Sam od seba sa vypne skenovanie programu WMAV

Zdravim vas
Chcem sa spytat ze ci niekto nevie preco sa sam od seba zrusi skenovanie programu WMAV? PLS a este pozna tuto stranku niekto? - to mi prislo na e-mail ze Citujem" Auast Free online scaner zistil možnú infekciu Vášho PC. Vaša IP adresa sa nachádza v zozname možných napadnutých počítačov vírusom.
On-line scaner nájdete na Freescan.110mb.com . Prostredníctvom neho sa môžete uistiť či je Váš PC skutočne v bezpečí" Mohol by mi niekto poradit? mozno to je aj preto ze mi nesla antiviropva kontrola skoro cely den a neviem preco. DAKUJEM


// Rbot: Nedávaj sem priame linky

Vlož log z HijackThis =>

http://www.pcforum.sk/cistime-napadnuty ... 17087.html

tu posielam ten log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:42, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\S\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Live MSN] "C:\Documents and Settings\S\Desktop\kur_setup.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Rýchle blokovanie - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 9910 bytes

Fixni:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)



Otestuj na www.virustotal.com a vlož sem výsledky:

C:\Documents and Settings\S\Desktop\kur_setup.exe
C:\WINDOWS\bdoscandel.exe



Odinštaluj Spy Emergency

tu je log Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:59, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\S\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Live MSN] "C:\Documents and Settings\S\Desktop\kur_setup.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Rýchle blokovanie - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 9640 bytes


Toto som nenasiel
C:\Documents and Settings\S\Desktop\kur_setup.exe a Spy Emergency uz nemam dost dlho a chcem sa spytat ze ci neviete preco sa mi tam zobrazuju procesi ktoru vobec nebezia?
C:\WINDOWS\bdoscandel.exe - nenaslo sa nic

=> Fixni:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O4 - HKLM\..\Run: [Live MSN] "C:\Documents and Settings\S\Desktop\kur_setup.exe"
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


=> Stiahnite OTMove It =>
http://download.bleepingcomputer.com/ol ... MoveIt.exe

Spustite aplikáciu, do ľavého okna skopírujte kód, zmazanie potvrďte kliknutím na "Move it", na fórum vložte log z pravého poľa a po reštarte log z HijackThis


=> Potom zbaľ a pošli adresár _OTMoveIt, ktorý bude na disku C =>

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Díki

za chvilu poslem ten log len skenujem nieco tak preto to trosku dlhsie trva

Posielam log

File/Folder C:\Program Files\Netgate not found.
C:\WINDOWS\bdoscandel.exe moved successfully.
File/Folder C:\Documents and Settings\S\Desktop\kur_setup.exe not found.

Created on 10.31.2007 13:49:48

tu je log s hujackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:44, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\S\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [Live MSN] "C:\Documents and Settings\S\Desktop\kur_setup.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BitComet Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Rýchle blokovanie - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 9481 bytes

