BHO: (no name) - {049AA900-0B7C-4967-8131-43EBA5E956B7} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23CD7C72-0F70-4CBF-A90F-0B43A33F0396} - (no file)
O2 - BHO: (no name) - {27B1B33A-644F-4DE3-809D-5927AB5B457F} - (no file)
O2 - BHO: (no name) - {2AAB94F0-0346-4B27-AD57-08295EF4867A} - (no file)
O2 - BHO: (no name) - {2F3BD5D5-94B1-4F09-BEC6-14EA599C0081} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {3DD4BBC5-F794-4E19-A7BB-037317DB57D7} - C:\WINDOWS\system32\uhixjjvd.dll (file missing)
O2 - BHO: (no name) - {4560EED2-882F-40B7-9251-05442B20D7AF} - (no file)
O2 - BHO: (no name) - {4C51E6D0-DABB-4F1D-8C5C-17FAA5FE9B4C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {78AE7039-06C4-4900-BAA0-6486766CC58F} - (no file)
O2 - BHO: (no name) - {82E40E71-CAD0-4055-BC9C-828157AD921C} - (no file)
O2 - BHO: (no name) - {97B5ED34-D605-4882-92B0-43180C1BC954} - (no file)
O2 - BHO: (no name) - {A3D27A86-3B41-4A3A-8868-C167C400E3AB} - (no file)
O2 - BHO: (no name) - {B2A6AF87-555E-47EF-A0DA-2B0DE5296067} - (no file)
O2 - BHO: (no name) - {B7E4BFA8-6FB4-4AAD-B1D9-A441037BEA5D} - (no file)
O2 - BHO: (no name) - {D657A191-3878-47A3-8E9F-C964520FA816} - (no file)
O2 - BHO: (no name) - {E6B485BA-2BC2-423F-8156-949B10E67C83} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O20 - Winlogon Notify: tuvwvsq - tuvwvsq.dll (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8609 bytes

Prvy krat ked som dal Scan fon undo mi naslo viac suborov napisalo daco take co ti hned ukazem na obrazku som dal restart a potom po restarte naskocilo ten program Vundofix dal som scannovat zase a naslo mi dva subory cel som dat prec ale napisalo toto obrazok - link :
-- http://img210.imageshack.us/img210/8224/errorrrmt9.jpg fixol som podla navodu

Použi aj VurtimundoBegone podľa návodu.

a to ked cem pouzit tenVurtimundoBegone musim ist fakt do nudoveho rezimu?

Áno

ok spravil som sa ten vundo fix uz nic nenasiel a tu je log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:01, on 11.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {049AA900-0B7C-4967-8131-43EBA5E956B7} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {27B1B33A-644F-4DE3-809D-5927AB5B457F} - (no file)
O2 - BHO: (no name) - {2F3BD5D5-94B1-4F09-BEC6-14EA599C0081} - (no file)
O2 - BHO: (no name) - {3DD4BBC5-F794-4E19-A7BB-037317DB57D7} - C:\WINDOWS\system32\uhixjjvd.dll (file missing)
O2 - BHO: (no name) - {4560EED2-882F-40B7-9251-05442B20D7AF} - (no file)
O2 - BHO: (no name) - {4C51E6D0-DABB-4F1D-8C5C-17FAA5FE9B4C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {78AE7039-06C4-4900-BAA0-6486766CC58F} - (no file)
O2 - BHO: (no name) - {B2A6AF87-555E-47EF-A0DA-2B0DE5296067} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7669 bytes

Fix:

O2 - BHO: (no name) - {049AA900-0B7C-4967-8131-43EBA5E956B7} - (no file)
O2 - BHO: (no name) - {27B1B33A-644F-4DE3-809D-5927AB5B457F} - (no file)
O2 - BHO: (no name) - {2F3BD5D5-94B1-4F09-BEC6-14EA599C0081} - (no file)
O2 - BHO: (no name) - {3DD4BBC5-F794-4E19-A7BB-037317DB57D7} - C:\WINDOWS\system32\uhixjjvd.dll (file missing)
O2 - BHO: (no name) - {4560EED2-882F-40B7-9251-05442B20D7AF} - (no file)
O2 - BHO: (no name) - {4C51E6D0-DABB-4F1D-8C5C-17FAA5FE9B4C} - (no file)
O2 - BHO: (no name) - {78AE7039-06C4-4900-BAA0-6486766CC58F} - (no file)
O2 - BHO: (no name) - {B2A6AF87-555E-47EF-A0DA-2B0DE5296067} - (no file)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\


Štart - Spustiť - services.msc - zakáž Microsoft security update service


Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC – Vložte nový log


Toto poznáš? C:\Program.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:27, on 11.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vokr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2417317-2635-4552-B035-BDF6F7975EC4}: NameServer = 193.58.193.11,195.12.128.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6904 bytes


a co s tym C:\Program.exe ?

