VIRY.CZ

Přeji dobrý den,
prosím o kontrolu logu. Je tam autorun.inf, ale nemohu se ho zbavit, vyskoušel jsem všechny možné varianty, co jsem našel na netu, ale neuspěšně, vymazal jsem ho přes "cmd" i nějaký yveqsh93.exe na kterej byl odkaz v autorunu. Vymazal ze všech možných disců. Ale nic.

Furt tam je

Jinak při zapnutí PC mi vždy hlásí že chybí disc, pak přes správce ukončim svchost.exe a pak nevyskakuje upozorněni.
Prosím pomozte mi, už jsem u toho ztrávil několik nocí, a fakt už si nevím rady. děkuji

LOG:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Milsot at 2011-02-09 14:33:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (6%) free of 74 GB
Total RAM: 510 MB (64% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2007-08-28 1127424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}]
XBTP06568 Class - C:\Program Files\AOL Security Toolbar\tbu56\AOL_security_toolbar.dll [2006-08-15 872448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 452160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-07 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - AOL Security Toolbar - C:\Program Files\AOL Security Toolbar\tbu56\AOL_security_toolbar.dll [2006-08-15 872448]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2007-08-28 1127424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360]
"nwiz"=nwiz.exe /install []
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-01-19 110592]
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 425984]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"lxcgmon.exe"=C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]
"EzPrint"=C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-04 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-12 185896]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-12-04 79224]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2007-09-05 2778112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"Service Host Manager"=C:\Documents and Settings\Milsot\svchost.exe [2007-09-15 39665]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-11 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"king_mg"=C:\WINDOWS\system32\mgking.exe [2010-11-26 182784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:*:Disabled:Media Synchronizer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="D:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Xplosiv\SOF PLATINUM\SoF.exe"="C:\Program Files\Xplosiv\SOF PLATINUM\SoF.exe:*:Enabled:SoF"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:*:Enabled:eConsole"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-09 14:33:40 ----D---- C:\Program Files\trend micro
2011-02-09 14:33:39 ----D---- C:\rsit
2011-02-08 22:15:50 ----RSH---- C:\yveqsh93.exe
2011-02-08 22:13:55 ----ASH---- C:\hiberfil.sys
2011-02-02 00:10:46 ----D---- C:\WINDOWS\Prefetch
2011-02-01 23:57:07 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-02-01 23:55:39 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-02-01 23:54:46 ----A---- C:\WINDOWS\system32\wshirda.dll
2011-02-01 23:54:46 ----A---- C:\WINDOWS\system32\irmon.dll
2011-02-01 23:54:46 ----A---- C:\WINDOWS\system32\irftp.exe
2011-02-01 23:54:46 ----A---- C:\WINDOWS\system32\drivers\irda.sys
2011-02-01 22:38:54 ----A---- C:\WINDOWS\system32\drivers\rasirda.sys
2011-02-01 22:38:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-02-01 22:38:03 ----A---- C:\WINDOWS\system32\irclass.dll
2011-02-01 22:37:52 ----RA---- C:\WINDOWS\SET182.tmp
2011-02-01 22:37:50 ----RA---- C:\WINDOWS\SET176.tmp
2011-02-01 22:37:47 ----RA---- C:\WINDOWS\SET173.tmp
2011-02-01 22:20:06 ----ASH---- C:\PAGEFILE.SYS

======List of files/folders modified in the last 1 months======

2011-02-09 13:42:44 ----A---- C:\WINDOWS\system32\eRLog.ini
2011-02-09 13:42:32 ----RSH---- C:\WINDOWS\system32\mgking0.dll
2011-02-09 13:41:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-08 22:15:20 ----RSH---- C:\WINDOWS\system32\mgking1.dll
2011-02-08 22:02:16 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-08 21:33:12 ----A---- C:\WINDOWS\setuplog.txt
2011-02-02 00:16:38 ----A---- C:\WINDOWS\OEWABLog.txt
2011-02-02 00:12:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-01 23:57:56 ----A---- C:\WINDOWS\ODBCINST.INI
2011-02-01 23:57:34 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-02-01 23:57:10 ----RD---- C:\WINDOWS\Web
2011-02-01 23:57:10 ----RD---- C:\Program Files
2011-02-01 23:57:04 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-02-01 23:56:56 ----A---- C:\WINDOWS\win.ini
2011-02-01 23:54:38 ----SH---- C:\boot.ini
2011-02-01 22:38:08 ----A---- C:\WINDOWS\system.ini
2011-02-01 22:37:58 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-10-20 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-04 26624]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-04 42912]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-04 94544]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-04 23152]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-26 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-07-07 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-04 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-12-04 140664]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LXCGCustomerConnect;LXCGCustomerConnect; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGserv.exe [2005-07-20 57344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2007-09-06 966656]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-12-04 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-12-04 345464]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Děkuji za ozvání...
Provádím vše potřebné