Poslal som vam do na e-mail a dakujem

Stiahnite ComboFix =>
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt

ComboFix 07-10-30.5 - S 2007-10-31 14:55:23.1 - NTFSx86
Running from: C:\Documents and Settings\S\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\S\Application Data\macromedia\Flash Player\#SharedObjects\BDQTY44Z\www.broadcaster.com
C:\Documents and Settings\S\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\S\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\hook33.txt
C:\WINDOWS\ie-hook.txt
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-31 14:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 12:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 10:56 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-29 15:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Agnitum
2007-10-28 20:22 675,840 --a------ C:\WINDOWS\is-C7ANI.exe
2007-10-27 19:20 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 19:20 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-27 19:20 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 19:20 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 19:20 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 19:20 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 19:20 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-22 14:57 <DIR> d-------- C:\Program Files\Panda Security
2007-10-19 16:45 <DIR> d-------- C:\Program Files\Hamachi
2007-10-16 19:28 <DIR> d-------- C:\Program Files\TDK
2007-10-08 19:49 <DIR> d-------- C:\Program Files\LookInMyPC
2007-09-28 12:27 980 --a------ C:\WINDOWS\eReg.dat
2007-09-23 20:44 <DIR> d-------- C:\Hudba
2007-09-22 17:02 <DIR> d-------- C:\TTDX
2007-09-21 18:32 <DIR> d-------- C:\Program Files\Inkscape
2007-09-21 17:50 <DIR> d-------- C:\Documents and Settings\S\Application Data\mojosoft
2007-09-05 12:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-05 12:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 12:54 --------- d-----w C:\Documents and Settings\S\Application Data\Hamachi
2007-10-31 11:16 --------- d-----w C:\Documents and Settings\S\Application Data\Skype
2007-10-31 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-31 10:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-30 19:40 --------- d-----w C:\Program Files\ICQLite
2007-10-26 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 18:10 --------- d-----w C:\Documents and Settings\S\Application Data\Azureus
2007-10-22 15:51 --------- d-----w C:\Program Files\HiDownload
2007-10-22 07:16 --------- d-----w C:\Program Files\Kaspersky Lab
2007-10-21 10:18 --------- d-----w C:\Program Files\Azureus
2007-10-19 15:45 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 15:55 --------- d-----w C:\Program Files\EA GAMES
2007-09-27 17:13 --------- d-----w C:\Documents and Settings\S\Application Data\gtk-2.0
2007-09-27 16:35 --------- d-----w C:\Program Files\VirtualDJ
2007-09-25 11:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 10:28 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-06 12:12 --------- d-----w C:\Documents and Settings\S\Application Data\Ahead
2007-08-29 14:40 --------- d-----w C:\Program Files\FootballArena
2007-08-20 17:38 677,376 ----a-w C:\WINDOWS\is-D2HSU.exe
2007-07-19 05:17 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-07-19 05:17 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-07-19 05:17 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZipTorrent"="C:\Program Files\ZipTorrent\ZipTorrent.exe" []
"Live MSN"="C:\Documents and Settings\S\Desktop\kur_setup.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"PVR"="C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" []
"BitComet Acceleration Patch"="C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk" []
"SpyEmergency"="C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

C:\Documents and Settings\S\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-19 16:45:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-04-04 11:59:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-02-16 10:34:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL
S4 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 05:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 14:58:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-31 14:59:09
.
--- E O F ---





Mozem sa spytat co to bol za program? aby som vedel aj do buducnosti dakujem

Otvorte Poznámkový blok a vlož do neho toto:


Súbor uložte pod názvom CFScript.txt a spravte toto:




Spustí sa ComboFix. Zbaľ podľa návodu vyššie adresár Qoobox (disk C) a zip archív (plocha) a odošli. Dík


Toto poznáš?

C:\TTDX

C:\TTDX -- poznam to ale to sa kludne moze odstranit

Tak to zmaž klasicky.