Poznáš ho alebo nie?


+ Vlož log z Avengera (je na disku C).

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mtmrvrhj

*******************

Script file located at: \??\C:\Documents and Settings\oofhivmf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\vhosts.exe not found!
Deletion of file c:\windows\system32\vhosts.exe failed!

Could not process line:
c:\windows\system32\vhosts.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Nepoznam take co to je?

=> Štart - Spustiť - services.msc - zakáž MySQL a ak súbor existuje, zmaž ho

ok Mysql som vypol a myslis ten subor program.exe?

Áno

hm ziadny Program.exe tam neni a ked som restartol pociac uz mi neukazuje ze chybaju tie subory co chybali sa to opravilo .... a ktomu seknutiu v hre mi nevies poradit ci to uz aj toto sme vyriesili?

alebo mam este nieco spravit ? je nieco treba? cem aby mi isiel compik dobre

S hrami ti ja nepomôžem.


Ešte môžeš preskenovať počítač cez toto http://www.kaspersky.com/virusscanner a toto http://www.eset.sk/online-scanner-slovensky (použi IE).

Ok tak diki moc ze si mi pomohol fakt diki....


edit: to seknutie mi robi aj po cisteny

A ako sa správajú ostatné aplikácie? Testoval si počítač cez online skenery?

Ano preskenoval som naslo mi tam asi 5 vyrov dal som prec ale vecer mi to seklo aj vo windows a stale to seka v tej hre takze ja vobec neviem cim to moze byt nevies nejak pomoct ? a ostatbne aplikacie idu normalne vsetko ide cool len to seknutie nic nezostava len restart pc

Pohladaj ovladace ku grafike..odinstaluj ich a znovu nainstaluj..a vbehni do biosu popozeraj (skontroluj) teploty..a otvor PC a tiez pozri ci sa vsetky ventilatory dobre tocia, napriklad aj ten co je na chipsete (ak tam samozrejme nejaky je)..

+

Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt

TU JE LOG

ComboFix 07-10-12.1 - x 2007-10-11 22:52:56.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\x\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\aglxpnrp.exe
C:\WINDOWS\system32\asmosskj.exe
C:\WINDOWS\system32\boxdgbrv.exe
C:\WINDOWS\system32\djdwypwq.exe
C:\WINDOWS\system32\drivers\BKWI71.sys
C:\WINDOWS\system32\ewrsrnpc.exe
C:\WINDOWS\system32\gpysuptk.exe
C:\WINDOWS\system32\hgmxogxx.exe
C:\WINDOWS\system32\jrxocfgq.dll
C:\WINDOWS\system32\kmmjmnxt.exe
C:\WINDOWS\system32\lakwflwg.exe
C:\WINDOWS\system32\npheujsd.exe
C:\WINDOWS\system32\phnoecdv.exe
C:\WINDOWS\system32\prcsoeim.exe
C:\WINDOWS\system32\qhswuird.exe
C:\WINDOWS\system32\qpwrxvdc.exe
C:\WINDOWS\system32\sjlqkylm.exe
C:\WINDOWS\system32\tknsxhms.exe
C:\WINDOWS\system32\xigirlgx.exe
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BKWI71
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_MSUPDATE
-------\LEGACY_NDNET1
-------\LEGACY_NTIO256
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\msupdate
-------\ntio256


