O5 zavirovaný PC Vyřešeno

[indy3]

Snad jsem to udělal dobře , ale jaklime mi najel LOG z comba an konci tak vše zmizelo
Správce úloh jde tak jsem dal nová uloha explorer.exe a zase to běží ale teda hmm

Tady LOG z combofixu

ComboFix 09-07-25.04 - Pavel 26.07.2009 11:44.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.768.448 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090725-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}

FILE ::
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d9caps.dat


.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-26 do 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-24 19:08 . 2009-07-24 19:08 -------- d-----w- c:\program files\CCleaner
2009-07-24 17:29 . 2009-07-24 17:29 -------- d-----w- c:\program files\Lavalys
2009-07-24 15:50 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 15:50 . 2009-07-24 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 15:50 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 07:44 . 2009-07-24 07:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-19 18:38 . 2009-07-19 18:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-13 19:17 . 2009-07-13 19:17 -------- d-sh--w- c:\documents and settings\Pavel\PrivacIE
2009-07-04 04:50 . 2009-07-04 04:50 -------- d-sh--w- c:\documents and settings\Pavel\IETldCache
2009-07-03 20:30 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-03 20:30 . 2009-07-03 20:30 -------- d-----w- c:\windows\ie8updates
2009-07-03 20:28 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 20:28 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 20:26 . 2009-07-03 20:28 -------- dc-h--w- c:\windows\ie8
2009-07-02 11:34 . 1999-04-14 12:50 536064 ----a-w- c:\windows\system32\advert.dll
2009-07-01 12:22 . 2009-07-03 19:50 -------- d-----w- c:\program files\NukeNabber
2009-07-01 04:55 . 2009-07-01 04:57 -------- d-----w- c:\program files\ICQ FORCE
2009-06-29 18:09 . 2009-07-13 19:12 -------- d-----w- c:\program files\TeamViewer
2009-06-29 17:49 . 2009-06-29 17:49 -------- d-----w- c:\documents and settings\Pavel\temp
2009-06-28 19:58 . 2009-06-28 19:58 -------- d-----w- c:\program files\Ask.com
2009-06-28 19:51 . 2009-07-18 15:58 -------- d-----w- C:\QIP
2009-06-28 19:49 . 2009-06-28 19:52 -------- d-----w- c:\program files\Trillian

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 18:49 . 2005-11-10 18:44 -------- d-----w- c:\program files\Google
2009-07-19 18:55 . 2008-11-08 13:44 495 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-15 14:34 . 2005-12-30 13:51 -------- d-----w- c:\program files\HP
2009-07-15 14:32 . 2005-12-30 13:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-14 18:44 . 2006-10-20 13:01 -------- d-----w- c:\program files\letadla
2009-07-13 19:14 . 2009-06-02 17:03 -------- d-----w- c:\program files\Soulseek-Test
2009-06-21 13:11 . 2009-06-21 13:10 -------- d-----w- c:\program files\GIMP-2.0
2009-06-18 04:54 . 2009-06-18 04:54 -------- d-----w- c:\program files\IpSharkk
2009-06-16 14:40 . 2005-04-28 18:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2005-04-28 18:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 16:54 . 2008-10-12 17:49 -------- d-----w- c:\program files\PhotoFiltre
2009-06-03 19:11 . 2005-04-28 18:04 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-29 15:24 . 2009-05-29 15:01 -------- d-----w- c:\program files\3C Poker Plus
2009-05-13 05:05 . 2005-04-28 18:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2005-04-28 18:04 346624 ----a-w- c:\windows\system32\localspl.dll
2008-01-01 20:18 . 2007-09-20 13:44 9216 --sha-w- c:\program files\Thumbs.db
2007-12-01 17:51 . 2007-12-01 17:51 3 ----a-w- c:\program files\gp.info
2007-09-20 20:06 . 2007-09-20 20:06 2415104 ----a-w- c:\program files\trakAxPC.exe
2007-09-20 20:00 . 2007-09-20 20:00 1478144 ----a-w- c:\program files\TRes.dll
2007-09-20 20:00 . 2007-09-20 20:00 3893760 ----a-w- c:\program files\TIpp.dll
2006-12-02 13:27 . 2006-12-02 13:27 3102819 ----a-w- c:\program files\openofficeorg4.cab
2006-12-02 13:27 . 2006-12-02 13:27 57023217 ----a-w- c:\program files\openofficeorg3.cab
2006-12-02 13:24 . 2006-12-02 13:24 15486313 ----a-w- c:\program files\openofficeorg2.cab
2006-12-02 13:23 . 2006-12-02 13:23 18309618 ----a-w- c:\program files\openofficeorg1.cab
2006-12-02 13:15 . 2006-12-02 13:15 5294592 ----a-w- c:\program files\openofficeorg21.msi
2006-12-02 13:15 . 2006-12-02 13:15 217 ----a-w- c:\program files\setup.ini
2006-12-02 13:15 . 2006-12-02 13:15 1821008 ----a-w- c:\program files\instmsiw.exe
2006-12-02 13:15 . 2006-12-02 13:15 1707856 ----a-w- c:\program files\instmsia.exe
2001-10-29 11:15 . 2007-12-01 17:50 1240 -c--a-w- c:\program files\banner.html
1999-06-25 09:55 . 2007-12-01 17:50 149504 ------w- c:\program files\UNWISE.EXE
2009-07-15 21:16 . 2009-01-27 14:43 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Pavel\temp ----