ComboFix 07-10-30.5 - S 2007-10-31 15:33:05.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.165 [GMT 1:00]
Running from: C:\Documents and Settings\S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\S\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Kaspersky Lab
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\ah.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\ah.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\as.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\bb.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\cf.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\credits.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\hints.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\main.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\mc.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\oas.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\prot.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\report.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\sc.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\scan.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\service.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\settings.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\spy.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\en\updater.loc
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\main.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\report.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\scan.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\Skin\layout\settings.ini
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCCfg.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCServ.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\AVPCCUser.log
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\BACKUP\AvpM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\INSTALL.LOG
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avp32.rpt
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avpm.rpt
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\Report\avpupd.rep
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\lambda.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\ahzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\aszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\bbzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\cfzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\creditszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\hintszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\mainzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\mczal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\oaszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\protzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\reportzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\scanzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\sczal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\servicezal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\settingszal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\spyzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\Skin\en\updaterzal.loc
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\kis7_eng_75.jpg
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\lambda.txt
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\Thumbs.db
C:\Program Files\Panda Security
C:\WINDOWS\BDOSCAN8
C:\WINDOWS\BDOSCAN8\avxdisk.dll
C:\WINDOWS\BDOSCAN8\avxs.dll
C:\WINDOWS\BDOSCAN8\avxt.dll
C:\WINDOWS\BDOSCAN8\bdcore.dll
C:\WINDOWS\BDOSCAN8\bdoscan.ini
C:\WINDOWS\BDOSCAN8\bdoscan.log
C:\WINDOWS\BDOSCAN8\bdupd.dll
C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd
C:\WINDOWS\BDOSCAN8\boot.xmd
C:\WINDOWS\BDOSCAN8\ipsupd.dll
C:\WINDOWS\BDOSCAN8\lang.ini
C:\WINDOWS\BDOSCAN8\libfn.dll
C:\WINDOWS\BDOSCAN8\librtvr.dll
C:\WINDOWS\BDOSCAN8\live.ini
C:\WINDOWS\BDOSCAN8\oscan8.ocx
C:\WINDOWS\BDOSCAN8\oscan82.ocx
C:\WINDOWS\BDOSCAN8\plugins.htm
C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd
C:\WINDOWS\BDOSCAN8\plugins\access.xmd
C:\WINDOWS\BDOSCAN8\plugins\ace.xmd
C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd
C:\WINDOWS\BDOSCAN8\plugins\alz.xmd
C:\WINDOWS\BDOSCAN8\plugins\arc.xmd
C:\WINDOWS\BDOSCAN8\plugins\arj.xmd
C:\WINDOWS\BDOSCAN8\plugins\bach.xmd
C:\WINDOWS\BDOSCAN8\plugins\boot.xmd
C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd
C:\WINDOWS\BDOSCAN8\plugins\cab.xmd
C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd
C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd
C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd
C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd
C:\WINDOWS\BDOSCAN8\plugins\cran.cvd
C:\WINDOWS\BDOSCAN8\plugins\cran.ivd
C:\WINDOWS\BDOSCAN8\plugins\cran.xmd
C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd
C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd
C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd
C:\WINDOWS\BDOSCAN8\plugins\emalware.i01
C:\WINDOWS\BDOSCAN8\plugins\emalware.i02
C:\WINDOWS\BDOSCAN8\plugins\emalware.i03
C:\WINDOWS\BDOSCAN8\plugins\emalware.i04
C:\WINDOWS\BDOSCAN8\plugins\emalware.i05
C:\WINDOWS\BDOSCAN8\plugins\emalware.i06
C:\WINDOWS\BDOSCAN8\plugins\emalware.i07
C:\WINDOWS\BDOSCAN8\plugins\emalware.i08
C:\WINDOWS\BDOSCAN8\plugins\emalware.i09
C:\WINDOWS\BDOSCAN8\plugins\emalware.i10
C:\WINDOWS\BDOSCAN8\plugins\emalware.i11
C:\WINDOWS\BDOSCAN8\plugins\emalware.i12
C:\WINDOWS\BDOSCAN8\plugins\emalware.i13
C:\WINDOWS\BDOSCAN8\plugins\emalware.i14
C:\WINDOWS\BDOSCAN8\plugins\emalware.i15
C:\WINDOWS\BDOSCAN8\plugins\emalware.i16
C:\WINDOWS\BDOSCAN8\plugins\emalware.i17
C:\WINDOWS\BDOSCAN8\plugins\emalware.i18
C:\WINDOWS\BDOSCAN8\plugins\emalware.i19
C:\WINDOWS\BDOSCAN8\plugins\emalware.i20
C:\WINDOWS\BDOSCAN8\plugins\emalware.i21
C:\WINDOWS\BDOSCAN8\plugins\emalware.i22
C:\WINDOWS\BDOSCAN8\plugins\emalware.i23
C:\WINDOWS\BDOSCAN8\plugins\emalware.i24
C:\WINDOWS\BDOSCAN8\plugins\emalware.i25
C:\WINDOWS\BDOSCAN8\plugins\emalware.i26
C:\WINDOWS\BDOSCAN8\plugins\emalware.i27
C:\WINDOWS\BDOSCAN8\plugins\emalware.i28
C:\WINDOWS\BDOSCAN8\plugins\emalware.i29
C:\WINDOWS\BDOSCAN8\plugins\emalware.i30
C:\WINDOWS\BDOSCAN8\plugins\emalware.i31
C:\WINDOWS\BDOSCAN8\plugins\emalware.i32
C:\WINDOWS\BDOSCAN8\plugins\emalware.i33
C:\WINDOWS\BDOSCAN8\plugins\emalware.i34
C:\WINDOWS\BDOSCAN8\plugins\emalware.i35
C:\WINDOWS\BDOSCAN8\plugins\emalware.i36
C:\WINDOWS\BDOSCAN8\plugins\emalware.i37
C:\WINDOWS\BDOSCAN8\plugins\emalware.i38
C:\WINDOWS\BDOSCAN8\plugins\emalware.i39
C:\WINDOWS\BDOSCAN8\plugins\emalware.i40
C:\WINDOWS\BDOSCAN8\plugins\emalware.i41
C:\WINDOWS\BDOSCAN8\plugins\emalware.i42
C:\WINDOWS\BDOSCAN8\plugins\emalware.i43
C:\WINDOWS\BDOSCAN8\plugins\emalware.i44
C:\WINDOWS\BDOSCAN8\plugins\emalware.i45
C:\WINDOWS\BDOSCAN8\plugins\emalware.i46
C:\WINDOWS\BDOSCAN8\plugins\emalware.i47
C:\WINDOWS\BDOSCAN8\plugins\emalware.i48
C:\WINDOWS\BDOSCAN8\plugins\emalware.i49
C:\WINDOWS\BDOSCAN8\plugins\emalware.i50
C:\WINDOWS\BDOSCAN8\plugins\emalware.i51
C:\WINDOWS\BDOSCAN8\plugins\emalware.i52
C:\WINDOWS\BDOSCAN8\plugins\emalware.i53
C:\WINDOWS\BDOSCAN8\plugins\emalware.i54
C:\WINDOWS\BDOSCAN8\plugins\emalware.i55
C:\WINDOWS\BDOSCAN8\plugins\emalware.i56
C:\WINDOWS\BDOSCAN8\plugins\emalware.i57
C:\WINDOWS\BDOSCAN8\plugins\emalware.i58
C:\WINDOWS\BDOSCAN8\plugins\emalware.i59
C:\WINDOWS\BDOSCAN8\plugins\emalware.i60
C:\WINDOWS\BDOSCAN8\plugins\emalware.i61
C:\WINDOWS\BDOSCAN8\plugins\emalware.i62
C:\WINDOWS\BDOSCAN8\plugins\emalware.i63
C:\WINDOWS\BDOSCAN8\plugins\emalware.i64
C:\WINDOWS\BDOSCAN8\plugins\emalware.i65
C:\WINDOWS\BDOSCAN8\plugins\emalware.i66
C:\WINDOWS\BDOSCAN8\plugins\emalware.i67
C:\WINDOWS\BDOSCAN8\plugins\emalware.i68
C:\WINDOWS\BDOSCAN8\plugins\emalware.i69
C:\WINDOWS\BDOSCAN8\plugins\emalware.i70
C:\WINDOWS\BDOSCAN8\plugins\emalware.i71
C:\WINDOWS\BDOSCAN8\plugins\emalware.i72
C:\WINDOWS\BDOSCAN8\plugins\emalware.i73
C:\WINDOWS\BDOSCAN8\plugins\emalware.i74
C:\WINDOWS\BDOSCAN8\plugins\emalware.i75
C:\WINDOWS\BDOSCAN8\plugins\emalware.i76
C:\WINDOWS\BDOSCAN8\plugins\emalware.i77
C:\WINDOWS\BDOSCAN8\plugins\emalware.i78
C:\WINDOWS\BDOSCAN8\plugins\emalware.i79
C:\WINDOWS\BDOSCAN8\plugins\emalware.i80
C:\WINDOWS\BDOSCAN8\plugins\emalware.i81
C:\WINDOWS\BDOSCAN8\plugins\emalware.i82
C:\WINDOWS\BDOSCAN8\plugins\emalware.i83
C:\WINDOWS\BDOSCAN8\plugins\emalware.i84
C:\WINDOWS\BDOSCAN8\plugins\emalware.i85
C:\WINDOWS\BDOSCAN8\plugins\emalware.i86
C:\WINDOWS\BDOSCAN8\plugins\emalware.i87
C:\WINDOWS\BDOSCAN8\plugins\emalware.i88
C:\WINDOWS\BDOSCAN8\plugins\emalware.i89
C:\WINDOWS\BDOSCAN8\plugins\emalware.i90
C:\WINDOWS\BDOSCAN8\plugins\emalware.i91
C:\WINDOWS\BDOSCAN8\plugins\emalware.i92
C:\WINDOWS\BDOSCAN8\plugins\emalware.i93
C:\WINDOWS\BDOSCAN8\plugins\emalware.i94
C:\WINDOWS\BDOSCAN8\plugins\emalware.i95
C:\WINDOWS\BDOSCAN8\plugins\emalware.i96
C:\WINDOWS\BDOSCAN8\plugins\emalware.i97
C:\WINDOWS\BDOSCAN8\plugins\emalware.i98
C:\WINDOWS\BDOSCAN8\plugins\emalware.i99
C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd
C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd
C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd
C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd
C:\WINDOWS\BDOSCAN8\plugins\ha.xmd
C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd
C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd
C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd
C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd
C:\WINDOWS\BDOSCAN8\plugins\html.xmd
C:\WINDOWS\BDOSCAN8\plugins\chm.xmd
C:\WINDOWS\BDOSCAN8\plugins\imp.xmd
C:\WINDOWS\BDOSCAN8\plugins\inno.xmd
C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd
C:\WINDOWS\BDOSCAN8\plugins\iso.xmd
C:\WINDOWS\BDOSCAN8\plugins\java.cvd
C:\WINDOWS\BDOSCAN8\plugins\java.xmd
C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd
C:\WINDOWS\BDOSCAN8\plugins\lha.xmd