((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-11 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 21:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 20:13 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-11 18:28 <DIR> d-------- C:\VundoFix Backups
2007-10-11 16:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 23:07 <DIR> d-------- C:\bc90ffd65340b7a4983fd63b91
2007-10-10 22:31 <DIR> d-------- C:\0fc55752b7181cf1ffc3faccd4686901
2007-10-10 21:48 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 21:48 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 21:25 <DIR> d-------- C:\Program Files\MultiRes
2007-10-10 21:25 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 21:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 19:52 <DIR> d-------- C:\8bf6130e3143052c4776a56a
2007-10-10 14:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-10 14:06 <DIR> d-------- C:\Program Files\Realtek
2007-10-10 14:06 96,384 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-10-04 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-30 19:17 <DIR> d-------- C:\Program Files\Sun
2007-09-29 23:52 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-29 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-29 22:43 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-27 19:34 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-27 19:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-22 18:15 <DIR> d-------- C:\Program Files\Philips
2007-09-22 18:15 <DIR> d-------- C:\Documents and Settings\x\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 21:01 --------- d-----w C:\Documents and Settings\x\Application Data\AVG7
2007-10-11 17:08 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-11 12:29 --------- d-----w C:\Program Files\Save
2007-10-10 12:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-09-30 17:17 --------- d-----w C:\Program Files\Java
2007-09-29 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-08 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-06 12:02 --------- d-----w C:\Program Files\ICQ6
2007-09-03 18:27 --------- d-----w C:\Documents and Settings\x\Application Data\Hamachi
2007-09-02 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-09-02 17:33 --------- d--h--r C:\Documents and Settings\x\Application Data\SecuROM
2007-08-28 21:12 --------- d-----w C:\Program Files\Macromedia
2007-08-28 21:12 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-08-28 21:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-28 18:41 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-08-27 19:59 --------- d-----w C:\Documents and Settings\x\Application Data\fltk.org
2007-08-27 17:36 --------- d-----w C:\Documents and Settings\x\Application Data\Publish Providers
2007-08-27 17:35 --------- d-----w C:\Documents and Settings\x\Application Data\Sony
2007-08-27 17:32 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-08-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-08-27 17:31 --------- d-----w C:\Program Files\Vstplugins
2007-08-27 17:30 --------- d-----w C:\Program Files\Sony
2007-08-27 17:29 --------- d-----w C:\Program Files\Sony Setup
2007-08-26 20:41 --------- d-----w C:\Program Files\Sonic Foundry
2007-08-26 20:41 --------- d-----w C:\Program Files\Pure Motion
2007-08-26 20:41 --------- d-----w C:\Program Files\DebugMode
2007-08-25 22:15 73,124 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-25 22:15 5,047 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-20 12:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-18 22:09 --------- d-----w C:\Program Files\Common Files\Real
2007-08-18 22:06 --------- d-----w C:\Program Files\Real
2007-08-15 23:27 --------- d-----w C:\Program Files\PSPad editor
2007-08-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{B14D9CDC-90D5-4BB2-B6CA-DCF6842AEFD0}
2007-07-15 12:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-07-15 12:33 249,856 ------w C:\WINDOWS\Setup1.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 08:23]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"owqnjoxa.dll"=

C:\Documents and Settings\x\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WhenUSave"="C:\Program Files\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7ccf07-1931-11dc-ae10-806d6172696f}]
AutoRun\command - F:\Setup.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 23:01:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~????????????????G?B?&???R???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 23:03:13 - machine was rebooted
.
--- E O F ---

Je to v poriadku alebo mam daco este spravit?

1) Mohol by si mi zaslať na mail adresár Qoobox, ktorý je na C?

Zabaľ adresár do archívu RAR s heslom "infected" (menu rozšírené - nastaviť heslo) a pošli ho na adresu threat.samples@gmail.com

Tu je WinRAR SK: ftp://ftp.elf.stuba.sk/pub/pc/pack/wr370sk.exe


Ďakujem


2) Po odoslaní mailu sprav toto:

Otvor Poznámkový blok a vlož do neho toto:


Ulož to ako CFScript.txt a presuň podľa animácie:




3) Znova použi Avenger a vlož do neho toto =>

uz som to spravil ale mam tu log

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\btunkcen

*******************

Script file located at: \??\C:\WINDOWS\ajrbvmpt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\Save deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prgamqsf

*******************

Script file located at: \??\C:\jwiewmtd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Program Files\Save not found!
Deletion of folder C:\Program Files\Save failed!

Could not process line:
C:\Program Files\Save
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Ešte by som chcel vidieť aktuálny log z ComboFixu.