2009-06-29 17:54 . 2009-06-29 17:54 512 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\TeamViewer4_Exit.hta
2009-03-23 10:22 . 2009-03-23 10:22 1854376 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\TeamViewer_.exe
2009-03-23 10:22 . 2009-03-23 10:22 4054312 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\TeamViewer.exe
2009-03-23 10:01 . 2009-03-23 10:01 65536 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\TV.dll
2009-03-23 09:35 . 2009-03-23 09:35 185640 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\TeamViewer_Service.exe
2008-01-25 09:12 . 2008-01-25 09:12 80896 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\install64.exe
2008-01-25 09:12 . 2008-01-25 09:12 5375 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\w2k\TeamViewerVPN.inf
2008-01-25 09:12 . 2008-01-25 09:12 29096 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\w2k\teamviewervpn.sys
2008-01-25 09:12 . 2008-01-25 09:12 10645 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x64\teamviewervpn.cat
2008-01-25 09:12 . 2008-01-25 09:12 5391 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x64\TeamViewerVPN.inf
2008-01-25 09:12 . 2008-01-25 09:12 35112 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x64\teamviewervpn.sys
2008-01-25 09:12 . 2008-01-25 09:12 10719 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x86\teamviewervpn.cat
2008-01-25 09:12 . 2008-01-25 09:12 5375 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x86\TeamViewerVPN.inf
2008-01-25 09:12 . 2008-01-25 09:12 25088 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\x86\teamviewervpn.sys
2008-01-24 08:39 . 2008-01-24 08:39 2257 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\License.txt
2007-11-12 10:30 . 2007-11-12 10:30 55808 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\install.exe
2007-08-21 14:56 . 2007-08-21 14:56 55080 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\SAS.exe
2002-10-30 18:21 . 2002-10-30 18:21 246424 ----a-w- c:\documents and settings\Pavel\temp\TeamViewer\Version4\UNICOWS.DLL


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2008-10-21 10:13 741768 ----a-w- c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2008-10-21 741768]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Maruçka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
dBpowerAMP.lnk - c:\program files\Illustrate\dBpowerAMP\Amp.exe [2006-12-9 163902]

c:\documents and settings\An3§k@\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-1 393216]