C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd
C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd
C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd
C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd
C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd
C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd
C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd
C:\WINDOWS\BDOSCAN8\plugins\mime.xmd
C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd
C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd
C:\WINDOWS\BDOSCAN8\plugins\mso.xmd
C:\WINDOWS\BDOSCAN8\plugins\na.cvd
C:\WINDOWS\BDOSCAN8\plugins\na.xmd
C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd
C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd
C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd
C:\WINDOWS\BDOSCAN8\plugins\objd.xmd
C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd
C:\WINDOWS\BDOSCAN8\plugins\pst.xmd
C:\WINDOWS\BDOSCAN8\plugins\rar.xmd
C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd
C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd
C:\WINDOWS\BDOSCAN8\plugins\rup.cvd
C:\WINDOWS\BDOSCAN8\plugins\rup.xmd
C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd
C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd
C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd
C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd
C:\WINDOWS\BDOSCAN8\plugins\swf.xmd
C:\WINDOWS\BDOSCAN8\plugins\tar.xmd
C:\WINDOWS\BDOSCAN8\plugins\td0.xmd
C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd
C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd
C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd
C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd
C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd
C:\WINDOWS\BDOSCAN8\plugins\update.txt
C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd
C:\WINDOWS\BDOSCAN8\plugins\ve.cvd
C:\WINDOWS\BDOSCAN8\plugins\ve.ivd
C:\WINDOWS\BDOSCAN8\plugins\ve.xmd
C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd
C:\WINDOWS\BDOSCAN8\plugins\viza.xmd
C:\WINDOWS\BDOSCAN8\plugins\wise.xmd
C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd
C:\WINDOWS\BDOSCAN8\plugins\z.xmd
C:\WINDOWS\BDOSCAN8\plugins\zip.xmd
C:\WINDOWS\BDOSCAN8\plugins\zoo.xmd
C:\WINDOWS\BDOSCAN8\rtvr.html
C:\WINDOWS\BDOSCAN8\rtvr2.html
C:\WINDOWS\BDOSCAN8\scanoptions.tsi
C:\WINDOWS\BDOSCAN8\scanoptions.tsk
C:\WINDOWS\BDOSCAN8\scanrep.html
C:\WINDOWS\BDOSCAN8\scanres.html
C:\WINDOWS\BDOSCAN8\scanres2.html
C:\WINDOWS\BDOSCAN8\upd82.bpx
C:\WINDOWS\is-C7ANI.exe
C:\WINDOWS\is-D2HSU.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-31 14:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 15:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-10-28 20:22 <DIR> d-------- C:\Program Files\Agnitum
2007-10-27 19:20 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 19:20 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-27 19:20 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 19:20 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 19:20 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 19:20 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 19:20 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-19 16:45 <DIR> d-------- C:\Program Files\Hamachi
2007-10-16 19:28 <DIR> d-------- C:\Program Files\TDK
2007-10-08 19:49 <DIR> d-------- C:\Program Files\LookInMyPC
2007-09-28 12:27 980 --a------ C:\WINDOWS\eReg.dat
2007-09-23 20:44 <DIR> d-------- C:\Hudba
2007-09-22 17:02 <DIR> d-------- C:\TTDX
2007-09-21 18:32 <DIR> d-------- C:\Program Files\Inkscape
2007-09-21 17:50 <DIR> d-------- C:\Documents and Settings\S\Application Data\mojosoft
2007-09-05 12:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-05 12:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 14:38 --------- d-----w C:\Documents and Settings\S\Application Data\Hamachi
2007-10-31 11:16 --------- d-----w C:\Documents and Settings\S\Application Data\Skype
2007-10-31 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-31 10:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-30 19:40 --------- d-----w C:\Program Files\ICQLite
2007-10-26 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 18:10 --------- d-----w C:\Documents and Settings\S\Application Data\Azureus
2007-10-22 15:51 --------- d-----w C:\Program Files\HiDownload
2007-10-21 10:18 --------- d-----w C:\Program Files\Azureus
2007-10-19 15:45 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 15:55 --------- d-----w C:\Program Files\EA GAMES
2007-09-27 17:13 --------- d-----w C:\Documents and Settings\S\Application Data\gtk-2.0
2007-09-27 16:35 --------- d-----w C:\Program Files\VirtualDJ
2007-09-25 11:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 10:28 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-06 12:12 --------- d-----w C:\Documents and Settings\S\Application Data\Ahead
2007-08-29 14:40 --------- d-----w C:\Program Files\FootballArena
.