ComboFix 07-10-12.1 - x 2007-10-12 23:43:13.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.581 [GMT 2:00]
Running from: C:\Documents and Settings\x\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\x\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 23:47 126,976 --a------ C:\zip.exe
2007-10-12 23:47 1,080 --a------ C:\uchbrhyx.bat
2007-10-11 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 21:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 20:13 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-11 18:28 <DIR> d-------- C:\VundoFix Backups
2007-10-11 16:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 23:07 <DIR> d-------- C:\bc90ffd65340b7a4983fd63b91
2007-10-10 22:31 <DIR> d-------- C:\0fc55752b7181cf1ffc3faccd4686901
2007-10-10 21:48 <DIR> d-------- C:\WINDOWS\nview
2007-10-10 21:48 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-10 21:25 <DIR> d-------- C:\Program Files\MultiRes
2007-10-10 21:25 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 21:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 19:52 <DIR> d-------- C:\8bf6130e3143052c4776a56a
2007-10-10 14:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-10 14:06 <DIR> d-------- C:\Program Files\Realtek
2007-10-10 14:06 96,384 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-10-04 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-30 19:17 <DIR> d-------- C:\Program Files\Sun
2007-09-29 23:52 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-29 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-29 22:43 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-27 19:34 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-27 19:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-22 18:15 <DIR> d-------- C:\Program Files\Philips
2007-09-22 18:15 <DIR> d-------- C:\Documents and Settings\x\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 21:47 60,416 ----a-w C:\WINDOWS\system32\drivers\mjjtaytb.sys
2007-10-12 21:01 --------- d-----w C:\Documents and Settings\x\Application Data\AVG7
2007-10-11 17:08 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-11 12:29 --------- d-----w C:\Program Files\Save
2007-10-10 12:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-09-30 17:17 --------- d-----w C:\Program Files\Java
2007-09-29 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe
2007-09-16 23:24 356,352 ----a-w C:\WINDOWS\system32\nvugart.exe
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-16 23:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-16 23:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-16 23:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-16 23:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-16 23:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-16 23:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-16 23:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-16 23:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-16 23:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-16 23:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-16 23:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-08 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-06 12:02 --------- d-----w C:\Program Files\ICQ6
2007-09-03 18:27 --------- d-----w C:\Documents and Settings\x\Application Data\Hamachi
2007-09-02 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-09-02 17:33 --------- d--h--r C:\Documents and Settings\x\Application Data\SecuROM
2007-08-28 21:12 --------- d-----w C:\Program Files\Macromedia
2007-08-28 21:12 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-08-28 21:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-28 18:41 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-08-27 19:59 --------- d-----w C:\Documents and Settings\x\Application Data\fltk.org
2007-08-27 17:36 --------- d-----w C:\Documents and Settings\x\Application Data\Publish Providers
2007-08-27 17:35 --------- d-----w C:\Documents and Settings\x\Application Data\Sony
2007-08-27 17:32 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-08-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-08-27 17:31 --------- d-----w C:\Program Files\Vstplugins
2007-08-27 17:30 --------- d-----w C:\Program Files\Sony
2007-08-27 17:29 --------- d-----w C:\Program Files\Sony Setup
2007-08-26 20:41 --------- d-----w C:\Program Files\Sonic Foundry
2007-08-26 20:41 --------- d-----w C:\Program Files\Pure Motion
2007-08-26 20:41 --------- d-----w C:\Program Files\DebugMode
2007-08-25 22:15 73,124 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-25 22:15 5,047 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-25 22:15 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 12:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-18 22:09 --------- d-----w C:\Program Files\Common Files\Real
2007-08-18 22:06 --------- d-----w C:\Program Files\Real
2007-08-15 23:27 --------- d-----w C:\Program Files\PSPad editor
2007-08-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{B14D9CDC-90D5-4BB2-B6CA-DCF6842AEFD0}
2007-08-08 14:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 16:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 16:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-27 13:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 13:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-15 12:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-07-15 12:33 249,856 ------w C:\WINDOWS\Setup1.exe
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-04 08:23]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"pwfkhknb"="C:\uchbrhyx.bat" [2007-10-12 23:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\x\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7ccf07-1931-11dc-ae10-806d6172696f}]
AutoRun\command - F:\Setup.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 23:47:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~????????????????G?B?&???R???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 23:48:53
C:\ComboFix2.txt ... 2007-10-12 23:03
.
--- E O F ---

Otestuj na http://www.virustotal.com a vlož sem výsledky:

C:\zip.exe
C:\uchbrhyx.bat
C:\WINDOWS\system32\drivers\mjjtaytb.sys


F:\Setup.exe je vymeniteľné médium?

tie dva subory tam na cecku nemam C:\zip.exe
C:\uchbrhyx.bat


C:\WINDOWS\system32\drivers\mjjtaytb.sys toto tiez nemam


F:\Setup.exe a toto je dvd mechanika to F