c:\documents and settings\Kl rka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-1 393216]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nitro\\nitro.exe"=
"c:\\Program Files\\Njam\\njam.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\TrackMania Nations\\TmNationsESWC.exe"=
"c:\\Documents and Settings\\jirka\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Pavel\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\NukeNabber\\nukenabber.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1:TCP"= 1:TCP:*:Disabled:vietcong
"16552:TCP"= 16552:TCP:*:Disabled:BitComet 16552 TCP
"16552:UDP"= 16552:UDP:*:Disabled:BitComet 16552 UDP
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [18.6.2009 6:54 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.9.2008 11:59 111184]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.9.2008 11:59 20560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24.7.2009 17:50 38160]
S4 SpywareCleanerService;SpywareCleanerService;c:\program files\Spyware Cleaner\SCService.exe --> c:\program files\Spyware Cleaner\SCService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\Supertoolbar\UpdateTask.exe [2008-10-21 10:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsear ... Mvi0Pv3tBw
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
IE: {{946B3E9E-E21A-49c8-9F63-900533FAFE15} - {454b4812-e572-4703-a1bb-63490809eac0} -
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\zlzb5p0b.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\zlzb5p0b.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 11:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2347245532-1585570102-1919907186-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,5c,5e,d2,21,6c,dc,83,ca,63,fc,aa,41,2a,0b,d2,ce,2c,f8,8e,35,dd,c6,
1c,cf,ae,74,48,47,71,ba,12,08,2d,0d,e4,a2,b1,7d,4e,be,cc,b0,24,50,e2,0e,d9,\
"??"=hex:ae,1f,22,82,da,5c,64,17,4f,a2,e7,ce,a1,80,0d,59
.
Celkový čas: 2009-07-26 12:00
ComboFix-quarantined-files.txt 2009-07-26 10:00
ComboFix2.txt 2009-07-26 07:51

Před spuštěním: Volných bajtů: 29 081 415 680
Po spuštění: Volných bajtů: 29 054 341 120

273 --- E O F --- 2009-07-17 20:49



Log z HJT


Logfile of HijackThis v1.99.1
Scan saved at 12:07:17, on 26.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsear ... Mvi0Pv3tBw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[Reklama]

[indy3]

c:\program files\TIpp.dll

VÝSLEDEK:

http://www.virustotal.com/cs/analisis/ac918bdcc390d3f59d5f9f6fcd9930f9b07f49407fd3c209044e98d5c7c86b4b-1248603800

c:\program files\TRes.dll

VÝSLEDEK:

http://www.virustotal.com/cs/analisis/08ed4953439902c8b5dabeec713bde566adc5c53fffd671024d1cc39853cc401-1248604759

c:\program files\TRes.dll

VÝSLEDEK:

http://www.virustotal.com/cs/analisis/5950ec8dc10ff95100e404e18f14bc3d5d04e5c143200cf8e29b92f80346fae6-1248604964

[jaro3]

Prosím Tě odstraň logy z code , takhle se to nedá luštit..

[indy3]

sorry

už to máš .D

[jaro3]

Budeš muset odinstalovat NukeNabber, jak vidět spouštěcí soubor je nakažen..

Ještě script v CF:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\\Program Files\\NukeNabber\\nukenabber.exe

Folder::
c:\program files\NukeNabber

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NukeNabber\\nukenabber.exe"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT ---novější verzi (v2.0.2):
http://www.trendsecure.com/portal/en-US ... s/download

[indy3]

Log z COMBOFIXU

ComboFix 09-07-25.06 - Pavel 26.07.2009 19:07.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.768.478 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090725-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}