Zasílam Log z ComboFix:

ComboFix 11-02-09.02 - Milsot 09.02.2011 20:32:00.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.213 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milsot\Plocha\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 080204-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Milsot\svchost.exe
c:\documents and settings\ostatni\svchost.exe
c:\documents and settings\Peter\svchost.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\mgking.exe
c:\windows\system32\mgking0.dll
c:\windows\system32\mgking1.dll
c:\windows\system32\Thumbs.db
D:\autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-09 do 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 13:33 . 2011-02-09 13:33 -------- d-----w- c:\program files\trend micro
2011-02-09 13:33 . 2011-02-09 13:33 -------- d-----w- C:\rsit
2011-02-08 21:15 . 2010-11-25 23:59 182784 --sh--r- C:\yveqsh93.exe
2011-02-08 17:36 . 2011-02-08 17:36 -------- d-----w- c:\documents and settings\Administrator
2011-02-02 12:44 . 2011-02-02 12:44 1409 ----a-w- c:\windows\QTFont.for
2011-02-01 22:58 . 2008-04-14 12:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2011-02-01 22:55 . 2008-04-14 12:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2011-02-01 22:55 . 2008-04-14 12:00 343552 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2011-02-01 22:54 . 2008-04-14 03:22 152064 ----a-w- c:\windows\system32\irftp.exe
2011-02-01 22:54 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-02-01 22:54 . 2008-04-14 03:21 27648 ----a-w- c:\windows\system32\irmon.dll
2011-02-01 22:54 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-02-01 21:38 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-02-01 21:38 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-01 21:38 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-01 21:38 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-01 21:38 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-01 21:37 . 2008-04-14 12:00 16825 ----a-r- c:\windows\SET182.tmp
2011-02-01 21:37 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET176.tmp
2011-02-01 21:37 . 2008-04-14 12:00 1246067 ----a-r- c:\windows\SET173.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 23:19 . 2006-06-02 20:40 60416 ----a-w- c:\windows\ALCFDRTM.VER
2007-12-01 21:23 . 2007-03-09 22:52 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-12-01 21:23 . 2007-03-09 22:52 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-12-01 21:23 . 2007-06-30 01:03 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-12-01 21:23 . 2007-06-30 01:03 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-12-01 21:23 . 2007-03-09 22:52 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-01-19 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-03 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-11 185896]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-05 2778112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"14830:TCP"= 14830:TCP:BitComet 14830 TCP
"14830:UDP"= 14830:UDP:BitComet 14830 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.3.2007 18:28 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.11.2010 23:50 222456]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - INT15.SYS
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Milsot\Data aplikací\Mozilla\Firefox\Profiles\sqiq55n4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-king_mg - c:\windows\system32\mgking.exe
HKLM-Run-Service Host Manager - c:\documents and settings\Milsot\svchost.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 20:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcgcoms.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Celkový čas: 2011-02-09 20:41:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-09 19:41

Před spuštěním: 8 044 478 464
Po spuštění: 9 277 079 552

- - End Of File - - 773350D1AAE08BEC160426C092230F19

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
C:\yveqsh93.exe
c:\windows\SET182.tmp
c:\windows\SET176.tmp
c:\windows\SET173.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Během procesu byly i nějaké problémy, chtělo to připojení na net, ale PC nějak nemůžu připojit k internetu.. Posílám Log

ComboFix 11-02-09.02 - Milsot 17.02.2011 18:11:42.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.223 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milsot\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milsot\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.7.1098 [VPS 080204-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -

file zipped: c:\windows\SET173.tmp
file zipped: c:\windows\SET176.tmp
file zipped: c:\windows\SET182.tmp
file zipped: C:\yveqsh93.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET173.tmp
c:\windows\SET176.tmp
c:\windows\SET182.tmp
c:\windows\system32\Thumbs.db
C:\yveqsh93.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-17 do 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-14 21:43 . 2011-02-14 21:43 -------- d-----w- c:\documents and settings\Milsot\Local Settings\Data aplikací\Opera
2011-02-14 21:43 . 2011-02-14 21:43 -------- d-----w- c:\program files\Opera
2011-02-09 13:33 . 2011-02-09 13:33 -------- d-----w- c:\program files\trend micro
2011-02-09 13:33 . 2011-02-09 13:33 -------- d-----w- C:\rsit
2011-02-08 17:36 . 2011-02-08 17:36 -------- d-----w- c:\documents and settings\Administrator
2011-02-02 12:44 . 2011-02-02 12:44 1409 ----a-w- c:\windows\QTFont.for
2011-02-01 22:58 . 2008-04-14 12:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2011-02-01 22:55 . 2008-04-14 12:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2011-02-01 22:55 . 2008-04-14 12:00 343552 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2011-02-01 22:54 . 2008-04-14 03:22 152064 ----a-w- c:\windows\system32\irftp.exe
2011-02-01 22:54 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-02-01 22:54 . 2008-04-14 03:21 27648 ----a-w- c:\windows\system32\irmon.dll
2011-02-01 22:54 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-02-01 21:38 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-02-01 21:38 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-01 21:38 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-01 21:38 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-01 21:38 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 23:19 . 2006-06-02 20:40 60416 ----a-w- c:\windows\ALCFDRTM.VER
2007-12-01 21:23 . 2007-03-09 22:52 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-12-01 21:23 . 2007-03-09 22:52 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-12-01 21:23 . 2007-06-30 01:03 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-12-01 21:23 . 2007-06-30 01:03 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-12-01 21:23 . 2007-03-09 22:52 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-09_19.38.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-17 17:04 . 2011-02-17 17:04 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2005-01-26 19:20 . 2011-02-14 22:12 55256 c:\windows\system32\perfc009.dat
- 2005-01-26 19:20 . 2011-02-01 23:12 55256 c:\windows\system32\perfc009.dat
- 2005-01-26 19:20 . 2011-02-01 23:12 64912 c:\windows\system32\perfc005.dat
+ 2005-01-26 19:20 . 2011-02-14 22:12 64912 c:\windows\system32\perfc005.dat
+ 2005-01-26 19:20 . 2011-02-14 22:12 386166 c:\windows\system32\perfh009.dat
- 2005-01-26 19:20 . 2011-02-01 23:12 386166 c:\windows\system32\perfh009.dat
- 2005-01-26 19:20 . 2011-02-01 23:12 385516 c:\windows\system32\perfh005.dat
+ 2005-01-26 19:20 . 2011-02-14 22:12 385516 c:\windows\system32\perfh005.dat
+ 2011-02-14 21:43 . 2011-02-14 21:43 1820160 c:\windows\Installer\4b2070.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-01-19 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-03 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-11 185896]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-05 2778112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"14830:TCP"= 14830:TCP:BitComet 14830 TCP
"14830:UDP"= 14830:UDP:BitComet 14830 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.3.2007 18:28 138624]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.11.2010 23:50 222456]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - INT15.SYS
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Milsot\Data aplikací\Mozilla\Firefox\Profiles\sqiq55n4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 18:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2011-02-17 18:13:52
ComboFix-quarantined-files.txt 2011-02-17 17:13
ComboFix2.txt 2011-02-09 19:41

Před spuštěním: 9 083 191 296
Po spuštění: 9 071 820 800

- - End Of File - - BC9C5B89C819C5D374DFF879F8512803

Pokud net nefunguje, zkuste použít WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 . Utilita reinstaluje TCP/IP protokol. Máte-li parametry sítě nastaveny ručně, budete je muset po restartu PC znovu zadat.

Nějak se mi podařilo spustit net, ale vždy musím dát PC do usporného režimu a když ho proberu, tak pak jde..
Ale je tu ještě jeden problém a to z Aktivaci systému Win, nelze vůbec zpustit, když na něj klyknu, tak se nic neděje, měl jsem předtím právě problém i s modrou smrtí, tak že jsem reinstaloval, ale neměl jsem origo InstalCD, ted to po mne chce Aktivaci systemu Win. Při instalaci jsem zadal Key ze štítku.

Pokud nemáte legální OS, není co řešit.

No já jsem si OS podstivě zaplatil při koupi PC, ale nedodaly mi instalCD, mám i štítek na PC, ale byla nutná reistalace, tak jsem použil CD půjčené od zámého a zadal Key ze štítku na PC.

OK, to je zcela legální. Zkusil jste ten WinsockFix?

Windows je už ok, problém byl v připojením na NET, to se todařilo aktivoval.
WinsockFix jsem zkoušel, ale nějak to nepomohlo, stále při prvním zpuštěním windows se nepřipojí na Net, až když dám win do usporného réžimu a následně ho zpustím, v tu chvíly se na Net připojí, další problém je v Avastu, nelze aktualizovat virovou databázi.
Mockrád děkuji že se mi věnujete. S pozdravem Milan

Pokud máte v datové cestě nějaká router, nebo jiný síťový prvek s firewallem, zkuste ho deaktivovat.

VIRY.CZ

Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.inf

Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.inf

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i

Re: Nikdo mi nepomůže???Prosím o kontrolu LOGU vir autorun.i