((((((((((((((((((((((((((((( snapshot@2007-10-31_14.58.19,12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-31 14:37:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"ZipTorrent"="C:\Program Files\ZipTorrent\ZipTorrent.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Live MSN"="C:\Documents and Settings\S\Desktop\kur_setup.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"PVR"="C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" []
"BitComet Acceleration Patch"="C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk" []
"SpyEmergency"="C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

C:\Documents and Settings\S\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-10-19 16:45:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-04-04 11:59:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-02-16 10:34:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL
S4 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 05:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 15:38:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-31 15:40:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-31 14:59
.
--- E O F ---

Toto mi vypisalo

Taka otazka: Qoobox mam poslat cely subor alebo len nieco vybrate? ak cele tak potom na viacej casti lebo je to velke a neposlem to

Otvor poznámkový blok a vlož do neho toto:



Ulož to ako (nazov).reg, spusti, potvrď, nový log z HijackThis.


Quarantine - okrem podadresárov:

C:\Program Files\Kaspersky Lab
C:\Program Files\Panda Security

Troska som stoho puk: mam teda poslat len tu quarantine a nic ine? a s tymto co:
C:\Program Files\Kaspersky Lab
C:\Program Files\Panda Security

To co mam vlozit do poznamkoveho bloku tak tam bude nazov: .reg ? a potom ako to mam spustit? zasa tak ako pred tym? dat to do combofix?

Nie, bude to súbor s kockami a klasicky ho spusti (2x klik).

To je v quarantine a to neposielaj.

Dal som nazov: nazov.reg (samotne .reg neslo) a nic. ziadne kocky nic a aj som klikol 2krat a nic

hups ja som vam poslal tu quarantinu za to sa ospravedlnujem a tak co mam potom poslat?

Quarantine bez tých podadreárov.


Ešte som zabudol - typ všetky súbory (nie textový dokument)

Ja to nechapem prepacte mi to. Uz som asi osprostel . Mohli by ste mi prosim napisat co su to tie podadresaty? lebo neviem ... a mohli by ste mi este raz napisat to co mam skopirovat a ako? trochu podrobnejsie lebo neviem to. dakujem

Otvorte poznámkový blok a vložte do neho toto:



V okne "Uložiť ako" vyberte typ "všetky súbory" a do políčka "názov súboru" zadajte "vymazat.reg". Potom uložený súbor (mal by mať ikonu kociek) spustite, potvrďte a vložte nový log z HijackThis.

Čo sa týka súborov:

V adresári Qoobox je adresár Quarantine a v ňom ďalšie a ďalšie adresáre. Zabaľte všetky okrem Kaspersky a Panda.

No zvladol som to dakujem. Posielam log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:10, on 31.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\S\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Live MSN] "C:\Documents and Settings\S\Desktop\kur_setup.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [PVR] C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BitComet Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Rýchle blokovanie - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 9494 bytes

Hmm, nechce to odtiaľ odísť. Skúste to v núdzovom režime.