FILE ::
"c:\\Program Files\\NukeNabber\\nukenabber.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NukeNabber
c:\program files\NukeNabber\nn.GID
c:\program files\NukeNabber\nn.log
c:\program files\NukeNabber\Setup\SETUP.EXE
c:\program files\NukeNabber\Setup\SETUPLNG.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-26 do 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 17:02 . 2009-07-26 17:02 -------- d-----w- c:\program files\Trend Micro
2009-07-26 17:01 . 2009-07-26 17:01 283 ----a-w- C:\DELSETUP.BAT
2009-07-24 19:08 . 2009-07-24 19:08 -------- d-----w- c:\program files\CCleaner
2009-07-24 17:29 . 2009-07-24 17:29 -------- d-----w- c:\program files\Lavalys
2009-07-24 15:50 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 15:50 . 2009-07-24 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 15:50 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 07:44 . 2009-07-24 07:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-19 18:38 . 2009-07-19 18:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-13 19:17 . 2009-07-13 19:17 -------- d-sh--w- c:\documents and settings\Pavel\PrivacIE
2009-07-04 04:50 . 2009-07-04 04:50 -------- d-sh--w- c:\documents and settings\Pavel\IETldCache
2009-07-03 20:30 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-03 20:30 . 2009-07-03 20:30 -------- d-----w- c:\windows\ie8updates
2009-07-03 20:28 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 20:28 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 20:26 . 2009-07-03 20:28 -------- dc-h--w- c:\windows\ie8
2009-07-02 11:34 . 1999-04-14 12:50 536064 ----a-w- c:\windows\system32\advert.dll
2009-07-01 04:55 . 2009-07-01 04:57 -------- d-----w- c:\program files\ICQ FORCE
2009-06-29 18:09 . 2009-07-13 19:12 -------- d-----w- c:\program files\TeamViewer
2009-06-29 17:49 . 2009-06-29 17:49 -------- d-----w- c:\documents and settings\Pavel\temp
2009-06-28 19:58 . 2009-06-28 19:58 -------- d-----w- c:\program files\Ask.com
2009-06-28 19:51 . 2009-07-18 15:58 -------- d-----w- C:\QIP
2009-06-28 19:49 . 2009-06-28 19:52 -------- d-----w- c:\program files\Trillian

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 18:49 . 2005-11-10 18:44 -------- d-----w- c:\program files\Google
2009-07-19 18:55 . 2008-11-08 13:44 495 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-15 14:34 . 2005-12-30 13:51 -------- d-----w- c:\program files\HP
2009-07-15 14:32 . 2005-12-30 13:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-14 18:44 . 2006-10-20 13:01 -------- d-----w- c:\program files\letadla
2009-07-13 19:14 . 2009-06-02 17:03 -------- d-----w- c:\program files\Soulseek-Test
2009-06-21 13:11 . 2009-06-21 13:10 -------- d-----w- c:\program files\GIMP-2.0
2009-06-18 04:54 . 2009-06-18 04:54 -------- d-----w- c:\program files\IpSharkk
2009-06-16 14:40 . 2005-04-28 18:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2005-04-28 18:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 16:54 . 2008-10-12 17:49 -------- d-----w- c:\program files\PhotoFiltre
2009-06-03 19:11 . 2005-04-28 18:04 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-29 15:24 . 2009-05-29 15:01 -------- d-----w- c:\program files\3C Poker Plus
2009-05-13 05:05 . 2005-04-28 18:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2005-04-28 18:04 346624 ----a-w- c:\windows\system32\localspl.dll
2008-01-01 20:18 . 2007-09-20 13:44 9216 --sha-w- c:\program files\Thumbs.db
2007-12-01 17:51 . 2007-12-01 17:51 3 ----a-w- c:\program files\gp.info
2007-09-20 20:06 . 2007-09-20 20:06 2415104 ----a-w- c:\program files\trakAxPC.exe
2007-09-20 20:00 . 2007-09-20 20:00 1478144 ----a-w- c:\program files\TRes.dll
2007-09-20 20:00 . 2007-09-20 20:00 3893760 ----a-w- c:\program files\TIpp.dll
2006-12-02 13:27 . 2006-12-02 13:27 3102819 ----a-w- c:\program files\openofficeorg4.cab
2006-12-02 13:27 . 2006-12-02 13:27 57023217 ----a-w- c:\program files\openofficeorg3.cab
2006-12-02 13:24 . 2006-12-02 13:24 15486313 ----a-w- c:\program files\openofficeorg2.cab
2006-12-02 13:23 . 2006-12-02 13:23 18309618 ----a-w- c:\program files\openofficeorg1.cab
2006-12-02 13:15 . 2006-12-02 13:15 5294592 ----a-w- c:\program files\openofficeorg21.msi
2006-12-02 13:15 . 2006-12-02 13:15 217 ----a-w- c:\program files\setup.ini
2006-12-02 13:15 . 2006-12-02 13:15 1821008 ----a-w- c:\program files\instmsiw.exe
2006-12-02 13:15 . 2006-12-02 13:15 1707856 ----a-w- c:\program files\instmsia.exe
2001-10-29 11:15 . 2007-12-01 17:50 1240 -c--a-w- c:\program files\banner.html
1999-06-25 09:55 . 2007-12-01 17:50 149504 ------w- c:\program files\UNWISE.EXE
2009-02-20 02:15 . 2009-01-27 14:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_07.46.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-26 16:38 . 2009-07-26 16:38 16384 c:\windows\temp\Perflib_Perfdata_63c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2008-10-21 10:13 741768 ----a-w- c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2008-10-21 741768]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Maruçka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
dBpowerAMP.lnk - c:\program files\Illustrate\dBpowerAMP\Amp.exe [2006-12-9 163902]

c:\documents and settings\An3§k@\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-1 393216]

c:\documents and settings\Kl rka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-1 393216]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pavel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nitro\\nitro.exe"=
"c:\\Program Files\\Njam\\njam.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\TrackMania Nations\\TmNationsESWC.exe"=
"c:\\Documents and Settings\\jirka\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Pavel\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1:TCP"= 1:TCP:*:Disabled:vietcong
"16552:TCP"= 16552:TCP:*:Disabled:BitComet 16552 TCP
"16552:UDP"= 16552:UDP:*:Disabled:BitComet 16552 UDP
"5900:TCP"= 5900:TCP:*:Disabled:vnc5900
"5800:TCP"= 5800:TCP:*:Disabled:vnc5800

R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [18.6.2009 6:54 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.9.2008 11:59 111184]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.9.2008 11:59 20560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24.7.2009 17:50 38160]
S4 SpywareCleanerService;SpywareCleanerService;c:\program files\Spyware Cleaner\SCService.exe --> c:\program files\Spyware Cleaner\SCService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\Supertoolbar\UpdateTask.exe [2008-10-21 10:13]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsear ... Mvi0Pv3tBw
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
IE: {{946B3E9E-E21A-49c8-9F63-900533FAFE15} - {454b4812-e572-4703-a1bb-63490809eac0} -
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\zlzb5p0b.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\zlzb5p0b.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 19:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2347245532-1585570102-1919907186-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,5c,5e,d2,21,6c,dc,83,ca,63,fc,aa,41,2a,0b,d2,ce,2c,f8,8e,35,dd,c6,
1c,cf,ae,74,48,47,71,ba,12,08,2d,0d,e4,a2,b1,7d,4e,be,cc,b0,24,50,e2,0e,d9,\
"??"=hex:ae,1f,22,82,da,5c,64,17,4f,a2,e7,ce,a1,80,0d,59
.
Celkový čas: 2009-07-26 19:24
ComboFix-quarantined-files.txt 2009-07-26 17:23
ComboFix2.txt 2009-07-26 10:00
ComboFix3.txt 2009-07-26 07:51

Před spuštěním: Volných bajtů: 28 647 202 816
Po spuštění: Volných bajtů: 28 631 326 720

217 --- E O F --- 2009-07-17 20:49



LOG z HJT 2.0.2


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:36, on 26.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\IpSharkk\IpSharkk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsear ... Mvi0Pv3tBw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7500 bytes

[jaro3]

Odinstaluj:
mywebsearch (pokud tam máš)

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsear ... Mvi0Pv3tBw
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: (no name) - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Aktualizuj javu:
Java SE Runtime Environment 6u14
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u14-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.

[indy3]

Jen jaksi nechápu nač tu JAVU

[jaro3]

Tak něco k té javě zde:
http://www.stahuj.centrum.cz/utility_a_ ... vironment/

[indy3]

oukej

VYŘEŠENO vše běží jako hodinky

a jaro : THX

THUMB UP


DANKE SCHON

[jaro3]

Bitte Schön!
tu zelenou fajfku-klikni na ní.